Trojaner-Board - Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster (https://www.trojaner-board.de/159057-internetbrowser-sehr-langsam-downloads-noch-schlimmer-windows-oeffnet-selbst-fenster.html)

Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster

Guten Abend ihr Retter,

ich habe das Laptop einer Bekannten erhalten mit der Bitte um Hilfe. Sie denkt, sie hat sich einen Schädling eingefangen. Es ist ein Intel I-5 2430M 2.4 Ghz, 4 GB RAM, 64 bit Windows 7 home.

Internetseiten öffnen sich langsam, Downloads sind eine Katastrophe. Angeblich gehen plötzlich Fenster mit kryptischen Zeichen auf und der PC braucht für alles eine Ewigkeit - die "Sanduhr" treibt meine Bekannte in den Wahn.

Es wurden schon Scans mit Malwarebytes, ESET und Stinger etc. durchgeführt, das Gefundene wurde bereinigt. Ich verfüge über einige Logs, die gespeichert wurden. Leider nicht von Malwarebytes. Da habe ich nur eine .dat Datei.

Könntet ihr mir bitte helfen, das System zu prüfen und evtl. zu bereinigen?

Ich habe den Ccleaner benutzt, aber NICHT für die Registry (allerdings ein Held vor mir schon). Browser (sie hat IE und Firefox) manuell bereinigt und alles zurückgesetzt. Hat schon etwas geholfen; zumindest Seitenaufbau deutlich schneller.

Ach ja: Es waren mehrere Windows-Updates nicht installiert. Das habe ich geändert. Ich habe nach Updates gesucht - mehrfach. Jetzt ist alles up to date.

Hier die Logs. Erst Stinger:

Code:

McAfee Stinger Scan Resultsfile:///C:/Users/Lena/AppData/Local/Temp/Stinger_23092014_194924...
 

AV Engine version v5700.7147 for Windows. Virus data file v1000.0 created on Sep 19, 2014 Ready to scan for 6364 viruses, trojans and variants.

Rootkit scan result : Clean.

Summary Report on C: File(s) TotalFiles:............965650

Trojan Remover:

Code:

***** NORMAL SCAN FOR ACTIVE MALWARE *****

Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com

[Unregistered version]

Scan started at: 13:06:46 24 Sep 2014

Using Database v8496

Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]

File System:       NTFS

UAC is ENABLED [default level]

UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\

Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\

Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\

Program directory:  C:\Program Files (x86)\Trojan Remover\

Running with Administrator privileges
 

************************************************************

13:06:51: ----- Checking Default File Associations -----

No modified default file associations detected
 

************************************************************

13:06:51: ----- SCANNING FOR ROOTKIT SERVICES -----

No hidden Services were detected.
 

************************************************************

13:06:52: Scanning ----- Windows Registry -----

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

This key's "Shell" value calls the following program(s):

Key value: [explorer.exe]

File: C:\Windows\Explorer.exe

C:\Windows\Explorer.exe

2871808 bytes

Created:  31.10.2011 21:06

Modified: 25.02.2011 08:19

Company:  Microsoft Corporation

----------

This key's "Userinit" value calls the following program(s):

Key value: [C:\Windows\system32\userinit.exe,]

File: C:\Windows\system32\userinit.exe

C:\Windows\System32\userinit.exe

30720 bytes

Created:  02.11.2011 20:41

Modified: 20.11.2010 15:25

Company:  Microsoft Corporation

----------

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value Name: [ATKOSD2]

Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

5732992 bytes

Created:  17.08.2010 15:55

Modified: 17.08.2010 15:55

Company:  ASUS

--------------------

Value Name: [ATKMEDIA]

Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe]

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

170624 bytes

Created:  07.10.2010 15:05

Modified: 07.10.2010 15:05

Company:  ASUS

--------------------

Value Name: [HControlUser]

Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe]

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

105016 bytes

Created:  19.06.2009 11:29

Modified: 19.06.2009 11:29

Company:  ASUS

--------------------

Value Name: [Avira Systray]

Value Data: [C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe]

C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

164656 bytes

Created:  17.09.2014 13:31

Modified: 17.09.2014 13:31

Company:  Avira Operations GmbH & Co. KG

--------------------

Value Name: [avgnt]

Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min]

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

751184 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

This Registry key appears to be empty

--------------------

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Value Name: [EPLTarget\P0000000000000000]

Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"]

C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE

239488 bytes

Created:  17.03.2012 16:14

Modified: 24.04.2011 23:01

Company:  SEIKO EPSON CORPORATION

--------------------

Value Name: [EPLTarget\P0000000000000001]

Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" /EF "HKCU"]

C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE

239488 bytes

Created:  17.03.2012 16:14

Modified: 24.04.2011 23:01

Company:  SEIKO EPSON CORPORATION

--------------------

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

This Registry key appears to be empty
 

************************************************************

13:06:58: Scanning ----- Windows 64-Bit Registry -----

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value Name: [AmIcoSinglun64]

Value Data: [C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe]

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

324096 bytes

Created:  11.08.2010 15:21

Modified: 11.08.2010 15:21

Company:  Alcor Micro Corp.

--------------------

Value Name: [ETDCtrl]

Value Data: [%ProgramFiles%\Elantech\ETDCtrl.exe]

C:\Program Files\Elantech\ETDCtrl.exe

2587944 bytes

Created:  13.12.2010 22:12

Modified: 13.12.2010 22:12

Company:  ELAN Microelectronics Corp.

--------------------

Value Name: [IgfxTray]

Value Data: ["C:\Windows\system32\igfxtray.exe"]

C:\Windows\System32\igfxtray.exe

171992 bytes

Created:  29.01.2014 23:02

Modified: 29.01.2014 23:02

Company:  Intel Corporation

--------------------

Value Name: [HotKeysCmds]

Value Data: ["C:\Windows\system32\hkcmd.exe"]

C:\Windows\System32\hkcmd.exe

399832 bytes

Created:  29.01.2014 23:02

Modified: 29.01.2014 23:02

Company:  Intel Corporation

--------------------

Value Name: [Persistence]

Value Data: ["C:\Windows\system32\igfxpers.exe"]

C:\Windows\System32\igfxpers.exe

442328 bytes

Created:  29.01.2014 23:02

Modified: 29.01.2014 23:02

Company:  Intel Corporation

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

This Registry key appears to be empty
 

************************************************************

13:07:01: Scanning -----SHELLEXECUTEHOOKS-----

ShellExecuteHooks key is empty
 

************************************************************

13:07:01: Scanning -----HIDDEN REGISTRY ENTRIES-----

Taskdir check completed

----------

No Hidden File-loading Registry Entries found

----------
 

************************************************************

13:07:01: Scanning -----ACTIVE SCREENSAVER-----

No active ScreenSaver found to scan.
 

************************************************************

13:07:01: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

Key:  {2D46B6DC-2207-486B-B523-A557E6D54B47}

Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]

----------
 

************************************************************

13:07:02: Scanning ----- SERVICEDLL REGISTRY KEYS -----
 

************************************************************

13:07:14: Scanning ----- SERVICES REGISTRY KEYS -----

Key:       03e661da

ImagePath: "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

c:\progra~3\winfil~1\WinFilterSvc.dll - [file not found to scan]

----------
 

************************************************************

13:07:41: Scanning -----VXD ENTRIES-----
 

************************************************************

13:07:41: Scanning ----- ContextMenuHandlers -----
 

************************************************************

13:07:41: Scanning ----- Folder\ColumnHandlers -----
 

************************************************************

13:07:41: Scanning ----- 64-Bit ContextMenuHandlers -----

Key:   Shell Extension for Malware scanning

CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}

Path:  C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll

C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll

2591824 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

----------
 

************************************************************

13:07:42: Scanning ----- 64-Bit Folder\ColumnHandlers -----
 

************************************************************

13:07:42: Scanning ----- Browser Helper Objects -----

Key: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

BHO: C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

96128 bytes

Created:  09.04.2014 15:12

Modified: 09.04.2014 15:12

Company:  McAfee, Inc.

----------

Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}

BHO: C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

562904 bytes

Created:  06.03.2013 08:37

Modified: 06.03.2013 08:37

Company:  Microsoft Corporation

----------
 

************************************************************

13:07:43: Scanning ----- 64-Bit Browser Helper Objects -----

Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}

BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

690392 bytes

Created:  06.03.2013 08:39

Modified: 06.03.2013 08:39

Company:  Microsoft Corporation

----------
 

************************************************************

13:07:43: Scanning ----- ShellServiceObjectDelayLoad Entries -----
 

************************************************************

13:07:43: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----
 

************************************************************

13:07:43: Scanning ----- ShellServiceObjects -----
 

************************************************************

13:07:55: Scanning ----- 64-Bit ShellServiceObjects -----
 

************************************************************

13:08:05: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

No SharedTaskScheduler entries found to scan
 

************************************************************

13:08:05: Scanning ----- IMAGEFILE DEBUGGERS -----

No "Debugger" entries found.
 

************************************************************

13:08:05: Scanning ----- APPINIT_DLLS -----

AppInitDLLs entry = [c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll]

File: c:\windows\syswow64\nvinit.dll

c:\windows\syswow64\nvinit.dll

201576 bytes

Created:  31.10.2011 20:47

Modified: 08.04.2013 13:32

Company:  NVIDIA Corporation

----------

File: C:\Windows\SysWOW64\nvinit.dll

C:\Windows\SysWOW64\nvinit.dll

201576 bytes

Created:  31.10.2011 20:47

Modified: 08.04.2013 13:32

Company:  NVIDIA Corporation

----------
 

************************************************************

13:08:06: Scanning ----- 64-Bit APPINIT_DLLS -----

AppInitDLLs entry = [C:\Windows\system32\nvinitx.dll]

File: C:\Windows\system32\nvinitx.dll

C:\Windows\System32\nvinitx.dll

245872 bytes

Created:  31.10.2011 20:47

Modified: 08.04.2013 13:32

Company:  NVIDIA Corporation

----------
 

************************************************************

13:08:06: Scanning ----- SECURITY PROVIDER DLLS -----
 

************************************************************

13:08:06: Scanning ----- CREDENTIAL PROVIDERS -----
 

************************************************************

13:08:08: Scanning ------ COMMON STARTUP GROUP ------

[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]

The Common Startup Group attempts to load the following file(s) at boot time:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-HS- 174 bytes

Created:  14.07.2009 06:54

Modified: 14.07.2009 06:54

Company:  [no info]

--------------------

McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE

C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE

332016 bytes

Created:  09.04.2014 15:14

Modified: 09.04.2014 15:14

Company:  McAfee, Inc.

--------------------
 

************************************************************

13:08:08: Scanning ----- USER STARTUP GROUPS -----

Checking Startup Group for: Lena

[C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]

C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-HS- 174 bytes

Created:  31.10.2011 20:00

Modified: 25.08.2014 20:08

Company:  [no info]

----------

OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE

C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE

228552 bytes

Created:  25.06.2013 21:48

Modified: 25.06.2013 21:48

Company:  Microsoft Corporation

----------

--------------------
 

************************************************************

13:08:08: Scanning ----- SCHEDULED TASKS -----

Taskname:      Adobe Flash Player Updater

File:          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

267440 bytes

Created:  03.10.2012 10:37

Modified: 21.09.2014 14:40

Company:  Adobe Systems Incorporated

Schedule:      At 01:43:00 every day

Next Run Time: 24.09.2014 13:43:00

Status:        Ready

Creator:       Adobe Systems Incorporated

Comments:      Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.

----------

Taskname:      ATKOSD2

File:          C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

5732992 bytes

Created:  17.08.2010 15:55

Modified: 17.08.2010 15:55

Company:  ASUS

Schedule:      At logon

Next Run Time: 

Status:        Running

Creator:       SSD, ASUSTek

Comments:      

----------
 

************************************************************

13:08:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
 

************************************************************

13:08:09: Scanning ----- DEVICE DRIVER ENTRIES -----

Value: msacm.l3acm

File:  C:\Windows\SysWOW64\l3codeca.acm

C:\Windows\SysWOW64\l3codeca.acm

64000 bytes

Created:  14.07.2009 02:07

Modified: 14.07.2009 03:14

Company:  Fraunhofer Institut Integrierte Schaltungen IIS

----------
 

************************************************************

13:08:10: ----- ADDITIONAL CHECKS -----

Heuristic checks for hidden files/drivers completed

----------

Layered Service Provider entries checks completed

----------

Windows Explorer Policies checks completed

----------

Desktop Wallpaper: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

642987 bytes

Created:  31.10.2011 20:00

Modified: 31.10.2011 20:00

Company:  [no info]

----------

Web Desktop Wallpaper entry is blank

----------

Checks for rogue DNS NameServers completed

----------

Checks for Backdoor.ZeroAccess completed

----------

Safe Mode checks completed

----------

Additional checks completed
 

************************************************************

13:08:11: Scanning ----- RUNNING PROCESSES -----
 

C:\Windows\System32\smss.exe

112640 bytes

Created:  15.09.2013 19:14

Modified: 02.08.2013 02:59

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\csrss.exe

7680 bytes

Created:  14.07.2009 01:19

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\wininit.exe

129024 bytes

Created:  14.07.2009 01:52

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\services.exe

328704 bytes

Created:  14.07.2009 01:19

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\winlogon.exe

455168 bytes

Created:  23.05.2014 21:50

Modified: 04.03.2014 11:43

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\lsass.exe

31232 bytes

Created:  23.05.2014 21:50

Modified: 12.04.2014 04:19

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\lsm.exe

343040 bytes

Created:  02.11.2011 20:41

Modified: 20.11.2010 15:24

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\svchost.exe

27136 bytes

Created:  14.07.2009 01:31

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\nvvsvc.exe

884512 bytes

Created:  28.01.2011 18:34

Modified: 14.03.2013 08:28

Company:  NVIDIA Corporation

--------------------

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1134880 bytes

Created:  28.01.2011 18:33

Modified: 14.03.2013 08:29

Company:  NVIDIA Corporation

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

84536 bytes

Created:  15.06.2009 18:30

Modified: 15.06.2009 18:30

Company:  ASUS

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

96896 bytes

Created:  15.12.2009 11:39

Modified: 15.12.2009 11:39

Company:  ASUS

--------------------

C:\Windows\System32\spoolsv.exe

559104 bytes

Created:  15.08.2012 11:53

Modified: 11.02.2012 08:36

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

430160 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

--------------------

C:\Windows\System32\taskhost.exe

68608 bytes

Created:  13.01.2013 12:25

Modified: 23.11.2012 05:13

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\dwm.exe

120320 bytes

Created:  14.07.2009 01:37

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE

239488 bytes

Created:  17.03.2012 16:14

Modified: 24.04.2011 23:01

Company:  SEIKO EPSON CORPORATION

--------------------

C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

332016 bytes

Created:  09.04.2014 15:14

Modified: 09.04.2014 15:14

Company:  McAfee, Inc.

--------------------

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

228552 bytes

Created:  25.06.2013 21:48

Modified: 25.06.2013 21:48

Company:  Microsoft Corporation

--------------------

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

2450208 bytes

Created:  28.01.2011 18:34

Modified: 14.03.2013 08:29

Company:  NVIDIA Corporation

--------------------

C:\Windows\System32\taskeng.exe

464384 bytes

Created:  02.11.2011 20:42

Modified: 20.11.2010 15:25

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

166528 bytes

Created:  25.01.2011 12:32

Modified: 25.01.2011 12:32

Company:  ASUS

--------------------

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

430160 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

--------------------

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

136576 bytes

Created:  17.03.2012 16:15

Modified: 24.04.2011 23:00

Company:  SEIKO EPSON CORPORATION

--------------------

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

1809720 bytes

Created:  23.09.2014 22:53

Modified: 12.05.2014 07:24

Company:  Malwarebytes Corporation

--------------------

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

860472 bytes

Created:  23.09.2014 22:53

Modified: 12.05.2014 07:24

Company:  Malwarebytes Corporation

--------------------

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

6970168 bytes

Created:  23.09.2014 22:53

Modified: 12.05.2014 07:24

Company:  Malwarebytes Corporation

--------------------

C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

161016 bytes

Created:  17.09.2014 13:31

Modified: 17.09.2014 13:31

Company:  Avira Operations GmbH & Co. KG

--------------------

C:\Windows\System32\wbem\WmiPrvSE.exe

372736 bytes

Created:  02.11.2011 20:42

Modified: 20.11.2010 15:25

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

2488888 bytes

Created:  19.06.2009 11:29

Modified: 19.06.2009 11:29

Company:  ASUS

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

174648 bytes

Created:  22.12.2008 18:15

Modified: 22.12.2008 18:15

Company:  ASUS

--------------------

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

624432 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

--------------------

C:\Windows\System32\SearchIndexer.exe

591872 bytes

Created:  31.10.2011 21:06

Modified: 04.05.2011 07:19

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

1260320 bytes

Created:  24.09.2014 00:02

Modified: 08.04.2013 13:32

Company:  NVIDIA Corporation

--------------------

C:\Windows\System32\SearchProtocolHost.exe

249856 bytes

Created:  31.10.2011 21:06

Modified: 04.05.2011 07:19

Company:  Microsoft Corporation

--------------------

C:\Program Files\Windows Media Player\wmpnetwk.exe

1525248 bytes

Created:  02.11.2011 20:42

Modified: 20.11.2010 15:25

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe

FileSize:          5468008

[This is a Trojan Remover component]

--------------------

--------------------

C:\Windows\System32\SearchFilterHost.exe

113664 bytes

Created:  31.10.2011 21:06

Modified: 04.05.2011 07:19

Company:  Microsoft Corporation

--------------------
 

************************************************************

13:08:23: Checking HOSTS file

No malicious entries were found in the HOSTS file
 

************************************************************

13:08:23: Checking ----- ROGUE BROWSER MODIFICATIONS -----
 

************************************************************

------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------

HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":

hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":

about:blank

HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
 

************************************************************

=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===

Scan completed at: 13:08:24 24 Sep 2014

Total Scan time: 00:01:37

************************************************************
 
 

======================================

[INCOMPLETE SCAN LOG RECOVERED]

======================================

***** DRIVE/DIRECTORY SCAN *****

Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com

[Unregistered version]

Scan started at: 10:31:25 24 Sep 2014

Using Database v8496

Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]

File System:       NTFS

UAC is ENABLED [default level]

UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\

Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\

Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\

Program directory:  C:\Program Files (x86)\Trojan Remover\

Running with Administrator privileges
 

************************************************************

Carrying out scan on C:\

(including subdirectories)

Archive files will be INCLUDED.

The scan will also include files already renamed by Trojan Remover.

------------------------------

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

[INCOMPLETE SCAN LOG RECOVERED]

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

***** NORMAL SCAN FOR ACTIVE MALWARE *****

Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com

[Unregistered version]

Scan started at: 10:29:04 24 Sep 2014

Using Database v8496

Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]

File System:       NTFS

UAC is ENABLED [default level]

UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\

Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\

Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\

Program directory:  C:\Program Files (x86)\Trojan Remover\

Running with Administrator privileges
 

************************************************************

10:29:07: ----- Checking Default File Associations -----

No modified default file associations detected
 

************************************************************

10:29:07: ----- SCANNING FOR ROOTKIT SERVICES -----

No hidden Services were detected.
 

************************************************************

10:29:07: Scanning ----- Windows Registry -----

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

This key's "Shell" value calls the following program(s):

Key value: [explorer.exe]

File: C:\Windows\Explorer.exe

C:\Windows\Explorer.exe

2871808 bytes

Created:  31.10.2011 21:06

Modified: 25.02.2011 08:19

Company:  Microsoft Corporation

----------

This key's "Userinit" value calls the following program(s):

Key value: [C:\Windows\system32\userinit.exe,]

File: C:\Windows\system32\userinit.exe

C:\Windows\System32\userinit.exe

30720 bytes

Created:  02.11.2011 20:41

Modified: 20.11.2010 15:25

Company:  Microsoft Corporation

----------

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value Name: [ATKOSD2]

Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

5732992 bytes

Created:  17.08.2010 15:55

Modified: 17.08.2010 15:55

Company:  ASUS

--------------------

Value Name: [ATKMEDIA]

Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe]

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

170624 bytes

Created:  07.10.2010 15:05

Modified: 07.10.2010 15:05

Company:  ASUS

--------------------

Value Name: [HControlUser]

Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe]

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

105016 bytes

Created:  19.06.2009 11:29

Modified: 19.06.2009 11:29

Company:  ASUS

--------------------

Value Name: [Avira Systray]

Value Data: [C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe]

C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

164656 bytes

Created:  17.09.2014 13:31

Modified: 17.09.2014 13:31

Company:  Avira Operations GmbH & Co. KG

--------------------

Value Name: [avgnt]

Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min]

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

751184 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

--------------------

Value Name: [TrojanScanner]

Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]

C:\Program Files (x86)\Trojan Remover\Trjscan.exe

1666432 bytes

Created:  24.09.2014 10:13

Modified: 22.05.2014 19:53

Company:  Simply Super Software

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

This Registry key appears to be empty

--------------------

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Value Name: [EPLTarget\P0000000000000000]

Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"]

C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE

239488 bytes

Created:  17.03.2012 16:14

Modified: 24.04.2011 23:01

Company:  SEIKO EPSON CORPORATION

--------------------

Value Name: [EPLTarget\P0000000000000001]

Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" /EF "HKCU"]

C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE

239488 bytes

Created:  17.03.2012 16:14

Modified: 24.04.2011 23:01

Company:  SEIKO EPSON CORPORATION

--------------------

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

This Registry key appears to be empty
 

************************************************************

10:29:13: Scanning ----- Windows 64-Bit Registry -----

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value Name: [AmIcoSinglun64]

Value Data: [C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe]

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

324096 bytes

Created:  11.08.2010 15:21

Modified: 11.08.2010 15:21

Company:  Alcor Micro Corp.

--------------------

Value Name: [ETDCtrl]

Value Data: [%ProgramFiles%\Elantech\ETDCtrl.exe]

C:\Program Files\Elantech\ETDCtrl.exe

2587944 bytes

Created:  13.12.2010 22:12

Modified: 13.12.2010 22:12

Company:  ELAN Microelectronics Corp.

--------------------

Value Name: [IgfxTray]

Value Data: ["C:\Windows\system32\igfxtray.exe"]

C:\Windows\System32\igfxtray.exe

171992 bytes

Created:  29.01.2014 23:02

Modified: 29.01.2014 23:02

Company:  Intel Corporation

--------------------

Value Name: [HotKeysCmds]

Value Data: ["C:\Windows\system32\hkcmd.exe"]

C:\Windows\System32\hkcmd.exe

399832 bytes

Created:  29.01.2014 23:02

Modified: 29.01.2014 23:02

Company:  Intel Corporation

--------------------

Value Name: [Persistence]

Value Data: ["C:\Windows\system32\igfxpers.exe"]

C:\Windows\System32\igfxpers.exe

442328 bytes

Created:  29.01.2014 23:02

Modified: 29.01.2014 23:02

Company:  Intel Corporation

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

This Registry key appears to be empty
 

************************************************************

10:29:16: Scanning -----SHELLEXECUTEHOOKS-----

ShellExecuteHooks key is empty
 

************************************************************

10:29:16: Scanning -----HIDDEN REGISTRY ENTRIES-----

Taskdir check completed

----------

No Hidden File-loading Registry Entries found

----------
 

************************************************************

10:29:16: Scanning -----ACTIVE SCREENSAVER-----

No active ScreenSaver found to scan.
 

************************************************************

10:29:16: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

Key:  {2D46B6DC-2207-486B-B523-A557E6D54B47}

Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]

----------
 

************************************************************

10:29:16: Scanning ----- SERVICEDLL REGISTRY KEYS -----
 

************************************************************

10:29:28: Scanning ----- SERVICES REGISTRY KEYS -----

Key:       03e661da

ImagePath: "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

c:\progra~3\winfil~1\WinFilterSvc.dll - [file not found to scan]

----------
 

************************************************************

10:29:56: Scanning -----VXD ENTRIES-----
 

************************************************************

10:29:56: Scanning ----- ContextMenuHandlers -----
 

************************************************************

10:29:56: Scanning ----- Folder\ColumnHandlers -----
 

************************************************************

10:29:56: Scanning ----- 64-Bit ContextMenuHandlers -----

Key:   Shell Extension for Malware scanning

CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}

Path:  C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll

C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll

2591824 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

----------
 

************************************************************

10:29:56: Scanning ----- 64-Bit Folder\ColumnHandlers -----
 

************************************************************

10:29:56: Scanning ----- Browser Helper Objects -----

Key: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

BHO: C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

96128 bytes

Created:  09.04.2014 15:12

Modified: 09.04.2014 15:12

Company:  McAfee, Inc.

----------

Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}

BHO: C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

562904 bytes

Created:  06.03.2013 08:37

Modified: 06.03.2013 08:37

Company:  Microsoft Corporation

----------
 

************************************************************

10:29:57: Scanning ----- 64-Bit Browser Helper Objects -----

Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}

BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

690392 bytes

Created:  06.03.2013 08:39

Modified: 06.03.2013 08:39

Company:  Microsoft Corporation

----------
 

************************************************************

10:29:58: Scanning ----- ShellServiceObjectDelayLoad Entries -----
 

************************************************************

10:29:58: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----
 

************************************************************

10:29:58: Scanning ----- ShellServiceObjects -----
 

************************************************************

10:30:10: Scanning ----- 64-Bit ShellServiceObjects -----
 

************************************************************

10:30:21: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

No SharedTaskScheduler entries found to scan
 

************************************************************

10:30:21: Scanning ----- IMAGEFILE DEBUGGERS -----

No "Debugger" entries found.
 

************************************************************

10:30:21: Scanning ----- APPINIT_DLLS -----

AppInitDLLs entry = [c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll]

File: c:\windows\syswow64\nvinit.dll

c:\windows\syswow64\nvinit.dll

201576 bytes

Created:  31.10.2011 20:47

Modified: 08.04.2013 13:32

Company:  NVIDIA Corporation

----------

File: C:\Windows\SysWOW64\nvinit.dll

C:\Windows\SysWOW64\nvinit.dll

201576 bytes

Created:  31.10.2011 20:47

Modified: 08.04.2013 13:32

Company:  NVIDIA Corporation

----------
 

************************************************************

10:30:22: Scanning ----- 64-Bit APPINIT_DLLS -----

AppInitDLLs entry = [C:\Windows\system32\nvinitx.dll]

File: C:\Windows\system32\nvinitx.dll

C:\Windows\System32\nvinitx.dll

245872 bytes

Created:  31.10.2011 20:47

Modified: 08.04.2013 13:32

Company:  NVIDIA Corporation

----------
 

************************************************************

10:30:22: Scanning ----- SECURITY PROVIDER DLLS -----
 

************************************************************

10:30:22: Scanning ----- CREDENTIAL PROVIDERS -----
 

************************************************************

10:30:27: Scanning ------ COMMON STARTUP GROUP ------

[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]

The Common Startup Group attempts to load the following file(s) at boot time:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-HS- 174 bytes

Created:  14.07.2009 06:54

Modified: 14.07.2009 06:54

Company:  [no info]

--------------------

McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE

C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE

332016 bytes

Created:  09.04.2014 15:14

Modified: 09.04.2014 15:14

Company:  McAfee, Inc.

--------------------
 

************************************************************

10:30:28: Scanning ----- USER STARTUP GROUPS -----

Checking Startup Group for: Lena

[C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]

C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-HS- 174 bytes

Created:  31.10.2011 20:00

Modified: 25.08.2014 20:08

Company:  [no info]

----------

OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE

C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE

228552 bytes

Created:  25.06.2013 21:48

Modified: 25.06.2013 21:48

Company:  Microsoft Corporation

----------

--------------------
 

************************************************************

10:30:29: Scanning ----- SCHEDULED TASKS -----

Taskname:      Adobe Flash Player Updater

File:          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

267440 bytes

Created:  03.10.2012 10:37

Modified: 21.09.2014 14:40

Company:  Adobe Systems Incorporated

Schedule:      At 01:43:00 every day

Next Run Time: 24.09.2014 10:43:00

Status:        Ready

Creator:       Adobe Systems Incorporated

Comments:      Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.

----------

Taskname:      ATKOSD2

File:          C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

5732992 bytes

Created:  17.08.2010 15:55

Modified: 17.08.2010 15:55

Company:  ASUS

Schedule:      At logon

Next Run Time: 

Status:        Running

Creator:       SSD, ASUSTek

Comments:      

----------
 

************************************************************

10:30:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
 

************************************************************

10:30:31: Scanning ----- DEVICE DRIVER ENTRIES -----

Value: msacm.l3acm

File:  C:\Windows\SysWOW64\l3codeca.acm

C:\Windows\SysWOW64\l3codeca.acm

64000 bytes

Created:  14.07.2009 02:07

Modified: 14.07.2009 03:14

Company:  Fraunhofer Institut Integrierte Schaltungen IIS

----------
 

************************************************************

10:30:32: ----- ADDITIONAL CHECKS -----

Heuristic checks for hidden files/drivers completed

----------

Layered Service Provider entries checks completed

----------

Windows Explorer Policies checks completed

----------

Desktop Wallpaper: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

642987 bytes

Created:  31.10.2011 20:00

Modified: 31.10.2011 20:00

Company:  [no info]

----------

Web Desktop Wallpaper entry is blank

----------

Checks for rogue DNS NameServers completed

----------

Checks for Backdoor.ZeroAccess completed

----------

Safe Mode checks completed

----------

Additional checks completed
 

************************************************************

10:30:33: Scanning ----- RUNNING PROCESSES -----
 

C:\Windows\System32\smss.exe

112640 bytes

Created:  15.09.2013 19:14

Modified: 02.08.2013 02:59

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\csrss.exe

7680 bytes

Created:  14.07.2009 01:19

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\wininit.exe

129024 bytes

Created:  14.07.2009 01:52

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\services.exe

328704 bytes

Created:  14.07.2009 01:19

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\winlogon.exe

455168 bytes

Created:  23.05.2014 21:50

Modified: 04.03.2014 11:43

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\lsass.exe

31232 bytes

Created:  23.05.2014 21:50

Modified: 12.04.2014 04:19

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\lsm.exe

343040 bytes

Created:  02.11.2011 20:41

Modified: 20.11.2010 15:24

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\svchost.exe

27136 bytes

Created:  14.07.2009 01:31

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\nvvsvc.exe

884512 bytes

Created:  28.01.2011 18:34

Modified: 14.03.2013 08:28

Company:  NVIDIA Corporation

--------------------

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1134880 bytes

Created:  28.01.2011 18:33

Modified: 14.03.2013 08:29

Company:  NVIDIA Corporation

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

84536 bytes

Created:  15.06.2009 18:30

Modified: 15.06.2009 18:30

Company:  ASUS

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

96896 bytes

Created:  15.12.2009 11:39

Modified: 15.12.2009 11:39

Company:  ASUS

--------------------

C:\Windows\System32\spoolsv.exe

559104 bytes

Created:  15.08.2012 11:53

Modified: 11.02.2012 08:36

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\dwm.exe

120320 bytes

Created:  14.07.2009 01:37

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

430160 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

--------------------

C:\Windows\System32\taskhost.exe

68608 bytes

Created:  13.01.2013 12:25

Modified: 23.11.2012 05:13

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE

239488 bytes

Created:  17.03.2012 16:14

Modified: 24.04.2011 23:01

Company:  SEIKO EPSON CORPORATION

--------------------

C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

332016 bytes

Created:  09.04.2014 15:14

Modified: 09.04.2014 15:14

Company:  McAfee, Inc.

--------------------

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

2450208 bytes

Created:  28.01.2011 18:34

Modified: 14.03.2013 08:29

Company:  NVIDIA Corporation

--------------------

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

228552 bytes

Created:  25.06.2013 21:48

Modified: 25.06.2013 21:48

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

166528 bytes

Created:  25.01.2011 12:32

Modified: 25.01.2011 12:32

Company:  ASUS

--------------------

C:\Windows\System32\taskeng.exe

464384 bytes

Created:  02.11.2011 20:42

Modified: 20.11.2010 15:25

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

430160 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

--------------------

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

136576 bytes

Created:  17.03.2012 16:15

Modified: 24.04.2011 23:00

Company:  SEIKO EPSON CORPORATION

--------------------

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

1809720 bytes

Created:  23.09.2014 22:53

Modified: 12.05.2014 07:24

Company:  Malwarebytes Corporation

--------------------

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

860472 bytes

Created:  23.09.2014 22:53

Modified: 12.05.2014 07:24

Company:  Malwarebytes Corporation

--------------------

C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

161016 bytes

Created:  17.09.2014 13:31

Modified: 17.09.2014 13:31

Company:  Avira Operations GmbH & Co. KG

--------------------

C:\Windows\System32\wbem\WmiPrvSE.exe

372736 bytes

Created:  02.11.2011 20:42

Modified: 20.11.2010 15:25

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

6970168 bytes

Created:  23.09.2014 22:53

Modified: 12.05.2014 07:24

Company:  Malwarebytes Corporation

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

2488888 bytes

Created:  19.06.2009 11:29

Modified: 19.06.2009 11:29

Company:  ASUS

--------------------

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

174648 bytes

Created:  22.12.2008 18:15

Modified: 22.12.2008 18:15

Company:  ASUS

--------------------

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

624432 bytes

Created:  23.09.2014 23:33

Modified: 15.08.2014 10:30

Company:  Avira Operations GmbH & Co. KG

--------------------

C:\Windows\System32\SearchIndexer.exe

591872 bytes

Created:  31.10.2011 21:06

Modified: 04.05.2011 07:19

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

1260320 bytes

Created:  24.09.2014 00:02

Modified: 08.04.2013 13:32

Company:  NVIDIA Corporation

--------------------

C:\Program Files\Windows Media Player\wmpnetwk.exe

1525248 bytes

Created:  02.11.2011 20:42

Modified: 20.11.2010 15:25

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\SearchProtocolHost.exe

249856 bytes

Created:  31.10.2011 21:06

Modified: 04.05.2011 07:19

Company:  Microsoft Corporation

--------------------

C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe

FileSize:          5468008

[This is a Trojan Remover component]

--------------------

--------------------

C:\Program Files\Windows Defender\MpCmdRun.exe

190976 bytes

Created:  14.07.2009 01:53

Modified: 14.07.2009 03:39

Company:  Microsoft Corporation

--------------------

C:\Windows\System32\SearchFilterHost.exe

113664 bytes

Created:  31.10.2011 21:06

Modified: 04.05.2011 07:19

Company:  Microsoft Corporation

--------------------
 

************************************************************

10:30:50: Checking HOSTS file

No malicious entries were found in the HOSTS file
 

************************************************************

10:30:50: Checking ----- ROGUE BROWSER MODIFICATIONS -----
 

************************************************************

------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------

HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":

hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":

about:blank

HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
 

************************************************************

=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===

Scan completed at: 10:30:50 24 Sep 2014

Total Scan time: 00:01:45

************************************************************
 
 

***** WINDOWS HOSTS FILE RESET *****

Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com

[Unregistered version]

Scan started at: 10:28:43 24 Sep 2014

Using Database v8496

Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]

File System:       NTFS

UAC is ENABLED [default level]

UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\

Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\

Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\

Program directory:  C:\Program Files (x86)\Trojan Remover\

Running with Administrator privileges
 

************************************************************

The original HOSTS file has been backed up to C:\Windows\system32\Drivers\etc\hosts.trb

The HOSTS file has been reset to the default supplied by Microsoft

************************************************************
 
 

***** WINDOWS EXPLORER POLICIES RESET *****

Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com

[Unregistered version]

Scan started at: 10:28:28 24 Sep 2014

Using Database v8496

Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]

File System:       NTFS

UAC is ENABLED [default level]

UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\

Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\

Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\

Program directory:  C:\Program Files (x86)\Trojan Remover\

Running with Administrator privileges
 

************************************************************

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

 - no action required on this key as it does not exist

----------

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum

 - no action required on this key as it does not exist

Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}

 - no action required: value either does not exist or is set to False

Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}

 - no action required: value either does not exist or is set to False

----------

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

 - no action required on this key as it does not exist

----------

Checking Values in:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

 - no values to check [key does not exist]

----------

Checking Values in:

HKCU\Control Panel\Desktop

Value: WallpaperOriginX - value has been removed

Value: WallpaperOriginY - value has been removed

----------

Checking HKCU ActiveDesktop Policies:

----------

Checking HKCU Add/Remove Programs Policies:

----------

Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

 - no action required on this key as it does not exist

----------

Checking Values in:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value: DisallowRun            - value does not exist, no action required

Value: NoActiveDesktopChanges - value has been removed

Value: NoActiveDesktop        - value has been removed

Value: NoFileMenu             - value does not exist, no action required

Value: NoClose                - value does not exist, no action required

Value: NoDesktop              - value does not exist, no action required

Value: NoDrives               - value does not exist, no action required

Value: NoFind                 - value does not exist, no action required

Value: NoFolderOptions        - value does not exist, no action required

Value: NoRun                  - value does not exist, no action required

Value: NoFavoritesMenu        - value does not exist, no action required

Value: NoSetFolders           - value does not exist, no action required

Value: NoControlPanel         - value does not exist, no action required

Value: ForceActiveDesktopOn   - value has been removed

----------

Checking HKLM ActiveDesktop Policies:

Value: NoComponents                   - value has been removed

Value: NoAddingComponents             - value has been removed

----------

Checking HKLM Add/Remove Programs Policies:

----------

************************************************************
 
 

***** LAYERED SERVICE PROVIDER CHECKS *****

Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com

[Unregistered version]

Scan started at: 10:28:19 24 Sep 2014

Using Database v8496

Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]

File System:       NTFS

UAC is ENABLED [default level]

UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\

Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\

Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\

Program directory:  C:\Program Files (x86)\Trojan Remover\

Running with Administrator privileges
 

************************************************************

No errors were located in the Layered Service Provider Registry entries.

No action was taken.

************************************************************
 
 

***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****

Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com

[Unregistered version]

Scan started at: 10:27:57 24 Sep 2014

Using Database v8496

Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]

File System:       NTFS

UAC is ENABLED [default level]

UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\

Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\

Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\

Program directory:  C:\Program Files (x86)\Trojan Remover\

Running with Administrator privileges
 

************************************************************

Existing Home/Start/Search Page settings are as follows:

HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":

hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":

C:\Windows\SysWOW64\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":

hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":

hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":

hxxp://www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":

www.bing.com

HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":

C:\Windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":

hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":

hxxp://www.google.com

These settings will now be reset to their defaults:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoBandCustomize" policy reset to default

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset

HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset

HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset

HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"www" has been reset

HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"ftp" has been reset

HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"gopher" has been reset

HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"home" has been reset

HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"mosaic" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window_Placement" has been reset

--------------------

************************************************************

aswMBR

Code:

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software

Run date: 2014-09-23 22:24:43

-----------------------------

22:24:43.304    OS Version: Windows x64 6.1.7601 Service Pack 1

22:24:43.304    Number of processors: 4 586 0x2A07

22:24:43.304    ComputerName: LENA-PC  UserName: Lena

22:24:45.098    Initialize success

22:24:45.160    VM: initialized successfully

22:24:45.207    VM: Intel CPU supported 

22:24:50.444    VM: supported disk I/O ataport.SYS

22:25:07.234    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

22:25:07.249    Disk 0 Vendor: ST9500325AS 0003SDM1 Size: 476940MB BusType: 11

22:25:07.405    VM: Disk 0 MBR read successfully

22:25:07.405    Disk 0 MBR scan

22:25:07.405    Disk 0 Windows 7 default MBR code

22:25:07.436    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

22:25:07.452    Disk 0 default boot code

22:25:07.468    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848

22:25:07.577    Disk 0 scanning C:\Windows\system32\drivers

22:25:15.704    Service scanning

22:25:35.064    Modules scanning

22:25:35.594    Disk 0 trace - called modules:

22:25:35.672    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

22:25:35.672    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800511f060]

22:25:35.688    3 CLASSPNP.SYS[fffff880015cb43f] -> nt!IofCallDriver -> [0xfffffa8004ad7520]

22:25:35.704    5 ACPI.sys[fffff88000ef27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ad6680]

22:25:35.719    Scan finished successfully

22:26:24.157    Disk 0 MBR has been saved successfully to "C:\Users\Lena\Documents\MBR.dat"

22:26:24.282    The log file has been saved successfully to "C:\Users\Lena\Documents\aswMBR.txt"

Ich hoffe, ich habe jetzt nichts falsch gemacht. Bitte um Nachsicht!

Viele Grüße

phoenixaz

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo Schrauber,

vielen Dank für Deine Hilfe.

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014

Ran by Lena (administrator) on LENA-PC on 25-09-2014 14:11:40

Running from C:\Users\Lena\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0

HKLM\...\Policies\Explorer: [NoBandCustomize] 0

HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\MountPoints2: D - D:\OblivionLauncher.exe

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)

AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0A474F7721CCCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKCU - DC1792B2ADDD4F7A92C675CACEB4CFD2 URL = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQSNRS2wn&i=26

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF SearchPlugin: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\searchplugins\avira-safesearch.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Avira SafeSearch - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\safesearch@avira.com [2014-09-23]

FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-14]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\achpabhngjadedgleiffefjcnkdlnlmn [2013-05-02]

CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpmkmcdokoghnccphoipjgdcommiomah [2014-01-01]

CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfgjeakafobopncbiopgikmdmgcpkdm [2013-05-02]

CHR Extension: (Facebook Platinum) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld [2014-09-12]

CHR Extension: (FindBiestDeAL) - C:\ProgramData\akllocijhjckflgnalkmmbelgejbmbcm\ [2014-09-12]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-25] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-25 14:11 - 2014-09-25 14:12 - 00014418 _____ () C:\Users\Lena\Downloads\FRST.txt

2014-09-25 14:11 - 2014-09-25 14:11 - 00000000 ____D () C:\FRST

2014-09-25 14:09 - 2014-09-25 14:09 - 02106880 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe

2014-09-24 12:57 - 2014-09-25 13:37 - 00000112 _____ () C:\Windows\setupact.log

2014-09-24 12:57 - 2014-09-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-24 11:55 - 2014-09-24 11:55 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe

2014-09-24 11:52 - 2014-09-24 11:52 - 00002200 _____ () C:\Users\Lena\Documents\cc_20140924_115232.reg

2014-09-24 10:28 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.trb

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Simply Super Software

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\ProgramData\Simply Super Software

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover

2014-09-24 09:56 - 2014-09-24 09:58 - 21657592 _____ (Simply Super Software ) C:\Users\Lena\Downloads\trjsetup691.exe

2014-09-24 00:37 - 2014-09-24 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-24 00:35 - 2014-09-24 00:35 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe

2014-09-24 00:24 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-09-24 00:24 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-09-24 00:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-09-24 00:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-09-24 00:17 - 2014-09-24 00:22 - 319671744 _____ (NVIDIA Corporation) C:\Users\Lena\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe

2014-09-23 23:54 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2014-09-23 23:54 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-09-23 23:54 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-09-23 23:54 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2014-09-23 23:54 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2014-09-23 23:54 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-09-23 23:54 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2014-09-23 23:54 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2014-09-23 23:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2014-09-23 23:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2014-09-23 23:54 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2014-09-23 23:54 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2014-09-23 23:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-09-23 23:54 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-09-23 23:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-09-23 23:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-09-23 23:52 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2014-09-23 23:52 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2014-09-23 23:52 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2014-09-23 23:52 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2014-09-23 23:51 - 2014-09-23 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-09-23 23:46 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-09-23 23:46 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-09-23 23:45 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-09-23 23:45 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-23 23:43 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-23 23:43 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-23 23:40 - 2014-09-23 23:40 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Avira

2014-09-23 23:37 - 2014-09-23 23:36 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-09-23 23:33 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-09-23 23:33 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-09-23 23:33 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-09-23 22:54 - 2014-09-25 13:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-23 22:54 - 2014-09-23 22:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-23 22:54 - 2014-09-23 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-23 22:53 - 2014-09-23 22:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-23 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-23 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-23 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-23 22:48 - 2014-09-23 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\ProgramData\Avira

2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-09-23 22:48 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-23 22:47 - 2014-09-23 22:47 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lena\Downloads\avira_de_av___ws.exe

2014-09-23 22:42 - 2014-09-23 22:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-23 22:27 - 2014-09-23 22:29 - 00000000 ____D () C:\AdwCleaner

2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\Users\Lena\Documents\Simply Super Software

2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-23 22:26 - 2014-09-23 22:26 - 00001812 _____ () C:\Users\Lena\Documents\aswMBR.txt

2014-09-23 22:26 - 2014-09-23 22:26 - 00000512 _____ () C:\Users\Lena\Documents\MBR.dat

2014-09-23 22:22 - 2014-09-23 22:22 - 00157069 _____ () C:\Users\Lena\Documents\Stingerlog.xps

2014-09-23 19:49 - 2014-09-23 22:22 - 00000000 ____D () C:\Program Files\stinger

2014-09-21 14:59 - 2014-09-21 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-12 19:34 - 2014-09-12 19:34 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\FUJIFILM

2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Users\Lena\AppData\Local\Packages

2014-09-10 23:05 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 23:05 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 23:05 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 23:05 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 23:05 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 23:05 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 23:05 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 23:05 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 23:05 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 23:05 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 23:05 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 23:05 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 23:05 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 23:05 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 23:05 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 23:05 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 23:05 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 23:05 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 23:05 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 23:05 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 23:05 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 23:05 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 23:05 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 23:05 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 23:05 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 23:05 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 23:05 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 23:05 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 23:05 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 23:05 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 23:05 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 23:05 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 23:05 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 23:05 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 23:05 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 23:05 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 23:05 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 23:05 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 23:05 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 23:05 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 23:05 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 23:05 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 23:05 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 23:05 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 23:05 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 23:05 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 23:05 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 23:05 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 23:05 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 23:05 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 23:05 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 23:05 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 23:05 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 23:05 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 23:05 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 23:05 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 22:54 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 22:54 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 16:29 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 16:29 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 16:28 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-10 16:28 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-10 16:28 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 16:28 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 16:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 16:28 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 16:28 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 16:28 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 16:28 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-08-28 15:10 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 15:10 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 15:10 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-25 14:12 - 2014-09-25 14:11 - 00014418 _____ () C:\Users\Lena\Downloads\FRST.txt

2014-09-25 14:11 - 2014-09-25 14:11 - 00000000 ____D () C:\FRST

2014-09-25 14:11 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2014-09-25 14:11 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2014-09-25 14:11 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-25 14:09 - 2014-09-25 14:09 - 02106880 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe

2014-09-25 13:47 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-25 13:47 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-25 13:45 - 2014-03-05 13:58 - 01885194 _____ () C:\Windows\WindowsUpdate.log

2014-09-25 13:43 - 2012-10-03 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-25 13:41 - 2014-09-23 22:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-25 13:37 - 2014-09-24 12:57 - 00000112 _____ () C:\Windows\setupact.log

2014-09-25 13:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-25 07:54 - 2013-05-02 16:39 - 00000000 ____D () C:\ProgramData\TEMP

2014-09-24 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-24 12:57 - 2014-09-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-24 11:55 - 2014-09-24 11:55 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe

2014-09-24 11:52 - 2014-09-24 11:52 - 00002200 _____ () C:\Users\Lena\Documents\cc_20140924_115232.reg

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Simply Super Software

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\ProgramData\Simply Super Software

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover

2014-09-24 09:58 - 2014-09-24 09:56 - 21657592 _____ (Simply Super Software ) C:\Users\Lena\Downloads\trjsetup691.exe

2014-09-24 07:11 - 2011-11-01 10:03 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-09-24 03:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-24 00:37 - 2014-09-24 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-24 00:35 - 2014-09-24 00:35 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe

2014-09-24 00:29 - 2009-07-14 06:45 - 00341792 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-24 00:22 - 2014-09-24 00:17 - 319671744 _____ (NVIDIA Corporation) C:\Users\Lena\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe

2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\SysWOW64\NV

2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\system32\NV

2014-09-24 00:10 - 2011-10-31 20:48 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-24 00:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-09-24 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-09-23 23:57 - 2011-10-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Intel

2014-09-23 23:51 - 2014-09-23 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-09-23 23:48 - 2011-10-31 21:19 - 00009872 _____ () C:\Windows\system32\RaCoInst.log

2014-09-23 23:40 - 2014-09-23 23:40 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Avira

2014-09-23 23:36 - 2014-09-23 23:37 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-09-23 23:34 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-09-23 23:33 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Avira

2014-09-23 23:33 - 2014-09-23 22:48 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-09-23 23:27 - 2014-01-05 11:33 - 00000000 ____D () C:\Windows\Downloaded Installations

2014-09-23 22:54 - 2014-09-23 22:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-23 22:54 - 2014-09-23 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-23 22:54 - 2014-09-23 22:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-23 22:53 - 2014-01-25 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-23 22:49 - 2014-09-23 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-23 22:48 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-23 22:47 - 2014-09-23 22:47 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lena\Downloads\avira_de_av___ws.exe

2014-09-23 22:29 - 2014-09-23 22:27 - 00000000 ____D () C:\AdwCleaner

2014-09-23 22:29 - 2011-10-31 20:54 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\Users\Lena\Documents\Simply Super Software

2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-23 22:26 - 2014-09-23 22:26 - 00001812 _____ () C:\Users\Lena\Documents\aswMBR.txt

2014-09-23 22:26 - 2014-09-23 22:26 - 00000512 _____ () C:\Users\Lena\Documents\MBR.dat

2014-09-23 22:22 - 2014-09-23 22:22 - 00157069 _____ () C:\Users\Lena\Documents\Stingerlog.xps

2014-09-23 22:22 - 2014-09-23 19:49 - 00000000 ____D () C:\Program Files\stinger

2014-09-23 20:21 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\akllocijhjckflgnalkmmbelgejbmbcm

2014-09-22 15:46 - 2013-03-01 15:23 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Skype

2014-09-21 16:26 - 2011-10-31 20:00 - 00000000 ____D () C:\Users\Lena

2014-09-21 16:05 - 2012-05-25 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-21 15:00 - 2014-09-21 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-21 14:40 - 2012-10-03 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-21 14:40 - 2012-10-03 10:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-21 14:40 - 2011-12-31 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-15 09:06 - 2011-10-31 20:53 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-14 17:33 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\ce4c029df8982a8f

2014-09-12 19:34 - 2014-09-12 19:34 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\FUJIFILM

2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Users\Lena\AppData\Local\Packages

2014-09-10 23:04 - 2012-09-03 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 23:03 - 2011-11-01 10:02 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 23:00 - 2013-07-30 18:56 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 22:54 - 2014-05-31 21:09 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-09-10 22:54 - 2012-02-22 18:06 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-10 00:11 - 2014-09-23 23:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-09 23:47 - 2014-09-23 23:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-05 04:10 - 2014-09-10 16:28 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-05 04:05 - 2014-09-10 16:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-01 21:57 - 2014-07-10 13:59 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-01 21:57 - 2013-03-01 15:23 - 00000000 ____D () C:\ProgramData\Skype

2014-08-28 15:01 - 2013-08-14 16:32 - 00000000 ____D () C:\Users\Lena\Documents\Neuer Ordner (4)
 

Some content of TEMP:

====================

C:\Users\Lena\AppData\Local\Temp\avgnt.exe

C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-24 03:00
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014

Ran by Lena at 2014-09-25 14:13:06

Running from C:\Users\Lena\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)

Avira (HKLM-x32\...\{149bb302-ebda-47ae-b3e6-297cf4c356dc}) (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)

CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)

EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)

Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)

Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)

FUJIFILM MyFinePix Studio 3.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Mozilla Thunderbird (7.0.1) (HKLM-x32\...\Mozilla Thunderbird (7.0.1)) (Version: 7.0.1 (de) - Mozilla)

NVIDIA Grafiktreiber 311.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.44 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 311.44 (Version: 311.44 - NVIDIA Corporation) Hidden

NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)

RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)

RAW FILE CONVERTER EX powered by SILKYPIX (HKLM-x32\...\InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}) (Version: 3 - Ichikawa Soft Laboratory)

RAW FILE CONVERTER EX powered by SILKYPIX (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)

Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

06-09-2014 18:14:00 Windows Update

10-09-2014 14:29:29 Windows Update

10-09-2014 20:52:50 Windows Update

16-09-2014 17:44:18 Windows Update

21-09-2014 12:51:08 Windows Update

23-09-2014 21:46:27 Windows Update

23-09-2014 22:24:23 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2014-09-24 10:28 - 00000975 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1            localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {2D4B9AB9-E80F-45C1-BE89-B1978FB4EE0C} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {46CC7F1F-4AB5-4AB1-A0E0-9D2004BEB72C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-21] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-09-24 00:01 - 2013-03-14 08:28 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2011-10-31 20:29 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-09-17 13:31 - 2014-09-17 13:31 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll

2014-09-23 23:35 - 2014-09-17 13:31 - 00052472 _____ () C:\Users\Lena\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

2014-09-17 13:30 - 2014-09-17 13:30 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData:gs5sys

AlternateDataStreams: C:\Users\All Users:gs5sys

AlternateDataStreams: C:\Users\Lena:gs5sys

AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys

AlternateDataStreams: C:\ProgramData\Application Data:gs5sys

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

AlternateDataStreams: C:\Users\Lena\Anwendungsdaten:gs5sys

AlternateDataStreams: C:\Users\Lena\Cookies:gs5sys

AlternateDataStreams: C:\Users\Lena\Lokale Einstellungen:gs5sys

AlternateDataStreams: C:\Users\Lena\Vorlagen:gs5sys

AlternateDataStreams: C:\Users\Lena\Desktop\desktop.ini:gs5sys

AlternateDataStreams: C:\Users\Lena\AppData\Local:gs5sys

AlternateDataStreams: C:\Users\Lena\AppData\Roaming:gs5sys

AlternateDataStreams: C:\Users\Lena\AppData\Local\Anwendungsdaten:gs5sys

AlternateDataStreams: C:\Users\Lena\AppData\Local\Verlauf:gs5sys

AlternateDataStreams: C:\Users\Lena\Documents\desktop.ini:gs5sys

AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: 70e6ca8c => 2

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: EPLTarget => 

MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Lena\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: TrojanScanner => C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
 

==================== Faulty Device Manager Devices =============
 

Name: 802.11n Wireless LAN Card

Description: 802.11n Wireless LAN Card

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Ralink Technology, Corp.

Service: netr28x

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (09/25/2014 05:35:10 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: Der Index kann nicht initialisiert werden.
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Die Anwendung kann nicht initialisiert werden.
 

Kontext: Windows Anwendung
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 

Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
 

Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
 

Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
 

Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 7040) (User: )

Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 9000) (User: )

Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
 
 

Details:

        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))
 
 

System errors:

=============

Error: (09/25/2014 01:39:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.
 

Error: (09/25/2014 01:38:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.
 

Error: (09/24/2014 01:00:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (09/24/2014 01:00:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
 

Error: (09/24/2014 00:58:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.
 

Error: (09/24/2014 08:11:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.
 

Error: (09/24/2014 00:31:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.
 

Error: (09/24/2014 00:30:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.
 

Error: (09/24/2014 00:09:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.
 

Error: (09/24/2014 00:07:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.
 
 

Microsoft Office Sessions:

=========================

Error: (09/25/2014 05:35:10 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Kontext: Windows Anwendung
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Search.TripoliIndexer
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Search.JetPropStore
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description: 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

The catalog is corrupt
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 7040) (User: )

Description: 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

4700
 

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 9000) (User: )

Description: 

Details:

        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz

Percentage of memory in use: 34%

Total physical RAM: 4008.14 MB

Available physical RAM: 2619.04 MB

Total Pagefile: 8014.47 MB

Available Pagefile: 6217.04 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:465.66 GB) (Free:375.29 GB) NTFS

Drive e: () (Fixed) (Total:29.8 GB) (Free:14.88 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 19871CA2)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 29.8 GB) (Disk ID: C1D699A9)

Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)
 

==================== End Of Log ============================

Gruß!

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hi,

das Erstellen der Textdatei hat aber lange gedauert!

Code:

ComboFix 14-09-24.01 - Lena 26.09.2014  11:05:56.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4008.2695 [GMT 2:00]

ausgeführt von:: c:\users\Lena\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld

c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\background.html

c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\content.js

c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\lsdb.js

c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\manifest.json

c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\okmw3qwh6u.js

c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\preferences

c:\users\Lena\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

c:\users\Lena\Documents\~WRL2279.tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-08-26 bis 2014-09-26  ))))))))))))))))))))))))))))))

.

.

2014-09-26 09:19 . 2014-09-26 09:26        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2014-09-26 08:56 . 2014-09-15 00:08        11578928        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AEE5AA7-C913-41BC-9AFE-85E88A274900}\mpengine.dll

2014-09-25 12:11 . 2014-09-25 12:13        --------        d-----w-        C:\FRST

2014-09-24 08:13 . 2014-09-26 08:53        --------        d-----w-        c:\program files (x86)\Trojan Remover

2014-09-23 22:37 . 2014-09-23 22:37        --------        d-----w-        c:\program files (x86)\ESET

2014-09-23 22:24 . 2014-01-09 02:22        5694464        ----a-w-        c:\windows\SysWow64\mstscax.dll

2014-09-23 22:24 . 2014-01-03 22:44        6574592        ----a-w-        c:\windows\system32\mstscax.dll

2014-09-23 22:24 . 2014-05-08 09:32        16384        ----a-w-        c:\windows\system32\RdpGroupPolicyExtension.dll

2014-09-23 22:24 . 2014-05-08 09:32        3178496        ----a-w-        c:\windows\system32\rdpcorets.dll

2014-09-23 21:52 . 2012-08-23 14:10        19456        ----a-w-        c:\windows\system32\drivers\rdpvideominiport.sys

2014-09-23 21:52 . 2012-08-23 11:12        192000        ----a-w-        c:\windows\SysWow64\rdpendp_winip.dll

2014-09-23 21:52 . 2012-08-23 14:13        243200        ----a-w-        c:\windows\system32\rdpudd.dll

2014-09-23 21:52 . 2012-08-23 10:51        228864        ----a-w-        c:\windows\system32\rdpendp_winip.dll

2014-09-23 21:48 . 2014-09-23 21:48        --------        d-----w-        c:\program files\Microsoft Silverlight

2014-09-23 21:48 . 2014-09-23 21:48        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight

2014-09-23 21:45 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDYAK.DLL

2014-09-23 21:45 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDTAT.DLL

2014-09-23 21:45 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDRU1.DLL

2014-09-23 21:45 . 2014-07-09 02:03        6656        ----a-w-        c:\windows\system32\KBDRU.DLL

2014-09-23 21:45 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDBASH.DLL

2014-09-23 21:45 . 2014-07-09 01:31        7168        ----a-w-        c:\windows\SysWow64\KBDYAK.DLL

2014-09-23 21:45 . 2014-07-09 01:31        6656        ----a-w-        c:\windows\SysWow64\KBDBASH.DLL

2014-09-23 21:45 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll

2014-09-23 21:45 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll

2014-09-23 21:43 . 2014-09-09 22:11        2048        ----a-w-        c:\windows\system32\tzres.dll

2014-09-23 21:43 . 2014-09-09 21:47        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2014-09-23 21:40 . 2014-09-23 21:40        --------        d-----w-        c:\users\Lena\AppData\Roaming\Avira

2014-09-23 21:37 . 2014-09-23 21:36        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2014-09-23 21:33 . 2014-08-15 08:30        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2014-09-23 21:33 . 2014-08-15 08:30        130584        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2014-09-23 21:33 . 2014-08-15 08:30        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2014-09-23 20:54 . 2014-09-26 09:24        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-09-23 20:53 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-09-23 20:53 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-09-23 20:53 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-09-23 20:53 . 2014-09-23 20:54        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-09-23 20:48 . 2014-09-23 21:33        --------        d-----w-        c:\program files (x86)\Avira

2014-09-23 20:48 . 2014-09-23 21:33        --------        d-----w-        c:\programdata\Avira

2014-09-23 20:48 . 2014-09-23 20:48        --------        d-----w-        c:\programdata\Package Cache

2014-09-23 20:27 . 2014-09-23 20:29        --------        d-----w-        C:\AdwCleaner

2014-09-23 20:27 . 2014-09-23 20:27        --------        d-----w-        c:\programdata\Licenses

2014-09-23 17:49 . 2014-09-23 20:22        --------        d-----w-        c:\program files\stinger

2014-09-12 17:34 . 2014-09-12 17:34        --------        d-----w-        c:\users\Lena\AppData\Roaming\FUJIFILM

2014-09-12 17:19 . 2014-09-12 17:19        --------        d-----w-        c:\users\Lena\AppData\Local\Packages

2014-09-10 20:54 . 2014-06-27 02:08        2777088        ----a-w-        c:\windows\system32\msmpeg2vdec.dll

2014-09-10 20:54 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll

2014-09-10 14:29 . 2014-08-01 11:53        1031168        ----a-w-        c:\windows\system32\TSWorkspace.dll

2014-09-10 14:29 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll

2014-09-10 14:28 . 2014-06-24 03:29        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll

2014-09-10 14:28 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\SysWow64\d3d10warp.dll

2014-09-10 14:28 . 2014-07-07 02:06        728064        ----a-w-        c:\windows\system32\kerberos.dll

2014-09-10 14:28 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll

2014-09-10 14:28 . 2014-07-07 02:06        1460736        ----a-w-        c:\windows\system32\lsasrv.dll

2014-09-10 14:28 . 2014-07-07 01:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2014-09-10 14:28 . 2014-07-07 01:39        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2014-09-10 14:28 . 2014-09-05 02:10        578048        ----a-w-        c:\windows\system32\aepdu.dll

2014-09-10 14:28 . 2014-09-05 02:05        424448        ----a-w-        c:\windows\system32\aeinv.dll

2014-09-01 19:57 . 2014-09-01 19:57        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2014-08-28 13:10 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys

2014-08-28 13:10 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll

2014-08-28 13:10 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-09-21 12:40 . 2012-10-03 08:37        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-09-21 12:40 . 2011-12-31 19:37        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-15 07:06 . 2011-10-31 18:53        278152        ------w-        c:\windows\system32\MpSigStub.exe

2014-09-10 20:54 . 2012-02-22 16:06        101694776        ----a-w-        c:\windows\system32\MRT.exe

2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll

2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll

2014-07-14 02:02 . 2014-08-25 13:41        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll

2014-07-14 01:40 . 2014-08-25 13:41        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll

2014-06-30 22:24 . 2014-08-25 13:38        8856        ----a-w-        c:\windows\system32\icardres.dll

2014-06-30 22:14 . 2014-08-25 13:38        8856        ----a-w-        c:\windows\SysWow64\icardres.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2011-04-24 239488]

"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2011-04-24 239488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-17 164656]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]

.

c:\users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll

.

R2 03e661da;WinFilter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]

S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2014-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 12:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]

"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

mStart Page = hxxp://www.google.com

IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-09-26  11:39:35 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-09-26 09:39

.

Vor Suchlauf: 12 Verzeichnis(se), 402.733.633.536 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 402.263.003.136 Bytes frei

.

- - End Of File - - F9FC834AAD22E26D1C66DB8C7106CD7B

A36C5E4F47E84449FF07ED3517B43A31

Als ich das Laptop heute für die nächsten Schritte hochgefahren habe, war alles noch langsamer. Das Öffnen eines Browsers dauerte eine Ewigkeit und Avira deaktivieren war ein Kraftakt. Sowas habe ich noch nie erlebt :wtf:

DANKE!!

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo,

hier das Gewünschte:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 26.09.2014

Suchlauf-Zeit: 17:48:23

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.09.26.06

Rootkit Datenbank: v2014.09.19.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Lena
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 362116

Verstrichene Zeit: 15 Min, 12 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 0

(No malicious items detected)
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Code:

# AdwCleaner v3.310 - Bericht erstellt am 26/09/2014 um 18:12:30

# Aktualisiert 12/09/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Lena - LENA-PC

# Gestartet von : C:\Users\Lena\Downloads\AdwCleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17280
 
 

-\\ Mozilla Firefox v32.0.2 (x86 de)
 

[ Datei : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\prefs.js ]
 
 

-\\ Google Chrome v
 

*************************
 

AdwCleaner[R0].txt - [9448 octets] - [23/09/2014 22:28:01]

AdwCleaner[R1].txt - [991 octets] - [26/09/2014 18:11:14]

AdwCleaner[S0].txt - [8422 octets] - [23/09/2014 22:29:22]

AdwCleaner[S1].txt - [913 octets] - [26/09/2014 18:12:30]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [972 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.2.2 (09.26.2014:2)

OS: Windows 7 Home Premium x64

Ran by Lena on 26.09.2014 at 19:34:11,16

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444904460}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904460}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444904460}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904460}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted: [File] C:\user.js

Successfully deleted the following from C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\v2bg45cj.default-1390676715652\prefs.js
 

user_pref("avira.safe_search.search_was_active", "false");

user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.6.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Lena\\\\A

user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"148a446f90c54-0b009149d108dc8-41534136-0-148a446f90d63\"");

user_pref("extensions.safesearch.SAUTH_expires_at", "1412110195");

user_pref("extensions.safesearch.SAUTH_rndsnr", "\"5bd48e1fd1bc80f051011e6bef792fde97056872\"");

user_pref("extensions.safesearch.SAUTH_userid", "4321486670");

user_pref("extensions.safesearch.SAUTH_utoken", "\"1ac1dc036e18323f339716c6ebc1784ed9e02def\"");

user_pref("extensions.safesearch.install", "1411505387803");

Emptied folder: C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\v2bg45cj.default-1390676715652\minidumps [55 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26.09.2014 at 19:37:19,28

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014

Ran by Lena (administrator) on LENA-PC on 26-09-2014 19:48:55

Running from C:\Users\Lena\Desktop

Loaded Profiles: Lena & UpdatusUser (Available profiles: Lena & UpdatusUser)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoBandCustomize] 0

HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)

AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0A474F7721CCCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DC1792B2ADDD4F7A92C675CACEB4CFD2 URL = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQSNRS2wn&i=26

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF SearchPlugin: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\searchplugins\avira-safesearch.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Avira SafeSearch - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\safesearch@avira.com [2014-09-23]

FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-14]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\achpabhngjadedgleiffefjcnkdlnlmn [2013-05-02]

CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpmkmcdokoghnccphoipjgdcommiomah [2014-01-01]

CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfgjeakafobopncbiopgikmdmgcpkdm [2013-05-02]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-26 19:48 - 2014-09-26 19:48 - 02108928 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe

2014-09-26 19:48 - 2014-09-26 19:48 - 00013787 _____ () C:\Users\Lena\Desktop\FRST.txt

2014-09-26 19:47 - 2014-09-26 19:47 - 00002297 _____ () C:\Users\Lena\Desktop\JRTaktuell.txt

2014-09-26 19:37 - 2014-09-26 19:37 - 00002297 _____ () C:\Users\Lena\Desktop\JRT.txt

2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Windows\ERUNT

2014-09-26 19:33 - 2014-09-26 19:33 - 01699118 _____ (Thisisu) C:\Users\Lena\Desktop\JRT.exe

2014-09-26 19:31 - 2014-09-26 19:31 - 01699118 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe

2014-09-26 19:29 - 2014-09-26 19:29 - 00001051 _____ () C:\Users\Lena\Desktop\AdwCleaner[S1].txt

2014-09-26 18:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-26 18:09 - 2014-09-26 18:09 - 01373475 _____ () C:\Users\Lena\Downloads\AdwCleaner.exe

2014-09-26 18:06 - 2014-09-26 18:06 - 00001154 _____ () C:\Users\Lena\Desktop\mbam.txt

2014-09-26 17:19 - 2014-09-26 17:24 - 00000026 _____ () C:\Users\Lena\Desktop\FreeMem.vbs

2014-09-26 11:45 - 2014-09-26 11:45 - 00016987 _____ () C:\Users\Lena\Documents\Combofix.txt

2014-09-26 11:39 - 2014-09-26 11:39 - 00016987 _____ () C:\ComboFix.txt

2014-09-26 11:20 - 2014-09-26 18:13 - 00001770 _____ () C:\Windows\PFRO.log

2014-09-26 10:59 - 2014-09-26 11:40 - 00000000 ____D () C:\Qoobox

2014-09-26 10:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-09-26 10:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-09-26 10:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-09-26 10:58 - 2014-09-26 11:34 - 00000000 ____D () C:\Windows\erdnt

2014-09-26 10:58 - 2014-09-26 10:58 - 00001142 _____ () C:\Users\Lena\Desktop\ComboFix.lnk

2014-09-26 10:56 - 2014-09-26 10:57 - 05580995 ____R (Swearware) C:\Users\Lena\Downloads\ComboFix.exe

2014-09-25 14:13 - 2014-09-25 14:13 - 00030191 _____ () C:\Users\Lena\Downloads\Addition.txt

2014-09-25 14:11 - 2014-09-26 19:48 - 00000000 ____D () C:\FRST

2014-09-25 14:11 - 2014-09-25 14:13 - 00041923 _____ () C:\Users\Lena\Downloads\FRST.txt

2014-09-25 14:09 - 2014-09-25 14:09 - 02106880 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe

2014-09-24 12:57 - 2014-09-26 18:13 - 00000448 _____ () C:\Windows\setupact.log

2014-09-24 12:57 - 2014-09-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-24 11:55 - 2014-09-24 11:55 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe

2014-09-24 11:52 - 2014-09-24 11:52 - 00002200 _____ () C:\Users\Lena\Documents\cc_20140924_115232.reg

2014-09-24 10:28 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.trb

2014-09-24 10:13 - 2014-09-26 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover

2014-09-24 09:56 - 2014-09-24 09:58 - 21657592 _____ (Simply Super Software ) C:\Users\Lena\Downloads\trjsetup691.exe

2014-09-24 00:37 - 2014-09-24 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-24 00:35 - 2014-09-24 00:35 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe

2014-09-24 00:24 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-09-24 00:24 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-09-24 00:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-09-24 00:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-09-24 00:17 - 2014-09-24 00:22 - 319671744 _____ (NVIDIA Corporation) C:\Users\Lena\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe

2014-09-23 23:54 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2014-09-23 23:54 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-09-23 23:54 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-09-23 23:54 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2014-09-23 23:54 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2014-09-23 23:54 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-09-23 23:54 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2014-09-23 23:54 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2014-09-23 23:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2014-09-23 23:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2014-09-23 23:54 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2014-09-23 23:54 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2014-09-23 23:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-09-23 23:54 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-09-23 23:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-09-23 23:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-09-23 23:52 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2014-09-23 23:52 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2014-09-23 23:52 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2014-09-23 23:52 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2014-09-23 23:51 - 2014-09-23 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-09-23 23:46 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-09-23 23:46 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-09-23 23:45 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-09-23 23:45 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-23 23:43 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-23 23:43 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-23 23:40 - 2014-09-23 23:40 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Avira

2014-09-23 23:37 - 2014-09-23 23:36 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-09-23 23:33 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-09-23 23:33 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-09-23 23:33 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-09-23 22:54 - 2014-09-26 19:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-23 22:54 - 2014-09-23 22:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-23 22:54 - 2014-09-23 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-23 22:53 - 2014-09-23 22:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-23 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-23 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-23 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-23 22:48 - 2014-09-23 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\ProgramData\Avira

2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-09-23 22:48 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-23 22:47 - 2014-09-23 22:47 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lena\Downloads\avira_de_av___ws.exe

2014-09-23 22:42 - 2014-09-23 22:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-23 22:27 - 2014-09-26 18:12 - 00000000 ____D () C:\AdwCleaner

2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-23 22:26 - 2014-09-23 22:26 - 00001812 _____ () C:\Users\Lena\Documents\aswMBR.txt

2014-09-23 22:26 - 2014-09-23 22:26 - 00000512 _____ () C:\Users\Lena\Documents\MBR.dat

2014-09-23 22:22 - 2014-09-23 22:22 - 00157069 _____ () C:\Users\Lena\Documents\Stingerlog.xps

2014-09-23 19:49 - 2014-09-23 22:22 - 00000000 ____D () C:\Program Files\stinger

2014-09-21 14:59 - 2014-09-21 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-12 19:34 - 2014-09-12 19:34 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\FUJIFILM

2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Users\Lena\AppData\Local\Packages

2014-09-10 23:05 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 23:05 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 23:05 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 23:05 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 23:05 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 23:05 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 23:05 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 23:05 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 23:05 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 23:05 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 23:05 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 23:05 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 23:05 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 23:05 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 23:05 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 23:05 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 23:05 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 23:05 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 23:05 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 23:05 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 23:05 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 23:05 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 23:05 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 23:05 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 23:05 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 23:05 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 23:05 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 23:05 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 23:05 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 23:05 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 23:05 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 23:05 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 23:05 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 23:05 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 23:05 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 23:05 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 23:05 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 23:05 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 23:05 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 23:05 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 23:05 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 23:05 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 23:05 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 23:05 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 23:05 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 23:05 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 23:05 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 23:05 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 23:05 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 23:05 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 23:05 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 23:05 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 23:05 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 23:05 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 23:05 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 23:05 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 22:54 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 22:54 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 16:29 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 16:29 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 16:28 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-10 16:28 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-10 16:28 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 16:28 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 16:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 16:28 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 16:28 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 16:28 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 16:28 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-08-28 15:10 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 15:10 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 15:10 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-26 19:43 - 2012-10-03 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-26 18:28 - 2014-03-05 13:58 - 01942569 _____ () C:\Windows\WindowsUpdate.log

2014-09-26 18:23 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-26 18:23 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-26 18:19 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2014-09-26 18:19 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2014-09-26 18:19 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-26 18:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-26 11:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-09-26 11:24 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-26 11:09 - 2013-05-02 16:39 - 00000000 ____D () C:\ProgramData\TEMP

2014-09-24 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-24 07:11 - 2011-11-01 10:03 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-09-24 03:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-24 00:29 - 2009-07-14 06:45 - 00341792 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\SysWOW64\NV

2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\system32\NV

2014-09-24 00:10 - 2011-10-31 20:48 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-24 00:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-09-24 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-09-23 23:57 - 2011-10-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Intel

2014-09-23 23:48 - 2011-10-31 21:19 - 00009872 _____ () C:\Windows\system32\RaCoInst.log

2014-09-23 23:27 - 2014-01-05 11:33 - 00000000 ____D () C:\Windows\Downloaded Installations

2014-09-23 22:53 - 2014-01-25 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-23 22:29 - 2011-10-31 20:54 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-23 20:21 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\akllocijhjckflgnalkmmbelgejbmbcm

2014-09-22 15:46 - 2013-03-01 15:23 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Skype

2014-09-21 16:26 - 2011-10-31 20:00 - 00000000 ____D () C:\Users\Lena

2014-09-21 16:05 - 2012-05-25 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-21 14:40 - 2012-10-03 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-21 14:40 - 2012-10-03 10:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-21 14:40 - 2011-12-31 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-15 09:06 - 2011-10-31 20:53 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-14 17:33 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\ce4c029df8982a8f

2014-09-10 23:04 - 2012-09-03 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 23:03 - 2011-11-01 10:02 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 23:00 - 2013-07-30 18:56 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 22:54 - 2014-05-31 21:09 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-09-10 22:54 - 2012-02-22 18:06 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-01 21:57 - 2014-07-10 13:59 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-01 21:57 - 2013-03-01 15:23 - 00000000 ____D () C:\ProgramData\Skype

2014-08-28 15:01 - 2013-08-14 16:32 - 00000000 ____D () C:\Users\Lena\Documents\Neuer Ordner (4)
 

Some content of TEMP:

====================

C:\Users\Lena\AppData\Local\Temp\avgnt.exe

C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-26 12:20
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hi,

wird erledigt. ESET wird aber über Nacht laufen. ESET und ich sind gute Freunde ;-)

Was meinst Du mit "noch Probleme"? Bezieht sich das auf das Ergebnis nach Deinen Anweisungen?

Melde mich mit den Logs zurück. Eine Frage noch zwischendurch: Meine Bekannte hatte schon öfter schwerwiegende Infektionen - die allerdings ihr Sohn "behandelt" hat. Kann es sein, dass sich z.B. ein Rootkit "eingefressen" hat und die Störungen verursacht? Trotz der bisherigen Rootkit Scans?

Danke und Gute Nacht!!

Hallo,

ESET

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=41b28b62529e1341a5de6da7dd975d78

# engine=20268

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-09-24 12:15:06

# local_time=2014-09-24 02:15:06 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 99 7771 3426303 0 0

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 1134837 105695316 0 0

# scanned=173771

# found=5

# cleaned=4

# scan_time=5748

sh=74E7D99D3B29F1E124EBDCA6BE0184E24619EC5E ft=1 fh=57c05034de303995 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NI51GLP8\update[1]"

sh=060EF6FD539D3E1902185F691DD3D902FA4311D4 ft=1 fh=c71c0011caae087f vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WinFilter\WinFilter_x64.dll.vir"

sh=509EDE077A6FB3A8F89302460BD96A18471A6DAA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\achpabhngjadedgleiffefjcnkdlnlmn\1\5182817601da28.64750218.js"

sh=DC0B55BE7DC20FEF17431AD6E81539CF38967902 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfgjeakafobopncbiopgikmdmgcpkdm\1\518281b55b67b2.85711647.js"

sh=74E7D99D3B29F1E124EBDCA6BE0184E24619EC5E ft=1 fh=57c05034de303995 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NI51GLP8\update[1]"

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=41b28b62529e1341a5de6da7dd975d78

# engine=20331

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-09-27 11:00:10

# local_time=2014-09-28 01:00:10 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 99 22891 3767407 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 5444 163488660 0 0

# scanned=150679

# found=2

# cleaned=0

# scan_time=5049

sh=429FC48BC53BC454DBF9DD799994FD538DD2CD1C ft=1 fh=b14d744a763a52f9 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Lena\Downloads\ccsetup312.exe"

sh=30B843D04116D79B8CA789AA5774B025805348CF ft=1 fh=f8c0307fdde4b037 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Lena\Downloads\FoxitReader514.0104_enu_Setup.exe"

SecurityCheck

Code:

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 15.0.0.152  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Mozilla Firefox (32.0.3) 

 Mozilla Thunderbird (7.0.1) Thunderbird out of Date!  
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014

Ran by Lena (administrator) on LENA-PC on 28-09-2014 12:25:20

Running from C:\Users\Lena\Desktop

Loaded Profiles: Lena & UpdatusUser (Available profiles: Lena & UpdatusUser)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoBandCustomize] 0

HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)

AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0A474F7721CCCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DC1792B2ADDD4F7A92C675CACEB4CFD2 URL = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQSNRS2wn&i=26

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF SearchPlugin: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\searchplugins\avira-safesearch.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Avira SafeSearch - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\safesearch@avira.com [2014-09-23]

FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-14]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\achpabhngjadedgleiffefjcnkdlnlmn [2013-05-02]

CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpmkmcdokoghnccphoipjgdcommiomah [2014-01-01]

CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfgjeakafobopncbiopgikmdmgcpkdm [2013-05-02]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-28 12:24 - 2014-09-28 12:24 - 00000878 _____ () C:\Users\Lena\Desktop\checkup.txt

2014-09-28 12:11 - 2014-09-28 12:11 - 00854417 _____ () C:\Users\Lena\Desktop\SecurityCheck.exe

2014-09-28 12:07 - 2014-09-28 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-28 12:03 - 2014-09-28 12:03 - 00000231 _____ () C:\Users\Lena\Desktop\eset.txt

2014-09-27 23:33 - 2014-09-27 23:33 - 02347384 _____ (ESET) C:\Users\Lena\Desktop\esetsmartinstaller_deu.exe

2014-09-26 19:52 - 2014-09-26 19:52 - 00038940 _____ () C:\Users\Lena\Desktop\FRSTaktuell.txt

2014-09-26 19:48 - 2014-09-28 12:25 - 00013787 _____ () C:\Users\Lena\Desktop\FRST.txt

2014-09-26 19:48 - 2014-09-26 19:48 - 02108928 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe

2014-09-26 19:47 - 2014-09-26 19:47 - 00002297 _____ () C:\Users\Lena\Desktop\JRTaktuell.txt

2014-09-26 19:37 - 2014-09-26 19:37 - 00002297 _____ () C:\Users\Lena\Desktop\JRT.txt

2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Windows\ERUNT

2014-09-26 19:33 - 2014-09-26 19:33 - 01699118 _____ (Thisisu) C:\Users\Lena\Desktop\JRT.exe

2014-09-26 19:31 - 2014-09-26 19:31 - 01699118 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe

2014-09-26 19:29 - 2014-09-26 19:29 - 00001051 _____ () C:\Users\Lena\Desktop\AdwCleaner[S1].txt

2014-09-26 18:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-26 18:09 - 2014-09-26 18:09 - 01373475 _____ () C:\Users\Lena\Downloads\AdwCleaner.exe

2014-09-26 18:06 - 2014-09-26 18:06 - 00001154 _____ () C:\Users\Lena\Desktop\mbam.txt

2014-09-26 17:19 - 2014-09-26 17:24 - 00000026 _____ () C:\Users\Lena\Desktop\FreeMem.vbs

2014-09-26 11:45 - 2014-09-26 11:45 - 00016987 _____ () C:\Users\Lena\Documents\Combofix.txt

2014-09-26 11:39 - 2014-09-26 11:39 - 00016987 _____ () C:\ComboFix.txt

2014-09-26 11:20 - 2014-09-26 18:13 - 00001770 _____ () C:\Windows\PFRO.log

2014-09-26 10:59 - 2014-09-26 11:40 - 00000000 ____D () C:\Qoobox

2014-09-26 10:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-09-26 10:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-09-26 10:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-09-26 10:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-09-26 10:58 - 2014-09-26 11:34 - 00000000 ____D () C:\Windows\erdnt

2014-09-26 10:58 - 2014-09-26 10:58 - 00001142 _____ () C:\Users\Lena\Desktop\ComboFix.lnk

2014-09-26 10:56 - 2014-09-26 10:57 - 05580995 ____R (Swearware) C:\Users\Lena\Downloads\ComboFix.exe

2014-09-25 14:13 - 2014-09-25 14:13 - 00030191 _____ () C:\Users\Lena\Downloads\Addition.txt

2014-09-25 14:11 - 2014-09-28 12:25 - 00000000 ____D () C:\FRST

2014-09-25 14:11 - 2014-09-25 14:13 - 00041923 _____ () C:\Users\Lena\Downloads\FRST.txt

2014-09-25 14:09 - 2014-09-25 14:09 - 02106880 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe

2014-09-24 12:57 - 2014-09-27 23:10 - 00000560 _____ () C:\Windows\setupact.log

2014-09-24 12:57 - 2014-09-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-24 11:55 - 2014-09-24 11:55 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe

2014-09-24 11:52 - 2014-09-24 11:52 - 00002200 _____ () C:\Users\Lena\Documents\cc_20140924_115232.reg

2014-09-24 10:28 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.trb

2014-09-24 10:13 - 2014-09-26 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover

2014-09-24 09:56 - 2014-09-24 09:58 - 21657592 _____ (Simply Super Software ) C:\Users\Lena\Downloads\trjsetup691.exe

2014-09-24 00:37 - 2014-09-24 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-24 00:35 - 2014-09-24 00:35 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe

2014-09-24 00:24 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-09-24 00:24 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-09-24 00:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-09-24 00:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-09-24 00:17 - 2014-09-24 00:22 - 319671744 _____ (NVIDIA Corporation) C:\Users\Lena\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe

2014-09-23 23:54 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2014-09-23 23:54 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-09-23 23:54 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-09-23 23:54 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2014-09-23 23:54 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2014-09-23 23:54 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-09-23 23:54 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2014-09-23 23:54 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2014-09-23 23:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2014-09-23 23:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2014-09-23 23:54 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2014-09-23 23:54 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2014-09-23 23:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-09-23 23:54 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-09-23 23:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-09-23 23:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-09-23 23:52 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2014-09-23 23:52 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2014-09-23 23:52 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2014-09-23 23:52 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2014-09-23 23:51 - 2014-09-23 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-09-23 23:46 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-09-23 23:46 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-09-23 23:45 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-09-23 23:45 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-09-23 23:45 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-23 23:43 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-23 23:43 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-23 23:40 - 2014-09-23 23:40 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Avira

2014-09-23 23:37 - 2014-09-23 23:36 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-09-23 23:33 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-09-23 23:33 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-09-23 23:33 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-09-23 22:54 - 2014-09-27 23:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-23 22:54 - 2014-09-23 22:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-23 22:54 - 2014-09-23 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-23 22:53 - 2014-09-23 22:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-23 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-23 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-23 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-23 22:48 - 2014-09-23 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\ProgramData\Avira

2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-09-23 22:48 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-23 22:47 - 2014-09-23 22:47 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lena\Downloads\avira_de_av___ws.exe

2014-09-23 22:42 - 2014-09-23 22:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-23 22:27 - 2014-09-26 18:12 - 00000000 ____D () C:\AdwCleaner

2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-23 22:26 - 2014-09-23 22:26 - 00001812 _____ () C:\Users\Lena\Documents\aswMBR.txt

2014-09-23 22:26 - 2014-09-23 22:26 - 00000512 _____ () C:\Users\Lena\Documents\MBR.dat

2014-09-23 22:22 - 2014-09-23 22:22 - 00157069 _____ () C:\Users\Lena\Documents\Stingerlog.xps

2014-09-23 19:49 - 2014-09-23 22:22 - 00000000 ____D () C:\Program Files\stinger

2014-09-12 19:34 - 2014-09-12 19:34 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\FUJIFILM

2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Users\Lena\AppData\Local\Packages

2014-09-10 23:05 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 23:05 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 23:05 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 23:05 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 23:05 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 23:05 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 23:05 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 23:05 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 23:05 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 23:05 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 23:05 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 23:05 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 23:05 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 23:05 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 23:05 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 23:05 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 23:05 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 23:05 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 23:05 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 23:05 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 23:05 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 23:05 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 23:05 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 23:05 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 23:05 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 23:05 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 23:05 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 23:05 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 23:05 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 23:05 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 23:05 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 23:05 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 23:05 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 23:05 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 23:05 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 23:05 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 23:05 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 23:05 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 23:05 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 23:05 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 23:05 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 23:05 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 23:05 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 23:05 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 23:05 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 23:05 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 23:05 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 23:05 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 23:05 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 23:05 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 23:05 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 23:05 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 23:05 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 23:05 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 23:05 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 23:05 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 22:54 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 22:54 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 16:29 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 16:29 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 16:28 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-10 16:28 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-10 16:28 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 16:28 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 16:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 16:28 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 16:28 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 16:28 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 16:28 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-28 12:09 - 2012-05-25 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-28 12:05 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2014-09-28 12:05 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2014-09-28 12:05 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-28 11:43 - 2012-10-03 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-28 03:00 - 2014-03-05 13:58 - 01986972 _____ () C:\Windows\WindowsUpdate.log

2014-09-27 23:19 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-27 23:19 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-27 23:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-26 11:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-09-26 11:24 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-26 11:09 - 2013-05-02 16:39 - 00000000 ____D () C:\ProgramData\TEMP

2014-09-24 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-24 07:11 - 2011-11-01 10:03 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-09-24 03:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-24 00:29 - 2009-07-14 06:45 - 00341792 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\SysWOW64\NV

2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\system32\NV

2014-09-24 00:10 - 2011-10-31 20:48 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-24 00:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-09-24 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-09-23 23:57 - 2011-10-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Intel

2014-09-23 23:48 - 2011-10-31 21:19 - 00009872 _____ () C:\Windows\system32\RaCoInst.log

2014-09-23 23:27 - 2014-01-05 11:33 - 00000000 ____D () C:\Windows\Downloaded Installations

2014-09-23 22:53 - 2014-01-25 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-23 22:29 - 2011-10-31 20:54 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-23 20:21 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\akllocijhjckflgnalkmmbelgejbmbcm

2014-09-22 15:46 - 2013-03-01 15:23 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Skype

2014-09-21 16:26 - 2011-10-31 20:00 - 00000000 ____D () C:\Users\Lena

2014-09-21 14:40 - 2012-10-03 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-21 14:40 - 2012-10-03 10:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-21 14:40 - 2011-12-31 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-15 09:06 - 2011-10-31 20:53 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-14 17:33 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\ce4c029df8982a8f

2014-09-10 23:04 - 2012-09-03 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 23:03 - 2011-11-01 10:02 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 23:00 - 2013-07-30 18:56 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 22:54 - 2014-05-31 21:09 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-09-10 22:54 - 2012-02-22 18:06 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-01 21:57 - 2014-07-10 13:59 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-01 21:57 - 2013-03-01 15:23 - 00000000 ____D () C:\ProgramData\Skype
 

Some content of TEMP:

====================

C:\Users\Lena\AppData\Local\Temp\avgnt.exe

C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-26 12:20
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß und DANKE

Möglich.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Bestehen noch Probleme mit dem System?

Hallo,

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014

Ran by Lena at 2014-09-28 18:47:56 Run:1

Running from C:\Users\Lena\Desktop

Loaded Profiles: Lena & UpdatusUser (Available profiles: Lena & UpdatusUser)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

S2 03e661da; "c:\windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

*****************
 

03e661da => Service deleted successfully.
 

==== End of Fixlog ====

Ja, weiter Probleme. Seltsam ist, dass nach jedem Neustart was anderes langsam geht. Einmal findet der Adapter das WLAN-Netz schnell, dann wieder überhaupt nicht. Dann steckt man einen Stick an den gleichen USB Port wie vorher - mal erkennt ihn das System binnen Sekunden, mal dauert es bis zu 2 Minuten. Mal öffnet sich der WIN Explorer schnell, nach dem nächsten Systemstart dauert es bis zu 20 Sekunden. Wäre es mein Laptop, wäre schon eine SSD drin und ich hätte das System neu aufgesetzt. Aber es ist nicht meins :heulen: 4 Tage Arbeit, Analyse etc. ohne Erfolg.

Egal, bisher :dankeschoen: für Deine Geduld und Hilfe!!

Zitat:

4 Tage Arbeit, Analyse etc. ohne Erfolg.

real life sucks. Wir können auch nicht hell sehen ;)

Malware verursacht das jedenfalls nicht.

http://www.deeprybka.trojaner-board....r/wraioneu.PNG

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

http://deeprybka.trojaner-board.de/b...srepair271.png

Wird gemacht.

:dankeschoen: :dankeschoen: :dankeschoen: :dankeschoen: :dankeschoen:

Alles erledigt. Vielen Dank! Es ist nicht gut; aber wie Du sagst, real life sucks :heulen:

:dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::
dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen:

Zitat:

Zitat von schrauber (Beitrag 1365677)

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Hallo Schrauber,

was tut FRST mit diesem Text? Welche Auswirkung hat das? Welcher Fehler wird
hier behoben?

Vielen Dank!

:dankeschoen: