Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Probleme seit Best Practice Installation (https://www.trojaner-board.de/151714-probleme-seit-best-practice-installation.html)

dakir2004 29.03.2014 17:58
Probleme seit Best Practice Installation
 
Liebe Trojaner Board Team,

ich bräuchte dringend eure Hilfe. Ich habe mir am Freitag auf der Seite "Netzwelt.de" die kostenlose Software "Best Practice" gedownloadet. Diese auch installiert und seitdem spinnt mein Rechner. Es öffnen sich ständig neue (Werbe)seiten im Internet. Mein Rechner stockt und anstatt meiner Startseite "Google" kommt jetzt Bing.de! Lade ich die Seite google.de manuell, dann steht immer Werbung im Eingabefeld wie Amazon.

Kann mir jemand helfen? Habe die Software vom Rechner gelöscht, aber er spinnt nach wie vor. Danke schon mal.

schrauber 29.03.2014 19:05
hi,


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


dakir2004 29.03.2014 19:21
Hallo Schrauber, danke für deine Hilfe. Okay, habe ich erledigt. Hier beide Ergebnisse:

Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Daniel at 2014-03-29 19:12:30
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-312 313 315 Series Printer Uninstall (HKLM\...\EPSON XP-312 313 315 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.1.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyEPSON Portal (HKLM-x32\...\MyEPSON Connect) (Version:  - SEIKO EPSON Corporation)
MyEPSON Portal (x32 Version: 1.0.4.0 - SEIKO EPSON CORPORATION) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5997 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
PreReq (x32 Version: 6.2.2.60 - Eastman Kodak Company) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version:  - NCH Software)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

10-03-2014 07:27:19 Windows Update
16-03-2014 19:25:14 Windows Update
16-03-2014 20:40:24 Windows Update
17-03-2014 14:49:05 Windows Update
21-03-2014 07:08:27 Windows Update
25-03-2014 07:09:45 Windows Update
28-03-2014 18:47:55 Windows Update
29-03-2014 16:39:11 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2E0279B8-C873-42C1-B485-9519D30D248C} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2014-02-13] (Microsoft Corporation)
Task: {3E7148B6-F4CA-4E6F-9505-A1A24AB10BD5} - \SidebarExecute No Task File
Task: {46823D28-ED28-41B4-8920-FDF47B8CD204} - System32\Tasks\EPSON XP-312 313 315 Series Update {F92AE547-3EBC-4541-8880-B84F8B95060D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {482316B6-0093-42BC-AD4E-0113944428A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16] (Adobe Systems Incorporated)
Task: {674A72B5-9CFE-4386-B629-B53F0BDEAFA5} - System32\Tasks\{B1A2463E-22EB-4EBA-BD60-D75E686BAE2E} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {677B74BE-CB5D-46A0-BD0C-0F5AA16214F1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {ADAA5949-B14C-419C-AF7F-3C7A5CABF64F} - System32\Tasks\EPSON XP-312 313 315 Series Invitation {F92AE547-3EBC-4541-8880-B84F8B95060D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {F61F7420-C8B2-479D-8F1F-46A5D4896D53} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {F92AE547-3EBC-4541-8880-B84F8B95060D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {F92AE547-3EBC-4541-8880-B84F8B95060D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE

==================== Loaded Modules (whitelisted) =============

2012-06-28 09:05 - 2010-04-27 15:57 - 00247152 _____ () C:\Program Files (x86)\Join Air\AssistantServices.exe
2014-03-29 15:20 - 2014-03-29 15:20 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-02-28 23:23 - 2013-02-28 14:54 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-03-31 22:10 - 2012-11-13 13:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-03-31 22:10 - 2012-11-13 13:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-03-31 22:10 - 2012-11-13 13:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-03-31 22:10 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-03-31 22:10 - 2012-11-13 13:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2010-08-30 10:45 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-03-31 22:10 - 2012-11-13 13:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-02-18 13:44 - 2014-02-18 13:44 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-08-30 10:03 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-29 14:25 - 2014-03-29 14:25 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2014 05:42:30 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/29/2014 05:42:30 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/29/2014 05:42:30 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/29/2014 05:42:30 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (03/29/2014 05:42:29 PM) (Source: ESENT) (User: )
Description: Windows (4996) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0007D.log.


System errors:
=============
Error: (03/29/2014 05:42:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2014 05:42:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (03/29/2014 05:37:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update Jotzey" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2014 05:37:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util Jotzey" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2014 03:23:05 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (03/29/2014 03:21:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2014 03:20:20 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Search Protect by Conduit Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2014 03:20:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinkHandler" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/29/2014 03:20:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/27/2014 03:26:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (03/29/2014 05:42:30 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/29/2014 05:42:30 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/29/2014 05:42:30 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/29/2014 05:42:30 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (03/29/2014 05:42:29 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (03/29/2014 05:42:29 PM) (Source: ESENT)(User: )
Description: Windows4996Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0007D.log-1811


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3766.71 MB
Available physical RAM: 1734.94 MB
Total Pagefile: 7531.6 MB
Available Pagefile: 5325.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:372.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A833F87C)

Partition: GPT Partition Type.

==================== End Of Log ============================
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Daniel (administrator) on DANIEL-PC on 29-03-2014 19:11:01
Running from C:\Users\Daniel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mep.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Join Air\AssistantServices.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files\003\xmkysecqun64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Users\Daniel\Documents\Software\iTunes - Apple\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Users\Daniel\Documents\Software\iTunes - Apple\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-420823474-2913344114-3078669060-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-420823474-2913344114-3078669060-1001\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [111720 2010-10-28] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Users\Daniel\Documents\Software\iTunes - Apple\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Daniel\Documents\Music\Amazon Music\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MyEPSON Connect Service; C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe [703616 2012-10-01] (SEIKO EPSON CORPORATION)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-03-29] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-29] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 19:11 - 2014-03-29 19:12 - 00013020 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-03-29 19:10 - 2014-03-29 19:11 - 00000000 ____D () C:\FRST
2014-03-29 19:10 - 2014-03-29 19:10 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-03-29 17:41 - 2014-03-29 17:41 - 00006810 _____ () C:\Windows\PFRO.log
2014-03-29 17:41 - 2014-03-29 17:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-29 15:22 - 2014-03-12 16:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-03-29 15:22 - 2014-03-12 16:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-03-29 15:20 - 2014-03-29 17:41 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-03-29 15:20 - 2014-03-29 17:24 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\systweak
2014-03-29 15:20 - 2014-03-29 17:23 - 00000000 ____D () C:\Program Files (x86)\BestPractice
2014-03-29 15:20 - 2014-03-29 15:20 - 00000000 ____D () C:\Program Files\003
2014-03-29 15:20 - 2013-12-13 17:53 - 00019544 _____ (System Speedup) C:\Windows\system32\roboot64.exe
2014-03-29 14:25 - 2014-03-29 14:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 10:51 - 2014-03-29 10:51 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-28 21:56 - 2014-03-28 22:40 - 00000000 ____D () C:\Program Files (x86)\Listen N Write Free
2014-03-28 19:45 - 2014-03-28 19:50 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-03-21 11:46 - 2014-03-21 11:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-16 20:27 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 20:27 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 20:27 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 20:27 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 20:27 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 20:27 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 20:27 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 20:27 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 20:27 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 20:27 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 20:27 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 20:27 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 20:27 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 20:27 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 20:27 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 20:27 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 20:27 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 20:27 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 20:27 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 20:27 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 20:27 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 20:27 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 20:27 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 20:27 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 20:27 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 20:27 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 20:26 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 20:26 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 20:26 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 20:26 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 20:26 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 20:26 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 20:26 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 20:26 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 20:26 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 20:26 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 20:26 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 20:26 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 20:26 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 20:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 20:26 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 20:26 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 20:26 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 20:26 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 20:26 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 20:26 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 20:26 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 20:26 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-05 09:33 - 2014-03-05 09:33 - 00002148 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-05 09:32 - 2014-03-05 09:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-05 09:32 - 2014-03-05 09:33 - 00000000 ____D () C:\Program Files\iTunes
2014-03-05 09:32 - 2014-03-05 09:32 - 00000000 ____D () C:\Program Files\iPod
2014-02-27 16:09 - 2014-02-27 16:09 - 00000000 _____ () C:\Windows\SysWOW64\shoA130.tmp

==================== One Month Modified Files and Folders =======

2014-03-29 19:12 - 2014-03-29 19:11 - 00013020 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-03-29 19:11 - 2014-03-29 19:10 - 00000000 ____D () C:\FRST
2014-03-29 19:10 - 2014-03-29 19:10 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-03-29 19:09 - 2014-01-04 14:09 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {F92AE547-3EBC-4541-8880-B84F8B95060D}.job
2014-03-29 19:09 - 2014-01-04 14:09 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {F92AE547-3EBC-4541-8880-B84F8B95060D}.job
2014-03-29 19:05 - 2012-07-31 12:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 17:49 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 17:49 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 17:46 - 2012-10-21 20:59 - 02051770 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 17:41 - 2014-03-29 17:41 - 00006810 _____ () C:\Windows\PFRO.log
2014-03-29 17:41 - 2014-03-29 17:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-29 17:41 - 2014-03-29 15:20 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-03-29 17:41 - 2013-03-28 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 17:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-29 17:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-29 17:35 - 2011-03-12 20:30 - 00000000 ___RD () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-29 17:24 - 2014-03-29 15:20 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\systweak
2014-03-29 17:23 - 2014-03-29 15:20 - 00000000 ____D () C:\Program Files (x86)\BestPractice
2014-03-29 15:20 - 2014-03-29 15:20 - 00000000 ____D () C:\Program Files\003
2014-03-29 14:28 - 2013-06-12 18:31 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-03-29 14:25 - 2014-03-29 14:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 10:51 - 2014-03-29 10:51 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-28 22:40 - 2014-03-28 21:56 - 00000000 ____D () C:\Program Files (x86)\Listen N Write Free
2014-03-28 19:50 - 2014-03-28 19:45 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-03-27 20:48 - 2010-11-25 05:04 - 00703644 _____ () C:\Windows\system32\perfh007.dat
2014-03-27 20:48 - 2010-11-25 05:04 - 00150994 _____ () C:\Windows\system32\perfc007.dat
2014-03-27 20:48 - 2009-07-14 06:13 - 01630836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-26 15:10 - 2011-03-12 20:57 - 00000000 ____D () C:\Users\Daniel\Documents\Excel
2014-03-21 11:46 - 2014-03-21 11:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-17 15:52 - 2013-08-15 22:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 15:49 - 2012-04-06 10:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 09:45 - 2009-07-14 05:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 09:43 - 2013-03-13 15:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 09:43 - 2013-03-13 15:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 21:45 - 2012-03-16 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-16 21:05 - 2012-07-31 12:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-16 21:05 - 2012-07-31 12:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-16 21:05 - 2012-07-31 12:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 16:00 - 2014-03-29 15:22 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-03-12 16:00 - 2014-03-29 15:22 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-03-05 10:52 - 2011-03-12 21:23 - 01605116 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-05 09:33 - 2014-03-05 09:33 - 00002148 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-05 09:33 - 2014-03-05 09:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-05 09:33 - 2014-03-05 09:32 - 00000000 ____D () C:\Program Files\iTunes
2014-03-05 09:32 - 2014-03-05 09:32 - 00000000 ____D () C:\Program Files\iPod
2014-03-05 09:32 - 2011-03-12 21:25 - 00000000 ____D () C:\Users\Daniel\Documents\Software
2014-03-01 07:05 - 2014-03-16 20:26 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-16 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-16 20:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-16 20:27 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-16 20:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-16 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-16 20:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-16 20:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-16 20:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-16 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-16 20:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-16 20:26 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-16 20:27 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-16 20:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-16 20:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-16 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-16 20:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-16 20:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-16 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-16 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-16 20:27 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-16 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-16 20:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-16 20:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-16 20:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-16 20:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-16 20:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-16 20:26 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-16 20:26 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-16 20:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-16 20:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-16 20:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-16 20:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-16 20:27 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-16 20:27 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-16 20:27 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-16 20:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-16 20:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-16 20:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-16 20:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 16:09 - 2014-02-27 16:09 - 00000000 _____ () C:\Windows\SysWOW64\shoA130.tmp

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\BackupSetup.exe
C:\Users\Daniel\AppData\Local\Temp\nsb5DD.exe
C:\Users\Daniel\AppData\Local\Temp\nsm288E.exe
C:\Users\Daniel\AppData\Local\Temp\nsm8DB.exe
C:\Users\Daniel\AppData\Local\Temp\nsr95C5.exe
C:\Users\Daniel\AppData\Local\Temp\nsw2BD9.exe
C:\Users\Daniel\AppData\Local\Temp\SpOrder.dll
C:\Users\Daniel\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 14:21

==================== End Of Log ============================
--- --- ---

schrauber 30.03.2014 12:39
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

dakir2004 03.04.2014 08:57
Hallo, hat leider berufsbedingt etwas länger gedauert. Sorry. Hier nun die Ergebnisse:

Malwarebytes Anti-Malware

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.03.2014
Suchlauf-Zeit: 16:01:42
Logdatei: Test1.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.30.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Daniel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 278087
Verstrichene Zeit: 2 Std, 1 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 12
PUP.Optional.Jotzey.A, HKU\S-1-5-21-420823474-2913344114-3078669060-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{63A20A19-B1E6-4355-AB4C-28553AF40CA2}, Löschen bei Neustart, [b64a956b31cf7987178a3ccbea182dd3],
PUP.Optional.Jotzey.A, HKU\S-1-5-21-420823474-2913344114-3078669060-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{63A20A19-B1E6-4355-AB4C-28553AF40CA2}, Löschen bei Neustart, [b64a956b31cf7987178a3ccbea182dd3],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [e719907060a0b14f63d46bd2857dcc34],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [738d04fccb351ee2231585b87191bc44],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [18e827d9857bb74939932418a2603dc3],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [a25ed22eaf511de3eba277f0ca380ff1],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, In Quarantäne, [1ce4b24e02fe77892daf20374eb46f91],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, In Quarantäne, [ae52f40ce21ec23e37f20f83fa0941bf],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [31cf89775ea26a96b2db87e0ba4815eb],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\SupraSavings, In Quarantäne, [eb1556aae02039c7b725c5923ac855ab],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, In Quarantäne, [50b01be5b947d82844e5c0d2ed16dd23],
PUP.Optional.Iminent.A, HKU\S-1-5-21-420823474-2913344114-3078669060-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\IminentToolbar, Löschen bei Neustart, [58a8748c6997a45c8df8dd8bab5732ce],

Registrierungswerte: 2
PUP.Optional.Iminent.A, HKU\S-1-5-21-420823474-2913344114-3078669060-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Löschen bei Neustart, [18e827d9857bb74939932418a2603dc3],
PUP.Optional.Iminent.A, HKU\S-1-5-21-420823474-2913344114-3078669060-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [37c9f10fb54bb050bc103606976b36ca],

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 3
PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, In Quarantäne, [ca3657a906faa957375a410e9b67b34d],
PUP.Optional.DVDVideoSoft.A, C:\Users\Daniel\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter, In Quarantäne, [27d9ca36fd0354acf6960b4c7e844fb1],
PUP.Optional.DVDVideoSoft.A, C:\Users\Daniel\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History, In Quarantäne, [27d9ca36fd0354acf6960b4c7e844fb1],

Dateien: 40
PUP.Optional.SearchProtect.A, C:\Users\Daniel\AppData\Local\Temp\nsr95C5.exe, In Quarantäne, [649c6b9587798e72cd3b22ff25dc5fa1],
PUP.Optional.Rapiddown, C:\Users\Daniel\AppData\Local\Temp\n6692\s6692.exe, In Quarantäne, [1be57f814cb48779ba5155044bb69967],
PUP.Optional.Rapiddown, C:\Users\Daniel\AppData\Local\Temp\n6855\s6855.exe, In Quarantäne, [14ecd32d946c24dc7695cc8d9a672bd5],
PUP.Optional.Iminent.A, C:\Users\Daniel\AppData\Local\Temp\n6921\Iminent_1712-b2fcad5e.exe, In Quarantäne, [fc04fa06d7294cb4d1e8c07b3dc4847c],
PUP.Optional.PricePeep.A, C:\Users\Daniel\AppData\Local\Temp\n6921\pricepeep_EN_0303-a419cb8d.exe, In Quarantäne, [67992dd39d634bb52b7a90a510f1758b],
PUP.Optional.Rapiddown, C:\Users\Daniel\AppData\Local\Temp\n6921\s6921.exe, In Quarantäne, [e51b000002fe0af640cbc990639e40c0],
PUP.Optional.Conduit.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\searchplugins\conduit-search.xml, In Quarantäne, [12ee6c944fb126da1144f16a7092956b],
PUP.Optional.Iminent.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\searchplugins\iminent.xml, In Quarantäne, [ee12c8381ce428d8762094c7a260d729],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [df216c94728e748c69e2421ee31fba46],
PUP.Optional.DVDVideoSoft.A, C:\Users\Daniel\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\CC.K - Pinball(1).png, In Quarantäne, [27d9ca36fd0354acf6960b4c7e844fb1],
PUP.Optional.DVDVideoSoft.A, C:\Users\Daniel\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\CC.K - Pinball(2).png, In Quarantäne, [27d9ca36fd0354acf6960b4c7e844fb1],
PUP.Optional.DVDVideoSoft.A, C:\Users\Daniel\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Dolly D - Viva Dynamo(1).png, In Quarantäne, [27d9ca36fd0354acf6960b4c7e844fb1],
PUP.Optional.DVDVideoSoft.A, C:\Users\Daniel\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Dolly D - Viva Dynamo(2).png, In Quarantäne, [27d9ca36fd0354acf6960b4c7e844fb1],
PUP.Optional.DVDVideoSoft.A, C:\Users\Daniel\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\FuÃ?ball ist das Leben... - Dynamo Dresden (Dolly D.)(1).png, In Quarantäne, [27d9ca36fd0354acf6960b4c7e844fb1],
PUP.Optional.DVDVideoSoft.A, C:\Users\Daniel\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\FuÃ?ball ist das Leben... - Dynamo Dresden (Dolly D.)(2).png, In Quarantäne, [27d9ca36fd0354acf6960b4c7e844fb1],
PUP.Optional.DVDVideoSoft.A, C:\Users\Daniel\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\History.xml, In Quarantäne, [27d9ca36fd0354acf6960b4c7e844fb1],
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[857bf50b8d73a45ca8dbce6740c409f7]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[817fec14de22768ac9ba999c9a6ac63a]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[02fe46ba30d031cfd7acc174e4207789]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[a9572fd1649cf20ebbc82411e42001ff]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "en");), Ersetzt,[ed137d83837d4eb2740f58dde0242ed2]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[bf4142bec53b6d93463d41f415ef6c94]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[28d8ec148a767e82b7ccbc79c63e21df]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "e8a807ac00000000000018f46aa38616");), Ersetzt,[f50bb64a2ad6f70987fca19417ed8b75]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15857");), Ersetzt,[30d0c63a3ec244bc156e71c49e66e41c]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[1ce445bb53ad0df3681b75c0c63e7d83]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[05fb45bbb14fd7290a79122350b437c9]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[54ac9c64f60aa25ef48f270e36cec838]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[9e62c838659b07f93350122331d3e41c]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[a45c4cb4ca3622debcc741f444c00ff1]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[ca364eb267992bd59ee552e306fe2dd3]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[9c644eb2857b837d43405cd9659ff709]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[7a869a661de313edf58ebe7705ff2dd3]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.21.5");), Ersetzt,[3fc112ee12eeb050681b8ca9dc2806fa]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.21.513:40:46");), Ersetzt,[837def11f40c25db5b289f96f90b768a]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.21.5");), Ersetzt,[c739f60a946c44bc2261df56ca3a7d83]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[ca36f60ace32b44cbec5e352749057a9]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=121562&tt=gc_");), Ersetzt,[36ca35cbd729d82886fd4de811f3669a]
PUP.Optional.Delta.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[629e2cd433cd14ec711247eecb3903fd]
PUP.Optional.Iminent.A, C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\user.js, Gut: (), Schlecht: (user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");), Ersetzt,[49b7a75917e922def0819a9b44c006fa]

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner

Code:
# AdwCleaner v3.023 - Bericht erstellt am 02/04/2014 um 16:34:48
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Daniel - DANIEL-PC
# Gestartet von : C:\Users\Daniel\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\invalidprefs.js
Datei Gefunden : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\QtraxPlayer
Ordner Gefunden C:\Program Files (x86)\pc speed up
Ordner Gefunden C:\Program Files (x86)\uniblue
Ordner Gefunden C:\Program Files (x86)\Uniblue\SpeedUpMyPC
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\Allin1Convert_8h
Ordner Gefunden C:\Users\Daniel\AppData\Roaming\Systweak
Ordner Gefunden C:\Users\Daniel\AppData\Roaming\uniblue
Ordner Gefunden C:\Users\Daniel\AppData\Roaming\Uniblue\SpeedUpMyPC

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ViewPassword
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\systweak
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader27335_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader27335_RASMANCS
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : HKLM\Software\Uniblue
Schlüssel Gefunden : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gefunden : HKLM\Software\Uniblue\SpeedUpMyPC

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default\prefs.js ]

Zeile gefunden : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "en");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.delta.id", "e8a807ac00000000000018f46aa38616");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15857");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.21.513:40:46");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gefunden : user_pref("extensions.delta_i.babExt", "");
Zeile gefunden : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=gc_");
Zeile gefunden : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gefunden : user_pref("extensions.iminent.admin", false);
Zeile gefunden : user_pref("extensions.iminent.aflt", "orgnl");
Zeile gefunden : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Zeile gefunden : user_pref("extensions.iminent.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.iminent.cntry", "DE");
Zeile gefunden : user_pref("extensions.iminent.dfltLng", "");
Zeile gefunden : user_pref("extensions.iminent.excTlbr", false);
Zeile gefunden : user_pref("extensions.iminent.ffxUnstlRst", false);
Zeile gefunden : user_pref("extensions.iminent.hdrMd5", "6A43F6FB42CF0AF3946403376F851EDA");
Zeile gefunden : user_pref("extensions.iminent.id", "e8a807ac00000000000018f46aa38616");
Zeile gefunden : user_pref("extensions.iminent.instlDay", "16158");
Zeile gefunden : user_pref("extensions.iminent.instlRef", "");
Zeile gefunden : user_pref("extensions.iminent.lastVrsnTs", "1.8.28.315:20:24");
Zeile gefunden : user_pref("extensions.iminent.newTab", false);
Zeile gefunden : user_pref("extensions.iminent.prdct", "iminent");
Zeile gefunden : user_pref("extensions.iminent.prtnrId", "iminent");
Zeile gefunden : user_pref("extensions.iminent.rvrt", "false");
Zeile gefunden : user_pref("extensions.iminent.sg", "none");
Zeile gefunden : user_pref("extensions.iminent.smplGrp", "none");
Zeile gefunden : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Zeile gefunden : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Zeile gefunden : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Zeile gefunden : user_pref("extensions.iminent.vrsnTs", "1.8.28.315:20:24");
Zeile gefunden : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.BUTTON_STRUCTURE", "[{\"b\":221360012,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221360013,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.firstKnownVersion", "6.33.3.42841");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=085CF34E-2B28-4948-AA07-DA4DED21145E&n=780bb3a8&p2=^AYY^xdm070^YYA^de&si=flvrunner");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.initialized", true);
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.installKeysSource", "LocalStorage");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.installType", "XPI");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.contextKey", "");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.installDate", "2014032808");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerId", "^AYY^xdm070^YYA^de");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerSubId", "flvrunner");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.pixelUrl", "hxxp://allin1convert.dl.tb.ask.com/install_pixels.jhtml?partner=^AYY^xdm070^YYA^de&coId=3b459a63ff6641d1a0d22775a2f4d124&ca[...]
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.success", true);
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.toolbarId", "085CF34E-2B28-4948-AA07-DA4DED21145E");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.isCompliantUninstallImplementation", true);
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.lastActivePing", "1396035327198");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.lastKnownVersion", "6.33.3.42841");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.options.defaultSearch", false);
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.options.homePageEnabled", false);
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.options.keywordEnabled", false);
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.options.tabEnabled", false);
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.partnerPixelFired", true);
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.successUrl", "hxxp://flvrunner.com/thankyou.php");
Zeile gefunden : user_pref("extensions.toolbar.mindspark._8hMembers_.toolbarCollapsed", false);
Zeile gefunden : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
Zeile gefunden : user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.275,\"expireTime\":\"139610283435286400\[...]
Zeile gefunden : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Zeile gefunden : user_pref("iminent.registerToolbarEvent102", "1396106648921");
Zeile gefunden : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");

*************************

AdwCleaner[R0].txt - [11309 octets] - [30/03/2014 14:11:44]
AdwCleaner[R1].txt - [10252 octets] - [30/03/2014 19:49:44]
AdwCleaner[R2].txt - [10287 octets] - [30/03/2014 20:08:18]
AdwCleaner[R3].txt - [10259 octets] - [02/04/2014 16:34:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [10320 octets] ##########

Junkware Removal Tool

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Daniel on 02.04.2014 at 18:10:55,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-420823474-2913344114-3078669060-1001\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\Users\Daniel\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] C:\Windows\syswow64\sho137B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9A8F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA130.tmp



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\4v5g8c1n.default\minidumps [451 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.04.2014 at 18:17:05,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hab ich doch glatt das frische FRST vergessen.

FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Daniel (administrator) on DANIEL-PC on 03-04-2014 09:54:47
Running from C:\Users\Daniel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mep.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Join Air\AssistantServices.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files\003\xmkysecqun64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Users\Daniel\Documents\Software\iTunes - Apple\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Users\Daniel\Documents\Software\iTunes - Apple\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-420823474-2913344114-3078669060-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-420823474-2913344114-3078669060-1001\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [111720 2010-10-28] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Users\Daniel\Documents\Software\iTunes - Apple\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Daniel\Documents\Music\Amazon Music\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MyEPSON Connect Service; C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe [703616 2012-10-01] (SEIKO EPSON CORPORATION)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-03-29] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-29] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 09:54 - 2014-04-03 09:54 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-04-03 09:54 - 2014-04-03 09:54 - 00012435 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-04-03 09:50 - 2014-04-03 09:50 - 00000056 _____ () C:\Windows\setupact.log
2014-04-03 09:50 - 2014-04-03 09:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-02 18:10 - 2014-04-02 18:10 - 00000000 ____D () C:\Windows\ERUNT
2014-03-30 14:11 - 2014-04-02 18:04 - 00000000 ____D () C:\AdwCleaner
2014-03-30 13:57 - 2014-03-30 19:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 13:57 - 2014-03-30 13:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 13:57 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 13:57 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 13:57 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 13:56 - 2014-04-02 20:43 - 00095158 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 13:41 - 2014-03-30 13:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-29 20:10 - 2014-04-03 09:54 - 00000000 ____D () C:\FRST
2014-03-29 16:22 - 2014-03-12 17:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-03-29 16:22 - 2014-03-12 17:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-03-29 16:20 - 2014-03-29 18:23 - 00000000 ____D () C:\Program Files (x86)\BestPractice
2014-03-29 16:20 - 2014-03-29 16:20 - 00000000 ____D () C:\Program Files\003
2014-03-29 15:25 - 2014-03-29 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 11:51 - 2014-03-29 11:51 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-28 22:56 - 2014-03-28 23:40 - 00000000 ____D () C:\Program Files (x86)\Listen N Write Free
2014-03-21 12:46 - 2014-03-21 12:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-16 21:27 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 21:27 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 21:27 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 21:27 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 21:27 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 21:27 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 21:27 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 21:27 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 21:27 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 21:27 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 21:27 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 21:27 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 21:27 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 21:27 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 21:27 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 21:27 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 21:27 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 21:27 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 21:27 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 21:27 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 21:27 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 21:27 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 21:27 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 21:27 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 21:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 21:27 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 21:26 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 21:26 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 21:26 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 21:26 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 21:26 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 21:26 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 21:26 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 21:26 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 21:26 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 21:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 21:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 21:26 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 21:26 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 21:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 21:26 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 21:26 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 21:26 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 21:26 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 21:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 21:26 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 21:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 21:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-05 10:33 - 2014-03-05 10:33 - 00002148 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-05 10:32 - 2014-03-05 10:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-05 10:32 - 2014-03-05 10:33 - 00000000 ____D () C:\Program Files\iTunes
2014-03-05 10:32 - 2014-03-05 10:32 - 00000000 ____D () C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-04-03 09:54 - 2014-04-03 09:54 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-04-03 09:54 - 2014-04-03 09:54 - 00012435 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-04-03 09:54 - 2014-03-30 13:56 - 00095158 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 09:54 - 2014-03-29 20:10 - 00000000 ____D () C:\FRST
2014-04-03 09:50 - 2014-04-03 09:50 - 00000056 _____ () C:\Windows\setupact.log
2014-04-03 09:50 - 2014-04-03 09:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-03 09:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-02 20:09 - 2014-01-04 15:09 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {F92AE547-3EBC-4541-8880-B84F8B95060D}.job
2014-04-02 20:09 - 2014-01-04 15:09 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {F92AE547-3EBC-4541-8880-B84F8B95060D}.job
2014-04-02 20:05 - 2012-07-31 13:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 18:21 - 2011-03-12 22:25 - 00000000 ____D () C:\Users\Daniel\Documents\Software
2014-04-02 18:12 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-02 18:12 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-02 18:11 - 2010-11-25 06:04 - 00703644 _____ () C:\Windows\system32\perfh007.dat
2014-04-02 18:11 - 2010-11-25 06:04 - 00150994 _____ () C:\Windows\system32\perfc007.dat
2014-04-02 18:11 - 2009-07-14 07:13 - 01630836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 18:10 - 2014-04-02 18:10 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 18:04 - 2014-03-30 14:11 - 00000000 ____D () C:\AdwCleaner
2014-04-02 17:10 - 2011-03-12 21:57 - 00000000 ____D () C:\Users\Daniel\Documents\Excel
2014-04-02 08:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-30 19:41 - 2014-03-30 13:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 16:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-03-30 16:02 - 2012-10-04 17:55 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
2014-03-30 13:57 - 2014-03-30 13:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 13:57 - 2012-07-31 12:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 13:41 - 2014-03-30 13:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-29 18:41 - 2013-03-28 17:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 18:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-29 18:35 - 2011-03-12 21:30 - 00000000 ___RD () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-29 18:23 - 2014-03-29 16:20 - 00000000 ____D () C:\Program Files (x86)\BestPractice
2014-03-29 16:20 - 2014-03-29 16:20 - 00000000 ____D () C:\Program Files\003
2014-03-29 15:25 - 2014-03-29 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 11:51 - 2014-03-29 11:51 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-28 23:40 - 2014-03-28 22:56 - 00000000 ____D () C:\Program Files (x86)\Listen N Write Free
2014-03-21 12:46 - 2014-03-21 12:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-17 16:52 - 2013-08-15 23:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 16:49 - 2012-04-06 11:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 10:45 - 2009-07-14 06:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 10:43 - 2013-03-13 16:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 10:43 - 2013-03-13 16:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 22:45 - 2012-03-16 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-16 22:05 - 2012-07-31 13:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-16 22:05 - 2012-07-31 13:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-16 22:05 - 2012-07-31 13:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 17:00 - 2014-03-29 16:22 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-03-12 17:00 - 2014-03-29 16:22 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-03-05 11:52 - 2011-03-12 22:23 - 01605116 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-05 10:33 - 2014-03-05 10:33 - 00002148 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-05 10:33 - 2014-03-05 10:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-05 10:33 - 2014-03-05 10:32 - 00000000 ____D () C:\Program Files\iTunes
2014-03-05 10:32 - 2014-03-05 10:32 - 00000000 ____D () C:\Program Files\iPod
2014-03-05 09:26 - 2014-03-30 13:57 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 13:57 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-30 13:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 14:56

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 04.04.2014 09:16
AdwCleaner unbedingt auch löschen lassen!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

dakir2004 08.04.2014 16:55
Hallo Schrauber, hier wie gewünscht die 3 neuen Logfiles:

ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ba26760239472e4dbc36b97833b0c7a9
# engine=17796
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-08 03:44:53
# local_time=2014-04-08 05:44:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 10425 167643198 3193 0
# compatibility_mode=5893 16776573 100 94 33279 148601743 0 0
# scanned=161771
# found=0
# cleaned=0
# scan_time=8782
SecurityCheck

Code:
Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x64 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Secunia PSI (3.0.0.6005) 
 Adobe Flash Player 12.0.0.77 
 Adobe Reader XI 
 Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Daniel (administrator) on DANIEL-PC on 08-04-2014 17:50:29
Running from C:\Users\Daniel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mep.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Join Air\AssistantServices.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files\003\xmkysecqun64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Users\Daniel\Documents\Software\iTunes - Apple\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Users\Daniel\Documents\Software\iTunes - Apple\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-420823474-2913344114-3078669060-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-420823474-2913344114-3078669060-1001\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [111720 2010-10-28] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Users\Daniel\Documents\Software\iTunes - Apple\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Daniel\Documents\Music\Amazon Music\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MyEPSON Connect Service; C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe [703616 2012-10-01] (SEIKO EPSON CORPORATION)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-03-29] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-29] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 17:50 - 2014-04-08 17:50 - 00012410 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-04-08 16:03 - 2014-04-08 16:03 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-04-02 18:10 - 2014-04-02 18:10 - 00000000 ____D () C:\Windows\ERUNT
2014-03-30 14:11 - 2014-04-02 18:04 - 00000000 ____D () C:\AdwCleaner
2014-03-30 13:57 - 2014-03-30 19:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 13:57 - 2014-03-30 13:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 13:57 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 13:57 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 13:57 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 13:56 - 2014-04-08 14:51 - 00160097 ____N () C:\Windows\WindowsUpdate.log
2014-03-29 20:10 - 2014-04-08 17:50 - 00000000 ____D () C:\FRST
2014-03-29 16:22 - 2014-03-12 17:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-03-29 16:22 - 2014-03-12 17:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-03-29 16:20 - 2014-03-29 16:20 - 00000000 ____D () C:\Program Files\003
2014-03-29 15:25 - 2014-03-29 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 11:51 - 2014-03-29 11:51 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-21 12:46 - 2014-03-21 12:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-16 21:27 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 21:27 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 21:27 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 21:27 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 21:27 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 21:27 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 21:27 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 21:27 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 21:27 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 21:27 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 21:27 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 21:27 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 21:27 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 21:27 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 21:27 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 21:27 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 21:27 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 21:27 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 21:27 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 21:27 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 21:27 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 21:27 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 21:27 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 21:27 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 21:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 21:27 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 21:26 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 21:26 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 21:26 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 21:26 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 21:26 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 21:26 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 21:26 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 21:26 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 21:26 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 21:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 21:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 21:26 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 21:26 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 21:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 21:26 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 21:26 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 21:26 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 21:26 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 21:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 21:26 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 21:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 21:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-08 17:51 - 2014-04-08 17:50 - 00012410 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-04-08 17:50 - 2014-03-29 20:10 - 00000000 ____D () C:\FRST
2014-04-08 17:09 - 2014-01-04 15:09 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {F92AE547-3EBC-4541-8880-B84F8B95060D}.job
2014-04-08 17:09 - 2014-01-04 15:09 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {F92AE547-3EBC-4541-8880-B84F8B95060D}.job
2014-04-08 17:05 - 2012-07-31 13:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 16:03 - 2014-04-08 16:03 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-04-08 14:51 - 2014-03-30 13:56 - 00160097 ____N () C:\Windows\WindowsUpdate.log
2014-04-08 08:31 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 08:31 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 08:29 - 2010-11-25 06:04 - 00703644 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 08:29 - 2010-11-25 06:04 - 00150994 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 08:29 - 2009-07-14 07:13 - 01630836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 08:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 18:14 - 2011-03-12 22:25 - 00000000 ____D () C:\Users\Daniel\Documents\Software
2014-04-03 17:05 - 2011-03-12 21:57 - 00000000 ____D () C:\Users\Daniel\Documents\Excel
2014-04-02 18:10 - 2014-04-02 18:10 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 18:04 - 2014-03-30 14:11 - 00000000 ____D () C:\AdwCleaner
2014-04-02 08:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-31 09:35 - 2011-03-13 15:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 19:41 - 2014-03-30 13:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 16:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-03-30 16:02 - 2012-10-04 17:55 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
2014-03-30 13:57 - 2014-03-30 13:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 13:57 - 2012-07-31 12:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 18:41 - 2013-03-28 17:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 18:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-29 18:35 - 2011-03-12 21:30 - 00000000 ___RD () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-29 16:20 - 2014-03-29 16:20 - 00000000 ____D () C:\Program Files\003
2014-03-29 15:25 - 2014-03-29 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 11:51 - 2014-03-29 11:51 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-21 12:46 - 2014-03-21 12:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-17 16:52 - 2013-08-15 23:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 16:49 - 2012-04-06 11:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 10:45 - 2009-07-14 06:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 10:43 - 2013-03-13 16:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 10:43 - 2013-03-13 16:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 22:45 - 2012-03-16 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-16 22:05 - 2012-07-31 13:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-16 22:05 - 2012-07-31 13:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-16 22:05 - 2012-07-31 13:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 17:00 - 2014-03-29 16:22 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-03-12 17:00 - 2014-03-29 16:22 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 14:56

==================== End Of Log ============================
--- --- ---


Zur Zeit läuft der Rechner soweit ganz okay. Hattest du den etwas gefunden oder gesehen?

schrauber 09.04.2014 13:34
Ja, wir haben jede Menge Adware entfernt.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-03-29] ()
2014-03-29 16:22 - 2014-03-12 17:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-03-29 16:22 - 2014-03-12 17:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-03-29 16:20 - 2014-03-29 16:20 - 00000000 ____D () C:\Program Files\003

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.

dakir2004 11.04.2014 12:45
Hallo Schrauber!

Fixlog.txt

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Daniel at 2014-04-11 13:41:29 Run:1
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-03-29] ()
2014-03-29 16:22 - 2014-03-12 17:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-03-29 16:22 - 2014-03-12 17:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-03-29 16:20 - 2014-03-29 16:20 - 00000000 ____D () C:\Program Files\003
*****************

xmkysecqun64 => Unable to stop service
xmkysecqun64 => Service deleted successfully.
C:\Windows\system32\SecureAssist64.dll => Moved successfully.
C:\Windows\SysWOW64\SecureAssist.dll => Moved successfully.
C:\Program Files\003 => Moved successfully.

==== End of Fixlog ====
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 29 days old and could be outdated)
Ran by Daniel (administrator) on DANIEL-PC on 11-04-2014 13:43:27
Running from C:\Users\Daniel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mep.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Join Air\AssistantServices.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Users\Daniel\Documents\Software\iTunes - Apple\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Users\Daniel\Documents\Software\iTunes - Apple\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-420823474-2913344114-3078669060-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-420823474-2913344114-3078669060-1001\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-420823474-2913344114-3078669060-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-16] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [111720 2010-10-28] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4v5g8c1n.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Users\Daniel\Documents\Software\iTunes - Apple\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Daniel\Documents\Music\Amazon Music\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MyEPSON Connect Service; C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe [703616 2012-10-01] (SEIKO EPSON CORPORATION)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-29] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-11 13:43 - 2014-04-11 13:43 - 00012543 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-04-11 13:41 - 2014-04-11 13:41 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-04-02 18:10 - 2014-04-02 18:10 - 00000000 ____D () C:\Windows\ERUNT
2014-03-30 14:11 - 2014-04-02 18:04 - 00000000 ____D () C:\AdwCleaner
2014-03-30 13:57 - 2014-03-30 19:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 13:57 - 2014-03-30 13:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 13:57 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 13:57 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 13:57 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 13:56 - 2014-04-11 09:06 - 00321308 ____N () C:\Windows\WindowsUpdate.log
2014-03-29 20:10 - 2014-04-11 13:43 - 00000000 ____D () C:\FRST
2014-03-29 15:25 - 2014-03-29 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 11:51 - 2014-03-29 11:51 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-21 12:46 - 2014-03-21 12:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-16 21:27 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 21:27 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 21:27 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 21:27 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 21:27 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 21:27 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 21:27 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 21:27 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 21:27 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 21:27 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 21:27 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 21:27 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 21:27 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 21:27 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 21:27 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 21:27 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 21:27 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 21:27 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 21:27 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 21:27 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 21:27 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 21:27 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 21:27 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 21:27 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 21:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 21:27 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 21:26 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 21:26 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 21:26 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 21:26 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 21:26 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 21:26 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 21:26 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 21:26 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 21:26 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 21:26 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 21:26 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 21:26 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 21:26 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 21:26 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 21:26 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 21:26 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 21:26 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 21:26 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 21:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 21:26 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 21:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 21:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-11 13:44 - 2014-04-11 13:43 - 00012543 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-04-11 13:43 - 2014-03-29 20:10 - 00000000 ____D () C:\FRST
2014-04-11 13:41 - 2014-04-11 13:41 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-04-11 13:09 - 2014-01-04 15:09 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {F92AE547-3EBC-4541-8880-B84F8B95060D}.job
2014-04-11 13:09 - 2014-01-04 15:09 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {F92AE547-3EBC-4541-8880-B84F8B95060D}.job
2014-04-11 13:05 - 2012-07-31 13:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-11 09:06 - 2014-03-30 13:56 - 00321308 ____N () C:\Windows\WindowsUpdate.log
2014-04-11 08:57 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 08:57 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 08:55 - 2010-11-25 06:04 - 00703644 _____ () C:\Windows\system32\perfh007.dat
2014-04-11 08:55 - 2010-11-25 06:04 - 00150994 _____ () C:\Windows\system32\perfc007.dat
2014-04-11 08:55 - 2009-07-14 07:13 - 01630836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-11 08:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 18:14 - 2011-03-12 22:25 - 00000000 ____D () C:\Users\Daniel\Documents\Software
2014-04-03 17:05 - 2011-03-12 21:57 - 00000000 ____D () C:\Users\Daniel\Documents\Excel
2014-04-02 18:10 - 2014-04-02 18:10 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 18:04 - 2014-03-30 14:11 - 00000000 ____D () C:\AdwCleaner
2014-04-02 08:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-31 09:35 - 2011-03-13 15:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 19:41 - 2014-03-30 13:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 16:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-03-30 16:02 - 2012-10-04 17:55 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
2014-03-30 13:57 - 2014-03-30 13:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 13:57 - 2012-07-31 12:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 18:41 - 2013-03-28 17:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 18:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-29 18:35 - 2011-03-12 21:30 - 00000000 ___RD () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-29 15:25 - 2014-03-29 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 11:51 - 2014-03-29 11:51 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-21 12:46 - 2014-03-21 12:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-17 16:52 - 2013-08-15 23:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 16:49 - 2012-04-06 11:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 10:45 - 2009-07-14 06:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 10:43 - 2013-03-13 16:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 10:43 - 2013-03-13 16:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 22:45 - 2012-03-16 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-16 22:05 - 2012-07-31 13:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-16 22:05 - 2012-07-31 13:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-16 22:05 - 2012-07-31 13:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 14:56

==================== End Of Log ============================
--- --- ---

schrauber 13.04.2014 14:10
Noch Probleme?

dakir2004 13.04.2014 15:01
Sieht zur Zeit alles i.O aus und funktioniert einwandfrei! Was sagt der Experte dazu? Alles wieder sauber?

schrauber 14.04.2014 14:45
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19