Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   HTML/Crypted.Gen durch Avira Antivir Browser Schutz gefunden (https://www.trojaner-board.de/153703-html-crypted-gen-avira-antivir-browser-schutz-gefunden.html)

Balduin12 11.05.2014 16:27
HTML/Crypted.Gen durch Avira Antivir Browser Schutz gefunden
 
Hallo,

gestern Nachmittag gab es auf meinem Rechner einen kleinen Zwischenfall: Der Avira Antivir Browser Schutz meldete um 17.28 Uhr:

Beim Zugriff auf Daten der URL "h**p://kka.agitos.de/content/js/32"
wurde ein Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus] gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

Da es in einem anderen Thread um ein ähnliches Problem geht und dort um die Veröffentlichung der Log-Dateien des Durchlaufs mit Farbar's Recovery Scan Tool gebeten wurde, liefere ich diese unten schon einmal. Der Suchlauf mit Avira Antivir über das gesamte System war glücklicherweise negativ und es wurde keine Datei in die Quarantäne verschoben. Es wäre sehr nett, wenn mir jemand weiterhelfen und mir sagen könnte, ob mein System kompromittiert ist.

Ich habe außerdem die Frage, welche Funktionsweise der Browserschutz genau verfolgt: Grundsätzlich soll er doch dazu führen, dass die Tür zugeschlagen und verrriegelt und verrammelt wird, sobald ein Schädling in Sicht ist. Für die Bewertung, ob es sich um Malware handelt, muss die entsprechende Datei doch aber erstmal in einen Cache geladen werden. Kann man sich nun beim Erscheinen einer derartigen Meldung etwas eingefangen haben oder ist das nicht möglich?

Vielen Dank und viele Grüße

Balduin 12

FRST.txt:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Wolfgang (administrator) on WOLFGANG-PC on 11-05-2014 16:52:44
Running from C:\Users\Wolfgang\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\AAVUpdateManager\aavus.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ADONISDB\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6277912 2014-03-18] (Piriform Ltd)
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFCF8315A4D5ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\8j7arp2v.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: PrivDog - C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\8j7arp2v.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-04-10]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\8j7arp2v.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2012-09-26]
FF HKLM-x32\...\Thunderbird\Extensions: [te_10.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_10.0
FF HKLM-x32\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files (x86)\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files (x86)\Mobile Master\ext\1\ []

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1267000 2011-11-23] (COMODO)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$ADONISDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ADONISDB\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-02-24] (Nitro PDF Software)
S4 SQLAgent$ADONISDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ADONISDB\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [X]
S2 HPSLPSVC; C:\Users\Wolfgang\AppData\Local\Temp\7zS147D\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 16:52 - 2014-05-11 16:53 - 00011802 _____ () C:\Users\Wolfgang\Desktop\FRST.txt
2014-05-11 16:52 - 2014-05-11 16:52 - 00000000 ____D () C:\FRST
2014-05-11 16:51 - 2014-05-11 16:51 - 02066432 _____ (Farbar) C:\Users\Wolfgang\Desktop\FRST64.exe
2014-05-11 12:11 - 2014-05-11 12:11 - 00000112 _____ () C:\Windows\setupact.log
2014-05-11 12:11 - 2014-05-11 12:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-11 11:05 - 2014-05-11 16:38 - 00016806 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 11:03 - 2014-05-11 11:03 - 00067992 ____N () C:\Users\Wolfgang\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-09 19:53 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-09 19:53 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-09 19:53 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-09 19:53 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-09 19:07 - 2014-05-09 19:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:06 - 2014-05-09 20:19 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Neuer Ordner
2014-05-07 23:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 23:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 23:00 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 23:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 23:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 23:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 23:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 23:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 23:00 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 23:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 23:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 23:00 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 23:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 23:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 23:00 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 23:00 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 23:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 23:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 23:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 23:00 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 23:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 23:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 23:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 23:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 23:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 23:00 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 23:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 23:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 23:00 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 23:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 23:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 23:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 23:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 23:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 23:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 23:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 23:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 23:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 23:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 23:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 23:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 23:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 23:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 23:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-29 23:08 - 2014-05-01 13:14 - 00009541 _____ () C:\Users\Wolfgang\Desktop\20140429-4100096530-umsatz.csv
2014-04-26 23:48 - 2014-04-26 23:48 - 00000012 _____ () C:\Users\Wolfgang\Desktop\1.txt
2014-04-15 23:19 - 2014-04-15 23:19 - 12698704 _____ () C:\Users\Wolfgang\Desktop\setup64.exe
2014-04-12 23:19 - 2014-04-12 23:19 - 00001088 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-04-12 23:19 - 2014-04-12 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Master
2014-04-12 22:57 - 2014-04-12 23:10 - 00000000 ____D () C:\Users\Wolfgang\AppData\Local\lazarus
2014-04-12 22:38 - 2014-04-12 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
2014-04-12 22:38 - 2013-09-30 07:18 - 01806848 _____ () C:\Windows\system32\Qt4Pas5.dll
2014-04-12 22:34 - 2014-04-12 22:38 - 00000000 ____D () C:\lazarus
2014-04-12 22:24 - 2014-04-12 22:27 - 117909669 _____ (Lazarus Team ) C:\Users\Wolfgang\Desktop\lazarus-1.2.0-fpc-2.6.2-win32.exe
2014-04-12 22:09 - 2014-04-12 22:09 - 00000000 ____D () C:\Users\Public\Documents\COMODO

==================== One Month Modified Files and Folders =======

2014-05-11 16:53 - 2014-05-11 16:52 - 00011802 _____ () C:\Users\Wolfgang\Desktop\FRST.txt
2014-05-11 16:52 - 2014-05-11 16:52 - 00000000 ____D () C:\FRST
2014-05-11 16:51 - 2014-05-11 16:51 - 02066432 _____ (Farbar) C:\Users\Wolfgang\Desktop\FRST64.exe
2014-05-11 16:38 - 2014-05-11 11:05 - 00016806 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 12:11 - 2014-05-11 12:11 - 00000112 _____ () C:\Windows\setupact.log
2014-05-11 12:11 - 2014-05-11 12:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-11 11:12 - 2009-07-14 19:58 - 00894124 _____ () C:\Windows\system32\perfh007.dat
2014-05-11 11:12 - 2009-07-14 19:58 - 00220490 _____ () C:\Windows\system32\perfc007.dat
2014-05-11 11:12 - 2009-07-14 07:13 - 02140652 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 11:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 11:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 11:03 - 2014-05-11 11:03 - 00067992 ____N () C:\Users\Wolfgang\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-10 15:34 - 2012-04-29 15:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 20:19 - 2014-05-09 19:06 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Neuer Ordner
2014-05-09 19:07 - 2014-05-09 19:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 23:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-04 00:28 - 2012-05-17 11:16 - 00000852 _____ () C:\Users\Wolfgang\Documents\OuProxy.log
2014-05-02 23:39 - 2014-03-09 00:16 - 00001963 _____ () C:\Users\Public\Desktop\BILD Steuer 2014.lnk
2014-05-02 23:39 - 2014-03-09 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BILD Steuer 2014
2014-05-01 13:14 - 2014-04-29 23:08 - 00009541 _____ () C:\Users\Wolfgang\Desktop\20140429-4100096530-umsatz.csv
2014-05-01 12:20 - 2012-02-28 22:05 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Nitro PDF
2014-04-29 16:01 - 2014-05-09 19:53 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-09 19:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-09 19:53 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-09 19:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 23:48 - 2014-04-26 23:48 - 00000012 _____ () C:\Users\Wolfgang\Desktop\1.txt
2014-04-21 22:40 - 2012-03-04 21:46 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Skype
2014-04-16 23:12 - 2011-12-19 19:59 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys
2014-04-16 23:12 - 2011-12-19 19:59 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2014-04-16 23:12 - 2011-12-19 19:59 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-04-16 23:12 - 2011-12-19 19:59 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-04-15 23:19 - 2014-04-15 23:19 - 12698704 _____ () C:\Users\Wolfgang\Desktop\setup64.exe
2014-04-12 23:20 - 2012-03-09 22:12 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Mobile Master
2014-04-12 23:19 - 2014-04-12 23:19 - 00001088 _____ () C:\Users\Public\Desktop\Mobile Master.lnk
2014-04-12 23:19 - 2014-04-12 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Master
2014-04-12 23:19 - 2012-03-09 22:12 - 00000000 ____D () C:\Program Files (x86)\Mobile Master
2014-04-12 23:13 - 2012-03-09 22:10 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Jumping Bytes
2014-04-12 23:10 - 2014-04-12 22:57 - 00000000 ____D () C:\Users\Wolfgang\AppData\Local\lazarus
2014-04-12 22:38 - 2014-04-12 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
2014-04-12 22:38 - 2014-04-12 22:34 - 00000000 ____D () C:\lazarus
2014-04-12 22:27 - 2014-04-12 22:24 - 117909669 _____ (Lazarus Team ) C:\Users\Wolfgang\Desktop\lazarus-1.2.0-fpc-2.6.2-win32.exe
2014-04-12 22:09 - 2014-04-12 22:09 - 00000000 ____D () C:\Users\Public\Documents\COMODO

Files to move or delete:
====================
C:\Windows\Tasks\{AC81FE43-F695-4BBD-92AD-C1047EEF1CAA}.job
C:\Windows\Tasks\{D2F589E6-56D9-4C4A-B5D8-1A3D4BFB3870}.job


Some content of TEMP:
====================
C:\Users\Wolfgang\AppData\Local\Temp\avgnt.exe
C:\Users\Wolfgang\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-02-26 21:51

==================== End Of Log ============================
--- --- ---


Addition.txt:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014
Ran by Wolfgang at 2014-05-11 16:53:50
Running from C:\Users\Wolfgang\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
ADONIS Community Edition 2.0 (English) (HKLM-x32\...\{6C8FE025-F3BD-4F5E-A79C-57932DAEB3CF}) (Version: 20 - BOC Group)
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{81FC0476-9507-4CD3-95A7-2BE60E256D1D}) (Version: 2.0.27.846 - ArcSoft)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BILD Steuer 2014 (HKLM-x32\...\{6095D412-A42B-4A41-8286-135111F0CB84}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)
BILD-Steuer 2012 (HKLM-x32\...\{8D37EF28-C603-41DE-843F-300C5EF8FD82}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
BILD-Steuer 2013 (HKLM-x32\...\{33030435-243F-4111-BD25-C6A447E8A84F}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BuddyW 1.1.10 (HKLM-x32\...\BuddyW_is1) (Version:  - BuddyWorX)
BurnAware Free 6.8 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
COMODO GeekBuddy (HKLM-x32\...\COMODO GeekBuddy) (Version: 3.3.217083.59 - COMODO)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.9.23255.2196 - COMODO Security Solutions Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6267.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
KompoZer 0.8b3 (HKLM-x32\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version:  - KompoZer)
Lazarus 1.2.0 (HKLM\...\lazarus_is1) (Version: 1.2.0 - Lazarus Team)
LibreOffice 3.5 (HKLM-x32\...\{B1F9C834-0594-4563-B344-4ED9599A5945}) (Version: 3.5.5.3 - The Document Foundation)
MAGIX Music Manager 2007 8.1.1.108 (D) (HKLM-x32\...\MAGIX Music Manager 2007 D) (Version: 8.1.1.108 - MAGIX AG)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (x32 Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
microTOOL objectiF 7.1 (HKLM-x32\...\objectiF Eclipse Edition 7.1 - Personal) (Version: 7.1.0.23 - microTOOL GmbH)
Mobile Master (x32 Version: 8.6.12 - Jumping Bytes) Hidden
Mobile Master 8.6.12 (HKLM-x32\...\Mobile Master) (Version: 8.6.12 - Jumping Bytes)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Nitro Reader 2 (HKLM\...\{F3FA23C7-F98A-4BE3-B9DC-F2981F32A409}) (Version: 2.2.1.16 - Nitro PDF Software)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.86.0 - Nokia)
Nokia Suite (x32 Version: 3.3.86.0 - Nokia) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SQL Server 2008 R2 Common Files (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG)
TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
XMind (HKLM-x32\...\XMind) (Version: 3.3.0 - XMind Ltd.)
xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version:  - Christian Taubenheim)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job => c:\Program Files\Microsoft IntelliPoint\ipoint.exe
Task: C:\Windows\Tasks\{AC81FE43-F695-4BBD-92AD-C1047EEF1CAA}.job => c:\program files (x86)\mozilla firefox\firefox.exe
Task: C:\Windows\Tasks\{D2F589E6-56D9-4C4A-B5D8-1A3D4BFB3870}.job => c:\program files (x86)\mozilla firefox\firefox.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\AAVUpdateManager\aavus.exe
2013-08-05 19:43 - 2013-08-05 19:12 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-09 19:07 - 2014-05-09 19:07 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-05-29 21:01 - 2013-05-29 21:01 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
2013-08-05 19:43 - 2013-08-05 19:12 - 00394824 _____ () C:\program files (x86)\avira\antivir desktop\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CLPSLS => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Wolfgang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Wolfgang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk => C:\Windows\pss\OpenOffice.org 3.4.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 5 => "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: COMODO => C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
MSCONFIG\startupreg: CPA => C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MMAgent => C:\Program Files (x86)\Mobile Master\MMAgent.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: PrivDogService => "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== Faulty Device Manager Devices =============

Name: Integrated Webcam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2014 01:09:48 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 4758

Error: (05/11/2014 01:09:48 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 4758

Error: (05/11/2014 01:09:48 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/11/2014 00:48:40 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 11357

Error: (05/11/2014 00:48:40 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 11357

Error: (05/11/2014 00:48:40 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/11/2014 00:48:34 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 5647

Error: (05/11/2014 00:48:34 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 5647

Error: (05/11/2014 00:48:34 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/11/2014 11:03:04 AM) (Source: SQLAgent$SQLEXPRESS) (User: ) (EventID: 103)
Description: SQLServerAgent could not be started (reason: Error creating a new session).


System errors:
=============
Error: (05/11/2014 04:38:04 PM) (Source: atikmdag) (User: ) (EventID: 10261)
Description: Display is not active

Error: (05/11/2014 01:51:43 PM) (Source: atikmdag) (User: ) (EventID: 10261)
Description: Display is not active

Error: (05/11/2014 00:54:26 PM) (Source: Disk) (User: ) (EventID: 11)
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (05/11/2014 00:54:23 PM) (Source: atikmdag) (User: ) (EventID: 10261)
Description: Display is not active

Error: (05/11/2014 11:05:03 AM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (05/11/2014 11:01:54 AM) (Source: atikmdag) (User: ) (EventID: 10261)
Description: Display is not active

Error: (05/11/2014 11:01:54 AM) (Source: atikmdag) (User: ) (EventID: 19468)
Description: CPLIB :: General - Invalid Parameter

Error: (05/10/2014 10:38:45 PM) (Source: atikmdag) (User: ) (EventID: 10261)
Description: Display is not active

Error: (05/10/2014 10:18:50 PM) (Source: atikmdag) (User: ) (EventID: 10261)
Description: Display is not active

Error: (05/10/2014 04:14:23 PM) (Source: Disk) (User: ) (EventID: 11)
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (05/11/2014 01:09:48 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 4758

Error: (05/11/2014 01:09:48 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 4758

Error: (05/11/2014 01:09:48 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/11/2014 00:48:40 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 11357

Error: (05/11/2014 00:48:40 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 11357

Error: (05/11/2014 00:48:40 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/11/2014 00:48:34 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 5647

Error: (05/11/2014 00:48:34 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 5647

Error: (05/11/2014 00:48:34 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/11/2014 11:03:04 AM) (Source: SQLAgent$SQLEXPRESS) (User: ) (EventID: 103)
Description: Error creating a new session


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 4090.86 MB
Available physical RAM: 2351.75 MB
Total Pagefile: 8179.9 MB
Available Pagefile: 6067.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:44.59 GB) (Free:3.96 GB) NTFS
Drive e: (Bert) (Fixed) (Total:40 GB) (Free:33.53 GB) NTFS
Drive g: (STORE N GO) (Removable) (Total:7.45 GB) (Free:0.92 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 3FBE4D3F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=05)
Partition 4: (Not Active) - (Size=40 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================
--- --- ---

schrauber 11.05.2014 17:31
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Balduin12 14.05.2014 19:17
Hallo Schrauber,

erstmal danke für deine Hilfe. Habe Combofix entsprechend deiner Anweisung benutzt. Leider bleibt das Programm bei schätzungsweise 90 % Arbeitsfortschritt (laut Balken) stehen. Habe den Rechner mehrmals ca. zwei Stunden in diesem Zustand gelassen, weil ich dachte, vielleicht gibt sich's ja. Woran kann das den liegen oder könnte ich auch mit einer anderen Software einen Scan durchführen?

Viele Grüße und vielen Dank

Balduin12

schrauber 15.05.2014 12:39
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Balduin12 18.05.2014 21:49
Hallo Schrauber,

hier die Logfiles:

Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 18.05.2014 16:31:29, SYSTEM, WOLFGANG-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 18.05.2014 16:31:42, SYSTEM, WOLFGANG-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.18.4,

(end)

AdwCleaner:AdwCleaner Logfile:
Code:
# AdwCleaner v3.208 - Bericht erstellt am 18/05/2014 um 17:22:53
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Wolfgang - WOLFGANG-PC
# Gestartet von : C:\Users\Wolfgang\Desktop\adwcleaner_3.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\iMesh Applications
Ordner Gelöscht : C:\Users\Wolfgang\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_systweak-regclean-pro_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_systweak-regclean-pro_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\8j7arp2v.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2403 octets] - [18/05/2014 17:18:39]
AdwCleaner[S0].txt - [2257 octets] - [18/05/2014 17:22:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2317 octets] ##########
--- --- ---

Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows_NT x64
Ran by Wolfgang on 18.05.2014 at 21:58:26,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Wolfgang\AppData\Roaming\mozilla\firefox\profiles\8j7arp2v.default\minidumps [937 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.05.2014 at 22:25:22,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Wolfgang (administrator) on WOLFGANG-PC on 18-05-2014 22:31:49
Running from C:\Users\Wolfgang\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\AAVUpdateManager\aavus.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ADONISDB\MSSQL\Binn\sqlservr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL$BSI\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6152472 2014-04-17] (Piriform Ltd)
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1194741831-4122807686-10932906-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFCF8315A4D5ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\8j7arp2v.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: PrivDog - C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\8j7arp2v.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-04-10]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\8j7arp2v.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2012-09-26]
FF HKLM-x32\...\Thunderbird\Extensions: [te_10.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_10.0
FF HKLM-x32\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files (x86)\Mobile Master\ext\1\
FF Extension: Mobile Master Add-In - C:\Program Files (x86)\Mobile Master\ext\1\ []

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1267000 2011-11-23] (COMODO)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$ADONISDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ADONISDB\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 MSSQL$BSI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$BSI\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-02-24] (Nitro PDF Software)
S4 SQLAgent$ADONISDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ADONISDB\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
S3 SQLAgent$BSI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$BSI\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [X]
S2 HPSLPSVC; C:\Users\Wolfgang\AppData\Local\Temp\7zS147D\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 20:06 - 2014-05-18 20:07 - 00010732 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 20:06 - 2014-05-18 20:06 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 17:18 - 2014-05-18 17:22 - 00000000 ____D () C:\AdwCleaner
2014-05-18 16:53 - 2014-05-18 22:30 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Protokolle
2014-05-18 16:26 - 2014-05-18 17:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 16:26 - 2014-05-18 16:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 16:26 - 2014-05-18 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 16:26 - 2014-05-18 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-18 16:26 - 2014-05-18 16:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 16:26 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-18 16:26 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-18 16:26 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-18 16:23 - 2014-05-18 16:24 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Wolfgang\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-18 16:22 - 2014-05-18 16:22 - 00000540 _____ () C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2014-05-18 15:43 - 2014-05-18 15:43 - 01016261 _____ (Thisisu) C:\Users\Wolfgang\Desktop\JRT.exe
2014-05-18 15:40 - 2014-05-18 15:40 - 01431792 _____ (iMesh Inc) C:\Users\Wolfgang\Desktop\iMeshSetup-r1482-w-bf.exe
2014-05-18 15:40 - 2014-05-18 15:40 - 01325827 _____ () C:\Users\Wolfgang\Desktop\adwcleaner_3.208.exe
2014-05-18 15:37 - 2014-05-18 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-18 12:01 - 2014-05-18 12:01 - 00001121 _____ () C:\logAttach.log
2014-05-18 12:00 - 2014-05-18 12:00 - 00001726 _____ () C:\Users\Public\Desktop\GSTOOL 4.5.lnk
2014-05-18 12:00 - 2014-05-18 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSI
2014-05-18 12:00 - 2002-12-17 16:23 - 00033340 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbmsqlgc.dll
2014-05-18 12:00 - 2002-10-20 14:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbmsgnet.dll
2014-05-18 12:00 - 1998-10-29 15:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-05-18 11:59 - 2014-05-18 11:59 - 00000000 ____D () C:\Program Files (x86)\BSI
2014-05-18 11:25 - 2014-05-18 12:01 - 06363426 _____ () C:\gstool_install.log
2014-05-14 23:09 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:09 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:09 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:09 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:09 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:09 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 20:16 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 20:16 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 20:15 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 20:15 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 20:15 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 20:15 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 20:15 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 20:15 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 20:15 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 20:15 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 20:15 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 20:15 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 20:15 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 20:15 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 20:15 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 20:15 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 20:15 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 20:15 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 20:15 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 20:15 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 20:15 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 20:15 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 20:15 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 20:15 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 20:15 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 20:15 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 20:15 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 20:15 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 20:15 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 20:15 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 20:15 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 20:15 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 19:58 - 2014-05-12 20:42 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Neuer Ordner (2)
2014-05-11 23:07 - 2014-05-11 23:07 - 00014589 _____ () C:\Users\Wolfgang\Desktop\CisReport_x64_v7.0.317799.4142_20140511-230711.zip
2014-05-11 23:07 - 2014-05-11 23:07 - 00000000 __SHD () C:\Users\Wolfgang\AppData\Local\EmieUserList
2014-05-11 23:07 - 2014-05-11 23:07 - 00000000 __SHD () C:\Users\Wolfgang\AppData\Local\EmieSiteList
2014-05-11 22:38 - 2014-05-14 21:33 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-11 22:35 - 2014-05-11 22:35 - 05200347 _____ (Swearware) C:\Users\Wolfgang\Desktop\ComboFix.exe
2014-05-11 16:53 - 2014-05-11 16:55 - 00022530 _____ () C:\Users\Wolfgang\Desktop\Addition.txt
2014-05-11 16:52 - 2014-05-18 22:31 - 00011796 _____ () C:\Users\Wolfgang\Desktop\FRST.txt
2014-05-11 16:52 - 2014-05-18 22:31 - 00000000 ____D () C:\FRST
2014-05-11 16:51 - 2014-05-11 16:51 - 02066432 _____ (Farbar) C:\Users\Wolfgang\Desktop\FRST64.exe
2014-05-09 19:07 - 2014-05-09 19:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:06 - 2014-05-09 20:19 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Neuer Ordner
2014-05-07 23:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 23:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 23:00 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 23:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 23:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 23:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 23:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 23:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 23:00 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 23:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 23:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 23:00 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 23:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 23:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 23:00 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 23:00 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 23:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 23:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 23:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 23:00 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 23:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 23:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 23:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 23:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 23:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 23:00 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 23:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 23:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 23:00 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 23:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 23:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 23:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 23:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 23:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 23:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 23:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 23:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 23:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 23:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 23:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 23:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 23:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 23:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 23:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-29 23:08 - 2014-05-01 13:14 - 00009541 _____ () C:\Users\Wolfgang\Desktop\20140429-4100096530-umsatz.csv
2014-04-26 23:48 - 2014-04-26 23:48 - 00000012 _____ () C:\Users\Wolfgang\Desktop\1.txt

==================== One Month Modified Files and Folders =======

2014-05-18 22:32 - 2014-05-11 16:52 - 00011796 _____ () C:\Users\Wolfgang\Desktop\FRST.txt
2014-05-18 22:31 - 2014-05-11 16:52 - 00000000 ____D () C:\FRST
2014-05-18 22:30 - 2014-05-18 16:53 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Protokolle
2014-05-18 20:11 - 2009-07-14 19:58 - 00917038 _____ () C:\Windows\system32\perfh007.dat
2014-05-18 20:11 - 2009-07-14 19:58 - 00230704 _____ () C:\Windows\system32\perfc007.dat
2014-05-18 20:11 - 2009-07-14 07:13 - 02200814 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 20:11 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 20:11 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 20:07 - 2014-05-18 20:06 - 00010732 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 20:06 - 2014-05-18 20:06 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 17:22 - 2014-05-18 17:18 - 00000000 ____D () C:\AdwCleaner
2014-05-18 17:21 - 2014-05-18 16:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 16:26 - 2014-05-18 16:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 16:26 - 2014-05-18 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 16:26 - 2014-05-18 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-18 16:26 - 2014-05-18 16:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 16:24 - 2014-05-18 16:23 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Wolfgang\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-18 16:22 - 2014-05-18 16:22 - 00000540 _____ () C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2014-05-18 15:59 - 2012-04-29 15:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-18 15:44 - 2014-05-18 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-18 15:43 - 2014-05-18 15:43 - 01016261 _____ (Thisisu) C:\Users\Wolfgang\Desktop\JRT.exe
2014-05-18 15:40 - 2014-05-18 15:40 - 01431792 _____ (iMesh Inc) C:\Users\Wolfgang\Desktop\iMeshSetup-r1482-w-bf.exe
2014-05-18 15:40 - 2014-05-18 15:40 - 01325827 _____ () C:\Users\Wolfgang\Desktop\adwcleaner_3.208.exe
2014-05-18 15:39 - 2012-02-28 22:05 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Nitro PDF
2014-05-18 12:25 - 2012-03-04 22:57 - 00000000 ____D () C:\Users\Wolfgang\AppData\Local\Adobe
2014-05-18 12:23 - 2013-05-29 21:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 12:23 - 2012-05-12 22:05 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-18 12:23 - 2012-05-12 22:05 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-18 12:01 - 2014-05-18 12:01 - 00001121 _____ () C:\logAttach.log
2014-05-18 12:01 - 2014-05-18 11:25 - 06363426 _____ () C:\gstool_install.log
2014-05-18 12:00 - 2014-05-18 12:00 - 00001726 _____ () C:\Users\Public\Desktop\GSTOOL 4.5.lnk
2014-05-18 12:00 - 2014-05-18 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSI
2014-05-18 12:00 - 2012-04-01 12:29 - 02173566 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-18 11:59 - 2014-05-18 11:59 - 00000000 ____D () C:\Program Files (x86)\BSI
2014-05-18 11:59 - 2013-06-08 13:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-05-17 11:18 - 2012-06-03 22:20 - 00000000 ___RD () C:\Users\Wolfgang\Virtual Machines
2014-05-17 11:18 - 2012-02-26 22:03 - 00000000 ___RD () C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 11:18 - 2012-02-26 22:03 - 00000000 ___RD () C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 11:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 23:08 - 2013-07-19 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:03 - 2012-03-02 23:42 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 21:33 - 2014-05-11 22:38 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-12 20:42 - 2014-05-12 19:58 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Neuer Ordner (2)
2014-05-11 23:07 - 2014-05-11 23:07 - 00014589 _____ () C:\Users\Wolfgang\Desktop\CisReport_x64_v7.0.317799.4142_20140511-230711.zip
2014-05-11 23:07 - 2014-05-11 23:07 - 00000000 __SHD () C:\Users\Wolfgang\AppData\Local\EmieUserList
2014-05-11 23:07 - 2014-05-11 23:07 - 00000000 __SHD () C:\Users\Wolfgang\AppData\Local\EmieSiteList
2014-05-11 22:35 - 2014-05-11 22:35 - 05200347 _____ (Swearware) C:\Users\Wolfgang\Desktop\ComboFix.exe
2014-05-11 17:44 - 2014-04-06 01:15 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-11 17:44 - 2012-02-27 23:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-11 16:55 - 2014-05-11 16:53 - 00022530 _____ () C:\Users\Wolfgang\Desktop\Addition.txt
2014-05-11 16:51 - 2014-05-11 16:51 - 02066432 _____ (Farbar) C:\Users\Wolfgang\Desktop\FRST64.exe
2014-05-09 20:19 - 2014-05-09 19:06 - 00000000 ____D () C:\Users\Wolfgang\Desktop\Neuer Ordner
2014-05-09 19:07 - 2014-05-09 19:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 06:40 - 2014-05-14 23:09 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 23:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 23:09 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 23:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 23:09 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 23:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 00:28 - 2012-05-17 11:16 - 00000852 _____ () C:\Users\Wolfgang\Documents\OuProxy.log
2014-05-02 23:39 - 2014-03-09 00:16 - 00001963 _____ () C:\Users\Public\Desktop\BILD Steuer 2014.lnk
2014-05-02 23:39 - 2014-03-09 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BILD Steuer 2014
2014-05-01 13:14 - 2014-04-29 23:08 - 00009541 _____ () C:\Users\Wolfgang\Desktop\20140429-4100096530-umsatz.csv
2014-04-26 23:48 - 2014-04-26 23:48 - 00000012 _____ () C:\Users\Wolfgang\Desktop\1.txt
2014-04-21 22:40 - 2012-03-04 21:46 - 00000000 ____D () C:\Users\Wolfgang\AppData\Roaming\Skype

Files to move or delete:
====================
C:\Windows\Tasks\{AC81FE43-F695-4BBD-92AD-C1047EEF1CAA}.job
C:\Windows\Tasks\{D2F589E6-56D9-4C4A-B5D8-1A3D4BFB3870}.job


Some content of TEMP:
====================
C:\Users\Wolfgang\AppData\Local\Temp\avgnt.exe
C:\Users\Wolfgang\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 20:15] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-02-26 21:51

==================== End Of Log ============================
--- --- ---

Viele Grüße und vielen Dank

Balduin12

schrauber 19.05.2014 18:18

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Balduin12 01.06.2014 14:31
Hallo,

also ich habe es jetzt mehrmals versucht. ESET Online Scanner zeigt beim Scannen zunächst keinen Fortschritt (0 % über mind. 10 min - Ist das normal?). Als ich wieder nach meinen Computer geschaut habe, habe ich einen blauen Bildschirm vorgefunden, in dem mir mitgeteilt worden ist, dass das System heruntergefahren wurde, um Schaden zu vermeiden. Woran kann das liegen? Ich habe den Rechner nach dem Laden der Datenbanken vom Internet getrennt, weil ich danach Avira und die Firewall ausgeschaltet habe. War das so richtig?

Wie soll ich weiter verfahren, erstmal Scan mit SecurityCheck und neues FRST log?

Viele Grüße und einen schönen Sonntag

schrauber 02.06.2014 12:08
Lass ESET weg, mach nen Vollscan mit deinem AV Programm und den Rest der obigen Anleitung :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131