Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: fbDownloader eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.08.2013, 13:46   #1
unkrautlilie
 
fbDownloader eingefangen - Icon16

fbDownloader eingefangen



Leider habe auch ich mir den fbDownloader eingefangen und er nervt mich massiv. Bitte helft mir, ihn wieder loszuwerden! Herzlichen Dank im Voraus!

Alt 16.08.2013, 13:46   #2
aharonov
/// TB-Ausbilder
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



Hi,

wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier.
__________________

__________________

Alt 16.08.2013, 14:14   #3
unkrautlilie
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



Danke Leo, dass du mir hilfst!
hier ist der bericht vom schritt 1:
Zitat:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013
Ran by Susanne (administrator) on 16-08-2013 13:57:09
Running from C:\Users\Susanne\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
() C:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Sytems Incorporated) C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Susanne\Desktop\Defogger.exe
und hier ist der bericht vom schritt 2:

Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2013
Ran by Susanne at 2013-08-16 13:58:14
Running from C:\Users\Susanne\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Creative Suite 2 (x32)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe Illustrator CS2 (x32 Version: 12.000.000)
Adobe InDesign CS2 (x32 Version: 004.000.000)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
Adobe SVG Viewer 3.0 (x32 Version: 3.0)
Adobe Version Cue CS2 (x32 Version: 2.0)
ALDI NORD Bestellsoftware 4.12.2 (x32 Version: 4.12.2)
Avira Free Antivirus (x32 Version: 12.1.9.2500)
CDBurnerXP (x32 Version: 4.5.1.4003)
Cinergy DT USB XS Diversity (MKII) V3.12.00.00a (x32 Version: 3.12.00.00a)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
CVE-2012-4969
DHTML Editing Component (x32 Version: 6.02.0001)
DVBViewer TERRATEC Edition (x32)
ESU for Microsoft Windows 7 SP1 (x32 Version: 5.1.1)
FastStone Image Viewer 4.6 (x32 Version: 4.6)
Glary Utilities PRO 3.8 (x32 Version: 3.8.0.134)
GMX Softwareaktualisierung (x32 Version: 2.0.4.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2430)
Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002)
LetsTrade Komponenten (x32)
MAGIX Foto & Grafik Designer 6 SE (Version: 6.1.3.24817)
MAGIX Foto & Grafik Designer 6 SE (x32 Version: 6.1.3.24817)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
ON SX440 Series Printer Uninstall
Photomizer (x32 Version: 1.3.12.723)
Photomizer Retro (x32 Version: 2.0.12.925)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Primo Ramdisk Standard Edition 5.6.0 (Version: 5.6.0)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6461)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706)
SiSoftware Sandra Lite 2012.SP5 (Version: 18.58.2012.8)
Suite Specific (x32 Version: 2.0.0)
Surf & E-Mail-Stick (x32 Version: 11.301.08.00.35)
Synaptics TouchPad Driver (Version: 15.3.29.0)
Synology Assistant (remove only) (x32)
Turbo Lister 2 (x32 Version: 2.00.0000)
__________________

Alt 16.08.2013, 14:16   #4
aharonov
/// TB-Ausbilder
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



Hallo,

diese Logs sind beide stark unvollständig. Kannst du bitte nochmals die beiden kompletten Logs posten?
__________________
cheers,
Leo

Alt 16.08.2013, 14:49   #5
unkrautlilie
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



zweiter versuch:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013
Ran by Susanne (administrator) on 16-08-2013 14:25:13
Running from C:\Users\Susanne\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
() C:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Sytems Incorporated) C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
() C:\Users\Susanne\Desktop\Defogger.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKCU\...\Run: [TU] - C:\Users\Susanne\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe [133536 2012-10-28] ()
HKCU\...\Run: [EPSON131837 (Epson Stylus SX440)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Temp\E_S317E.tmp" /EF "HKCU" [x]
HKCU\...\Run: [EPSON SX440 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Temp\E_S3314.tmp" /EF "HKCU" [x]
HKCU\...\Run: [EPSON131837 (Epson Stylus SX440) (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Temp\E_S3278.tmp" /EF "HKCU" [x]
HKCU\...\Run: [SCheck] - C:\Users\Susanne\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Susanne\AppData\Roaming\Snz\Snz.exe [1137673 2013-07-23] ()
HKCU\...\Run: [DataMgr] - C:\Users\Susanne\AppData\Roaming\DataMgr\DataMgr.exe [168264 2012-10-16] (HTTO Group, Ltd.)
HKCU\...\Run: [Intermediate] - C:\Users\Susanne\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {26780cdd-a3a1-11e2-9f35-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966276-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966285-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f49664ec-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f49664f1-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966650-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966658-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fbDownloader Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = fbDownloader Search
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
BHO-x32: No Name - {553318DA-D010-469E-84B1-496563CAE1BF} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\..\Interfaces\{6DE81083-A3D9-41D7-AD49-4F6675915E74}: [NameServer]192.168.178.1
Tcpip\..\Interfaces\{9F6D36EE-FCCB-4C75-8E88-411610ADCB30}: [NameServer]192.168.178.1,192.168.178.0

FireFox:
========
FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default
FF NewTab: hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\webde-suche.xml
FF Extension: YoutubeDownloader - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-07] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-07] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5\RpcAgentSrv.exe [68760 2009-08-03] (SiSoftware)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-07] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-07] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-07] (Avira GmbH)
R0 FancyRd; C:\Windows\System32\DRIVERS\fancyrd.sys [155072 2012-06-24] (Romex Software)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-16] (DiBcom S.A.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 mod7700; system32\DRIVERS\mod7700.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 axdirfow; \??\C:\Temp\axdirfow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-16 14:25 - 2013-08-16 14:25 - 00011281 _____ C:\Temp\frstlog
2013-08-16 14:25 - 2013-08-16 14:25 - 00010229 _____ C:\Temp\log1
2013-08-16 14:25 - 2013-08-16 14:25 - 00000095 _____ C:\Temp\users00
2013-08-16 14:25 - 2013-08-16 14:25 - 00000003 _____ C:\Temp\others
2013-08-16 14:18 - 2013-08-16 14:18 - 00377856 _____ C:\Users\Susanne\Desktop\1gww4hxu.exe
2013-08-16 13:58 - 2013-08-16 13:58 - 00019199 _____ C:\Users\Susanne\Desktop\Addition.txt
2013-08-16 13:57 - 2013-08-16 13:57 - 00000000 ____D C:\FRST
2013-08-16 13:56 - 2013-08-16 13:56 - 01576058 _____ (Farbar) C:\Users\Susanne\Desktop\FRST64.exe
2013-08-16 13:55 - 2013-08-16 14:25 - 00000476 _____ C:\Users\Susanne\Desktop\defogger_disable.log
2013-08-16 13:55 - 2013-08-16 13:55 - 00000000 _____ C:\Users\Susanne\defogger_reenable
2013-08-16 13:52 - 2013-08-16 13:52 - 00050477 _____ C:\Users\Susanne\Desktop\Defogger.exe
2013-08-16 11:56 - 2000-10-05 16:00 - 00054272 _____ (InstallShield Software Corporation) C:\Temp\setA363.tmp
2013-08-15 18:21 - 2013-08-15 18:21 - 00000608 _____ C:\Temp\fwtsqmfile00.sqm
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI485c2.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI476b5.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000494 _____ C:\Temp\~glaryutilities-version.dat
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Snz
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\SCheck
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Intermediate
2013-08-15 18:13 - 2013-08-15 18:14 - 00000000 ____D C:\Temp\nsb20AB.tmp
2013-08-15 18:13 - 2013-08-15 18:14 - 00000000 ____D C:\Temp\nsb1D9F.tmp
2013-08-15 18:13 - 2013-08-15 18:13 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Common
2013-08-15 18:13 - 2013-08-15 18:13 - 00000000 ____D C:\Temp\WPDNSE
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib7
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib6
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib5
2013-08-15 18:10 - 2013-08-15 18:10 - 00000056 _____ C:\Windows\setupact.log
2013-08-15 18:10 - 2013-08-15 18:10 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 18:09 - 2013-08-15 18:09 - 00003288 ____N C:\bootsqm.dat
2013-08-15 18:09 - 2013-08-15 18:09 - 00000284 _____ C:\Windows\PFRO.log
2013-08-15 16:41 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 16:41 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 16:41 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 16:41 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 16:41 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 16:41 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 16:41 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 16:41 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 16:41 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 16:41 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 16:41 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 16:41 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 16:41 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 16:41 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:40 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 16:40 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 16:40 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 16:40 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 16:40 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 16:33 - 2013-08-15 16:39 - 28613430 _____ C:\Temp\KB2840628v2_20130815_163345552-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2013-08-15 16:33 - 2013-08-15 16:39 - 00065664 _____ C:\Temp\KB2840628v2_20130815_163345552.html
2013-08-15 16:33 - 2013-08-15 16:33 - 00003017 _____ C:\Temp\dd_clwireg.txt
2013-08-15 16:33 - 2013-08-15 16:33 - 00000000 ____D C:\Temp\KB2840628v2_10.0.30319
2013-08-15 16:30 - 2013-08-15 16:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 20:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 20:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 20:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 20:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 20:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 20:27 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 20:27 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 20:27 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 20:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 20:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:27 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-14 20:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 21:33 - 2013-08-16 08:52 - 00016910 _____ C:\Temp\MpCmdRun.log
2013-08-12 17:55 - 2013-08-12 17:55 - 00006119 ____T C:\Temp\VGX5554.tmp
2013-08-10 12:42 - 2013-08-13 12:00 - 00000000 ____D C:\Temp\msohtml1
2013-08-10 12:42 - 2013-08-10 12:42 - 00000000 ____D C:\Temp\msohtml
2013-08-06 16:40 - 2013-08-06 16:40 - 00000000 ____D C:\ProgramData\GlarySoft
2013-08-06 16:38 - 2013-08-06 16:38 - 00006119 ____T C:\Temp\VGXCAD.tmp
2013-08-06 16:37 - 2013-08-12 21:29 - 00000430 _____ C:\Windows\Tasks\GlaryOneClickOptimizer 3.job
2013-08-06 16:37 - 2013-08-06 16:37 - 00003238 _____ C:\Windows\System32\Tasks\GlaryOneClickOptimizer 3
2013-08-06 16:33 - 2013-08-15 18:14 - 00000338 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-08-06 16:33 - 2013-08-15 18:14 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00002642 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00001040 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-08-06 16:33 - 2013-08-06 16:33 - 00000075 _____ C:\DiskDefrag.log
2013-08-06 16:33 - 2013-08-05 11:10 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-08-06 16:31 - 2013-08-06 16:32 - 16137808 _____ C:\Users\Susanne\Downloads\gup3setup.exe
2013-08-04 10:19 - 2013-08-04 10:19 - 00000000 ____D C:\Temp\CDBurnerXP-updates
2013-08-03 11:36 - 2013-08-15 20:12 - 00000000 ____D C:\Temp\MPInstrumentation
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib4
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib3
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib2
2013-07-24 13:31 - 2013-08-06 16:09 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\vlc
2013-07-24 13:31 - 2013-07-24 13:31 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk

==================== One Month Modified Files and Folders =======

2013-08-16 14:25 - 2013-08-16 14:25 - 00011281 _____ C:\Temp\frstlog
2013-08-16 14:25 - 2013-08-16 14:25 - 00010296 _____ C:\Temp\log1
2013-08-16 14:25 - 2013-08-16 14:25 - 00000095 _____ C:\Temp\users00
2013-08-16 14:25 - 2013-08-16 14:25 - 00000003 _____ C:\Temp\others
2013-08-16 14:25 - 2013-08-16 13:55 - 00000476 _____ C:\Users\Susanne\Desktop\defogger_disable.log
2013-08-16 14:18 - 2013-08-16 14:18 - 00377856 _____ C:\Users\Susanne\Desktop\1gww4hxu.exe
2013-08-16 13:58 - 2013-08-16 13:58 - 00019199 _____ C:\Users\Susanne\Desktop\Addition.txt
2013-08-16 13:57 - 2013-08-16 13:57 - 00000000 ____D C:\FRST
2013-08-16 13:56 - 2013-08-16 13:56 - 01576058 _____ (Farbar) C:\Users\Susanne\Desktop\FRST64.exe
2013-08-16 13:55 - 2013-08-16 13:55 - 00000000 _____ C:\Users\Susanne\defogger_reenable
2013-08-16 13:55 - 2012-08-13 08:51 - 00000000 ____D C:\Users\Susanne
2013-08-16 13:52 - 2013-08-16 13:52 - 00050477 _____ C:\Users\Susanne\Desktop\Defogger.exe
2013-08-16 13:09 - 2012-08-13 08:43 - 01554411 _____ C:\Windows\WindowsUpdate.log
2013-08-16 11:56 - 2013-02-02 14:24 - 00000105 _____ C:\Windows\WISO.INI
2013-08-16 11:56 - 2012-08-13 09:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-16 08:52 - 2013-08-13 21:33 - 00016910 _____ C:\Temp\MpCmdRun.log
2013-08-16 08:31 - 2013-01-01 18:08 - 00000000 ____D C:\Temp\acro_rd_dir
2013-08-15 20:12 - 2013-08-03 11:36 - 00000000 ____D C:\Temp\MPInstrumentation
2013-08-15 18:21 - 2013-08-15 18:21 - 00000608 _____ C:\Temp\fwtsqmfile00.sqm
2013-08-15 18:19 - 2012-10-01 16:46 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{25777FCA-7115-44B3-A042-CC520D51DDC3}
2013-08-15 18:19 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 18:19 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 18:18 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-15 18:18 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-15 18:18 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI485c2.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI476b5.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000494 _____ C:\Temp\~glaryutilities-version.dat
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Snz
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\SCheck
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Intermediate
2013-08-15 18:14 - 2013-08-15 18:13 - 00000000 ____D C:\Temp\nsb20AB.tmp
2013-08-15 18:14 - 2013-08-15 18:13 - 00000000 ____D C:\Temp\nsb1D9F.tmp
2013-08-15 18:14 - 2013-08-06 16:33 - 00000338 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-08-15 18:14 - 2013-08-06 16:33 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-08-15 18:14 - 2012-11-07 23:29 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\DataMgr
2013-08-15 18:13 - 2013-08-15 18:13 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Common
2013-08-15 18:13 - 2013-08-15 18:13 - 00000000 ____D C:\Temp\WPDNSE
2013-08-15 18:12 - 2012-08-13 09:39 - 00000000 ____D C:\Windows\Panther
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib7
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib6
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib5
2013-08-15 18:11 - 2013-01-07 21:44 - 00000000 ____D C:\Temp\hsperfdata_SUSANNE-PC$
2013-08-15 18:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 18:10 - 2013-08-15 18:10 - 00000056 _____ C:\Windows\setupact.log
2013-08-15 18:10 - 2013-08-15 18:10 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 18:09 - 2013-08-15 18:09 - 00003288 ____N C:\bootsqm.dat
2013-08-15 18:09 - 2013-08-15 18:09 - 00000284 _____ C:\Windows\PFRO.log
2013-08-15 16:39 - 2013-08-15 16:33 - 28613430 _____ C:\Temp\KB2840628v2_20130815_163345552-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2013-08-15 16:39 - 2013-08-15 16:33 - 00065664 _____ C:\Temp\KB2840628v2_20130815_163345552.html
2013-08-15 16:33 - 2013-08-15 16:33 - 00003017 _____ C:\Temp\dd_clwireg.txt
2013-08-15 16:33 - 2013-08-15 16:33 - 00000000 ____D C:\Temp\KB2840628v2_10.0.30319
2013-08-15 16:33 - 2013-08-15 16:30 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:30 - 2012-08-13 11:07 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 16:29 - 2009-07-14 04:34 - 00000586 _____ C:\Windows\win.ini
2013-08-13 12:00 - 2013-08-10 12:42 - 00000000 ____D C:\Temp\msohtml1
2013-08-12 21:29 - 2013-08-06 16:37 - 00000430 _____ C:\Windows\Tasks\GlaryOneClickOptimizer 3.job
2013-08-12 17:55 - 2013-08-12 17:55 - 00006119 ____T C:\Temp\VGX5554.tmp
2013-08-10 12:42 - 2013-08-10 12:42 - 00000000 ____D C:\Temp\msohtml
2013-08-06 16:40 - 2013-08-06 16:40 - 00000000 ____D C:\ProgramData\GlarySoft
2013-08-06 16:38 - 2013-08-06 16:38 - 00006119 ____T C:\Temp\VGXCAD.tmp
2013-08-06 16:37 - 2013-08-06 16:37 - 00003238 _____ C:\Windows\System32\Tasks\GlaryOneClickOptimizer 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00002642 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00001040 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-08-06 16:33 - 2013-08-06 16:33 - 00000075 _____ C:\DiskDefrag.log
2013-08-06 16:33 - 2012-12-02 11:23 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\GlarySoft
2013-08-06 16:32 - 2013-08-06 16:31 - 16137808 _____ C:\Users\Susanne\Downloads\gup3setup.exe
2013-08-06 16:09 - 2013-07-24 13:31 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\vlc
2013-08-05 18:48 - 2012-08-16 22:40 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Macromedia
2013-08-05 11:10 - 2013-08-06 16:33 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-08-04 21:31 - 2012-09-23 17:30 - 00000000 ____D C:\Users\Susanne\WISO
2013-08-04 10:19 - 2013-08-04 10:19 - 00000000 ____D C:\Temp\CDBurnerXP-updates
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib4
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib3
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib2
2013-07-26 07:13 - 2013-08-15 16:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:13 - 2013-08-15 16:40 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 16:40 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:35 - 2013-08-15 16:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 16:40 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 16:40 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 16:41 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 05:11 - 2013-08-15 16:40 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 04:49 - 2013-08-15 16:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 16:41 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 16:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 20:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 20:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 13:31 - 2013-07-24 13:31 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-24 13:18 - 2013-03-31 20:06 - 00000000 ____D C:\ProgramData\DatacardService
2013-07-24 13:14 - 2012-11-07 23:19 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\GinyasBrowserCompanion
2013-07-24 13:14 - 2012-11-07 23:19 - 00000000 ____D C:\Program Files (x86)\GinyasBrowserCompanion
2013-07-24 13:14 - 2012-08-13 08:52 - 00000000 ___RD C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-24 13:13 - 2012-09-23 00:59 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\DVDVideoSoft
2013-07-22 21:40 - 2009-07-14 06:45 - 00299872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 21:38 - 2012-08-13 16:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-22 21:38 - 2012-08-13 16:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-22 19:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-22 19:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-22 19:05 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-22 16:48 - 2012-09-23 16:57 - 00000000 ____D C:\Users\Susanne\CHORtexte
2013-07-22 14:36 - 2012-08-16 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-19 03:58 - 2013-08-14 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-14 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 20:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


und auch das nochmal:
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2013
Ran by Susanne at 2013-08-16 14:25:39
Running from C:\Users\Susanne\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Creative Suite 2 (x32)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe Illustrator CS2 (x32 Version: 12.000.000)
Adobe InDesign CS2 (x32 Version: 004.000.000)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
Adobe SVG Viewer 3.0 (x32 Version: 3.0)
Adobe Version Cue CS2 (x32 Version: 2.0)
ALDI NORD Bestellsoftware 4.12.2 (x32 Version: 4.12.2)
Avira Free Antivirus (x32 Version: 12.1.9.2500)
CDBurnerXP (x32 Version: 4.5.1.4003)
Cinergy DT USB XS Diversity (MKII) V3.12.00.00a (x32 Version: 3.12.00.00a)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
CVE-2012-4969
DHTML Editing Component (x32 Version: 6.02.0001)
DVBViewer TERRATEC Edition (x32)
ESU for Microsoft Windows 7 SP1 (x32 Version: 5.1.1)
FastStone Image Viewer 4.6 (x32 Version: 4.6)
Glary Utilities PRO 3.8 (x32 Version: 3.8.0.134)
GMX Softwareaktualisierung (x32 Version: 2.0.4.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2430)
Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002)
LetsTrade Komponenten (x32)
MAGIX Foto & Grafik Designer 6 SE (Version: 6.1.3.24817)
MAGIX Foto & Grafik Designer 6 SE (x32 Version: 6.1.3.24817)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
ON SX440 Series Printer Uninstall
Photomizer (x32 Version: 1.3.12.723)
Photomizer Retro (x32 Version: 2.0.12.925)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Primo Ramdisk Standard Edition 5.6.0 (Version: 5.6.0)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6461)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706)
SiSoftware Sandra Lite 2012.SP5 (Version: 18.58.2012.8)
Suite Specific (x32 Version: 2.0.0)
Surf & E-Mail-Stick (x32 Version: 11.301.08.00.35)
Synaptics TouchPad Driver (Version: 15.3.29.0)
Synology Assistant (remove only) (x32)
Turbo Lister 2 (x32 Version: 2.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Wingnut Lo-Fi

==================== Restore Points =========================

24-07-2013 11:15:01 Removed Java SE Development Kit 7 Update 7
24-07-2013 11:16:38 Removed Java 7 Update 7
26-07-2013 08:57:20 Windows Update
29-07-2013 20:20:53 Windows Update
02-08-2013 22:08:02 Windows Update
06-08-2013 19:26:37 Windows Update
10-08-2013 10:29:14 Windows Update
13-08-2013 19:34:05 Windows Update
15-08-2013 14:27:04 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2CD33F40-B83A-4AF4-9EF7-0D418F776D65} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {63994000-AAC1-44B7-AD1D-6922EC3F0A48} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {7AA38C8E-BF34-4F67-8080-950163CD07A1} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2012-09-20] (1&1 Mail & Media GmbH)
Task: {7D67EB5E-FEDF-4A95-BC37-FECF65A40369} - System32\Tasks\GlaryOneClickOptimizer 3 => C:\Program Files (x86)\Glary Utilities 3\OneClickMaintenance.exe [2013-08-05] (Glarysoft Ltd)
Task: {AB9E9D04-3361-437C-A1C0-BA92558B6536} - System32\Tasks\GlaryInitialize 3 => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe [2013-08-05] (Glarysoft Ltd)
Task: {B8FF402F-52FA-419B-AAE6-5AD6319018C6} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {BCC1949C-7F5B-4D2C-90FD-419D42687DB4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {C0ACA8FB-834D-4D7E-B501-8CA6D2A978BA} - System32\Tasks\User_Feed_Synchronization-{25777FCA-7115-44B3-A042-CC520D51DDC3} => C:\Windows\system32\msfeedssync.exe [2013-05-14] (Microsoft Corporation)
Task: {F05AB0A1-427C-471D-9D5A-95872CBC8E99} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: C:\Windows\Tasks\GlaryInitialize 3.job => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe
Task: C:\Windows\Tasks\GlaryOneClickOptimizer 3.job => C:\Program Files (x86)\Glary Utilities 3\OneClickMaintenance.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2013 01:37:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (08/15/2013 06:14:19 PM) (Source: MsiInstaller) (User: Susanne-PC)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1730.Sie müssen über Administratorrechte verfügen, um diese Anwendung entfernen zu können. Melden Sie sich als Administrator an oder wenden Sie sich an den technischen Support, um Unterstützung zu erhalten.

Error: (08/15/2013 06:14:15 PM) (Source: MsiInstaller) (User: Susanne-PC)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1730.Sie müssen über Administratorrechte verfügen, um diese Anwendung entfernen zu können. Melden Sie sich als Administrator an oder wenden Sie sich an den technischen Support, um Unterstützung zu erhalten.

Error: (08/15/2013 04:26:54 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (07/24/2013 03:25:40 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 0.0.0.0, Zeitstempel: 0x507fbe94
Name des fehlerhaften Moduls: tbhcn.exe, Version: 0.0.0.0, Zeitstempel: 0x507fbe94
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008508e
ID des fehlerhaften Prozesses: 0x884
Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0
Pfad der fehlerhaften Anwendung: tbhcn.exe1
Pfad des fehlerhaften Moduls: tbhcn.exe2
Berichtskennung: tbhcn.exe3

Error: (07/10/2013 06:27:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/19/2013 08:06:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 0.0.0.0, Zeitstempel: 0x507fbe94
Name des fehlerhaften Moduls: tbhcn.exe, Version: 0.0.0.0, Zeitstempel: 0x507fbe94
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008508e
ID des fehlerhaften Prozesses: 0xda4
Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0
Pfad der fehlerhaften Anwendung: tbhcn.exe1
Pfad des fehlerhaften Moduls: tbhcn.exe2
Berichtskennung: tbhcn.exe3

Error: (06/16/2013 08:58:49 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (06/15/2013 01:43:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 0.0.0.0, Zeitstempel: 0x507fbe94
Name des fehlerhaften Moduls: tbhcn.exe, Version: 0.0.0.0, Zeitstempel: 0x507fbe94
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008508e
ID des fehlerhaften Prozesses: 0xdb4
Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0
Pfad der fehlerhaften Anwendung: tbhcn.exe1
Pfad des fehlerhaften Moduls: tbhcn.exe2
Berichtskennung: tbhcn.exe3

Error: (05/24/2013 06:18:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 0.0.0.0, Zeitstempel: 0x507fbe94
Name des fehlerhaften Moduls: tbhcn.exe, Version: 0.0.0.0, Zeitstempel: 0x507fbe94
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008508e
ID des fehlerhaften Prozesses: 0xa20
Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0
Pfad der fehlerhaften Anwendung: tbhcn.exe1
Pfad des fehlerhaften Moduls: tbhcn.exe2
Berichtskennung: tbhcn.exe3


System errors:
=============
Error: (08/16/2013 11:54:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/16/2013 08:29:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/16/2013 05:27:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/15/2013 09:17:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/15/2013 08:12:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/15/2013 06:11:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/15/2013 05:55:38 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/15/2013 04:27:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/15/2013 04:36:45 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (08/14/2013 09:59:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (08/16/2013 01:37:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\SoftonicDownloader_fuer_nero-kwik-burn.exe

Error: (08/15/2013 06:14:19 PM) (Source: MsiInstaller)(User: Susanne-PC)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1730.Sie müssen über Administratorrechte verfügen, um diese Anwendung entfernen zu können. Melden Sie sich als Administrator an oder wenden Sie sich an den technischen Support, um Unterstützung zu erhalten.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/15/2013 06:14:15 PM) (Source: MsiInstaller)(User: Susanne-PC)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1730.Sie müssen über Administratorrechte verfügen, um diese Anwendung entfernen zu können. Melden Sie sich als Administrator an oder wenden Sie sich an den technischen Support, um Unterstützung zu erhalten.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/15/2013 04:26:54 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (07/24/2013 03:25:40 AM) (Source: Application Error)(User: )
Description: tbhcn.exe0.0.0.0507fbe94tbhcn.exe0.0.0.0507fbe94c00004170008508e88401ce871395dd9da4C:\Users\Susanne\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exeC: \Users\Susanne\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exef33032cb-f3ff-11e2-986b-b4b52f2c752f

Error: (07/10/2013 06:27:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\SoftonicDownloader_fuer_nero-kwik-burn.exe

Error: (06/19/2013 08:06:37 PM) (Source: Application Error)(User: )
Description: tbhcn.exe0.0.0.0507fbe94tbhcn.exe0.0.0.0507fbe94c00004170008508eda401ce6b697956081bC:\Users\Susanne\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exeC: \Users\Susanne\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exefb656a81-d90a-11e2-854e-b4b52f2c752f

Error: (06/16/2013 08:58:49 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (06/15/2013 01:43:40 PM) (Source: Application Error)(User: )
Description: tbhcn.exe0.0.0.0507fbe94tbhcn.exe0.0.0.0507fbe94c00004170008508edb401ce68f3380b1307C:\Users\Susanne\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exeC: \Users\Susanne\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exed29ec151-d5b0-11e2-8f7e-b4b52f2c752f

Error: (05/24/2013 06:18:59 PM) (Source: Application Error)(User: )
Description: tbhcn.exe0.0.0.0507fbe94tbhcn.exe0.0.0.0507fbe94c00004170008508ea2001ce562852e11f08C:\Users\Susanne\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exeC: \Users\Susanne\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exea335d922-c48d-11e2-94dc-b4b52f2c752f


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3947.86 MB
Available physical RAM: 2110 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5772.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.21 GB) (Free:148.3 GB) NTFS (Disk=0 Partition=2)
Drive z: (RAMDISK) (Fixed) (Total:0.25 GB) (Free:0.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1707A8A5)
Partition 1: (Active) - (Size=900 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=297 GB) - (Type=07 NTFS)

==================== End Of Log ============================
und hier schritt 3:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-08-16 14:43:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0005 298,09GB
Running: 1gww4hxu.exe; Driver: C:\Temp\axdirfow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                fffff80002e04000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591                                                                                fffff80002e0402f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000074c21465 2 bytes [C2, 74]
.text     C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     0000000074c214bb 2 bytes [C2, 74]
.text     ...                                                                                                                                               * 2
.text     C:\Users\Susanne\Desktop\Defogger.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               0000000074c21465 2 bytes [C2, 74]
.text     C:\Users\Susanne\Desktop\Defogger.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              0000000074c214bb 2 bytes [C2, 74]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4944] C:\Windows\syswow64\ole32.dll!OleLoadFromStream                                00000000765e6143 5 bytes JMP 000000016252b86e
.text     C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4944] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString                                 00000000756d3e59 4 bytes JMP 00000001622f5d11
.text     C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4944] C:\Windows\syswow64\OLEAUT32.dll!VariantClear                                  00000000756d3eae 4 bytes JMP 00000001622f84c1
.text     C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4944] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen                         00000000756d4731 4 bytes JMP 00000001622f8631
.text     C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4944] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType                             00000000756d5dee 4 bytes JMP 000000016230d9c1
.text     C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4944] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!CreateSemaphoreW + 1          000000004997b150 4 bytes {JMP 0x2b2e18f3}
.text     C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4944] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!GetModuleFileNameW + 1        000000004997b1be 4 bytes {JMP 0x2b2c977b}
.text     C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4944] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!GetModuleHandleW + 1          000000004997b1c3 4 bytes {JMP 0x2b2c82ce}
.text     C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4944] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!RegisterClipboardFormatW + 1  000000004997b420 4 bytes {JMP 0x2b72ea9e}

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [448:3000]                                                                                                        000007fef7ac44e0
Thread    C:\Windows\System32\svchost.exe [448:4372]                                                                                                        000007fef19c3efc
Thread    C:\Windows\System32\svchost.exe [448:4460]                                                                                                        000007fef1a48a4c
Thread    C:\Windows\System32\svchost.exe [448:2660]                                                                                                        000007fef7c888f8
Thread    C:\Windows\system32\svchost.exe [1440:1912]                                                                                                       000007fef80635c0
Thread    C:\Windows\system32\svchost.exe [1440:1916]                                                                                                       000007fef8065600
Thread    C:\Windows\system32\svchost.exe [1440:2724]                                                                                                       000007fef6372940
Thread    C:\Windows\system32\svchost.exe [1440:2312]                                                                                                       000007fef59d2888
Thread    C:\Windows\system32\svchost.exe [1440:4608]                                                                                                       000007fef59d2a40
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2712:2748]                                                                            0000000075237587
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2712:3040]                                                                            0000000072cf0cb3
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2712:2888]                                                                            0000000077012e65
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2712:3984]                                                                            0000000077013e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2712:1048]                                                                            0000000077013e85
Thread    C:\Windows\system32\Dwm.exe [2592:2788]                                                                                                           000007fef67cf0d8
Thread    C:\Windows\system32\Dwm.exe [2592:2792]                                                                                                           000007fefb96abf0
Thread    C:\Program Files\Microsoft Security Client\msseces.exe [696:2264]                                                                                 000007fefb1f2a7c

---- EOF - GMER 2.1 ----
         
--- --- ---

schritt 4: avira hat keine Funde zu verzeichnen.


Alt 16.08.2013, 15:07   #6
aharonov
/// TB-Ausbilder
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



Ok, dann so weiter:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von FRST
__________________
--> fbDownloader eingefangen

Alt 16.08.2013, 16:16   #7
unkrautlilie
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



hier das LOG von AdwCleaner
(leider hat sich beim firefox-neustart gleich wieder die fbdownloader-seite geöffnet...)
gleich starte ich nochmal FRST

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 16/08/2013 um 16:05:35 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Susanne - SUSANNE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Susanne\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\search.xml
Ordner Gelöscht : C:\Program Files (x86)\GinyasBrowserCompanion
Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\GinyasBrowserCompanion
Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\HMN
Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\SDIV 2.0

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [TU]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16660

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21");
Gelöscht : user_pref("extensions.fbdownloader.issearch", true);
Gelöscht : user_pref("extensions.ui.lastCategory", "addons://search/fbdownloader");

*************************

AdwCleaner[S1].txt - [3424 octets] - [16/08/2013 16:05:35]

########## EOF - C:\AdwCleaner[S1].txt - [3484 octets] ##########
         
--- --- ---


und das neue FRST LOG:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013
Ran by Susanne (administrator) on 16-08-2013 16:16:41
Running from C:\Users\Susanne\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Sytems Incorporated) C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
() C:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKCU\...\Run: [EPSON131837 (Epson Stylus SX440)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Temp\E_S317E.tmp" /EF "HKCU" [x]
HKCU\...\Run: [EPSON SX440 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Temp\E_S3314.tmp" /EF "HKCU" [x]
HKCU\...\Run: [EPSON131837 (Epson Stylus SX440) (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Temp\E_S3278.tmp" /EF "HKCU" [x]
HKCU\...\Run: [SCheck] - C:\Users\Susanne\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Susanne\AppData\Roaming\Snz\Snz.exe [1137673 2013-07-23] ()
HKCU\...\Run: [Intermediate] - C:\Users\Susanne\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {26780cdd-a3a1-11e2-9f35-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966276-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966285-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f49664ec-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f49664f1-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966650-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966658-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\..\Interfaces\{6DE81083-A3D9-41D7-AD49-4F6675915E74}: [NameServer]192.168.178.1
Tcpip\..\Interfaces\{9F6D36EE-FCCB-4C75-8E88-411610ADCB30}: [NameServer]192.168.178.1,192.168.178.0

FireFox:
========
FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://searchqm.com/?channel=sfde203fbdgy21
FF Keyword.URL: hxxp://searchqm.com/search.php?channel=sfde203fbdgy21&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\webde-suche.xml
FF Extension: YoutubeDownloader - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-07] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-07] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5\RpcAgentSrv.exe [68760 2009-08-03] (SiSoftware)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-07] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-07] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-07] (Avira GmbH)
R0 FancyRd; C:\Windows\System32\DRIVERS\fancyrd.sys [155072 2012-06-24] (Romex Software)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-16] (DiBcom S.A.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 mod7700; system32\DRIVERS\mod7700.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-16 16:17 - 2013-08-16 16:17 - 00011211 _____ C:\Temp\log1
2013-08-16 16:16 - 2013-08-16 16:16 - 00010092 _____ C:\Temp\frstlog
2013-08-16 16:16 - 2013-08-16 16:16 - 00000095 _____ C:\Temp\users00
2013-08-16 16:16 - 2013-08-16 16:16 - 00000003 _____ C:\Temp\others
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____T C:\Temp\ib13
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____T C:\Temp\ib12
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____T C:\Temp\ib11
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____D C:\Temp\WPDNSE
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____D C:\Temp\nsaAD9D.tmp
2013-08-16 16:07 - 2013-08-16 16:07 - 00000608 _____ C:\Temp\fwtsqmfile01.sqm
2013-08-16 16:05 - 2013-08-16 16:06 - 00003551 _____ C:\AdwCleaner[S1].txt
2013-08-16 16:05 - 2013-08-16 16:05 - 00000000 ____D C:\Temp\MPTelemetrySubmit
2013-08-16 15:45 - 2013-08-16 15:45 - 00666633 _____ C:\Users\Susanne\Desktop\adwcleaner.exe
2013-08-16 15:15 - 2013-08-16 15:15 - 00000000 ____D C:\Temp\nsvCCD0.tmp
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib9
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib8
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib10
2013-08-16 15:13 - 2013-08-16 15:13 - 00262144 _____ C:\Windows\Minidump\081613-22900-01.dmp
2013-08-16 15:13 - 2013-08-16 15:13 - 00000000 ____D C:\Windows\Minidump
2013-08-16 15:12 - 2013-08-16 15:12 - 548217704 _____ C:\Windows\MEMORY.DMP
2013-08-16 14:43 - 2013-08-16 14:43 - 00006690 _____ C:\Users\Susanne\Desktop\gmer.txt
2013-08-16 14:18 - 2013-08-16 14:18 - 00377856 _____ C:\Users\Susanne\Desktop\1gww4hxu.exe
2013-08-16 13:58 - 2013-08-16 14:25 - 00019195 _____ C:\Users\Susanne\Desktop\Addition.txt
2013-08-16 13:57 - 2013-08-16 13:57 - 00000000 ____D C:\FRST
2013-08-16 13:56 - 2013-08-16 13:56 - 01576058 _____ (Farbar) C:\Users\Susanne\Desktop\FRST64.exe
2013-08-16 13:55 - 2013-08-16 14:25 - 00000476 _____ C:\Users\Susanne\Desktop\defogger_disable.log
2013-08-16 13:55 - 2013-08-16 13:55 - 00000000 _____ C:\Users\Susanne\defogger_reenable
2013-08-16 13:52 - 2013-08-16 13:52 - 00050477 _____ C:\Users\Susanne\Desktop\Defogger.exe
2013-08-16 11:56 - 2000-10-05 16:00 - 00054272 _____ (InstallShield Software Corporation) C:\Temp\setA363.tmp
2013-08-15 18:21 - 2013-08-15 18:21 - 00000608 _____ C:\Temp\fwtsqmfile00.sqm
2013-08-15 18:14 - 2013-08-16 16:08 - 00000494 _____ C:\Temp\~glaryutilities-version.dat
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI485c2.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI476b5.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Snz
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\SCheck
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Intermediate
2013-08-15 18:13 - 2013-08-15 18:14 - 00000000 ____D C:\Temp\nsb20AB.tmp
2013-08-15 18:13 - 2013-08-15 18:14 - 00000000 ____D C:\Temp\nsb1D9F.tmp
2013-08-15 18:13 - 2013-08-15 18:13 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Common
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib7
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib6
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib5
2013-08-15 18:10 - 2013-08-16 16:07 - 00000168 _____ C:\Windows\setupact.log
2013-08-15 18:10 - 2013-08-15 18:10 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 18:09 - 2013-08-15 18:09 - 00003288 ____N C:\bootsqm.dat
2013-08-15 18:09 - 2013-08-15 18:09 - 00000284 _____ C:\Windows\PFRO.log
2013-08-15 16:41 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 16:41 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 16:41 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 16:41 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 16:41 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 16:41 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 16:41 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 16:41 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 16:41 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 16:41 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 16:41 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 16:41 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 16:41 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 16:41 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:40 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 16:40 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 16:40 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 16:40 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 16:40 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 16:33 - 2013-08-15 16:39 - 28613430 _____ C:\Temp\KB2840628v2_20130815_163345552-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2013-08-15 16:33 - 2013-08-15 16:39 - 00065664 _____ C:\Temp\KB2840628v2_20130815_163345552.html
2013-08-15 16:33 - 2013-08-15 16:33 - 00003017 _____ C:\Temp\dd_clwireg.txt
2013-08-15 16:33 - 2013-08-15 16:33 - 00000000 ____D C:\Temp\KB2840628v2_10.0.30319
2013-08-15 16:30 - 2013-08-15 16:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 20:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 20:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 20:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 20:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 20:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 20:27 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 20:27 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 20:27 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 20:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 20:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:27 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-14 20:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 21:33 - 2013-08-16 16:16 - 00022016 _____ C:\Temp\MpCmdRun.log
2013-08-12 17:55 - 2013-08-12 17:55 - 00006119 ____T C:\Temp\VGX5554.tmp
2013-08-10 12:42 - 2013-08-13 12:00 - 00000000 ____D C:\Temp\msohtml1
2013-08-10 12:42 - 2013-08-10 12:42 - 00000000 ____D C:\Temp\msohtml
2013-08-06 16:40 - 2013-08-06 16:40 - 00000000 ____D C:\ProgramData\GlarySoft
2013-08-06 16:38 - 2013-08-06 16:38 - 00006119 ____T C:\Temp\VGXCAD.tmp
2013-08-06 16:37 - 2013-08-12 21:29 - 00000430 _____ C:\Windows\Tasks\GlaryOneClickOptimizer 3.job
2013-08-06 16:37 - 2013-08-06 16:37 - 00003238 _____ C:\Windows\System32\Tasks\GlaryOneClickOptimizer 3
2013-08-06 16:33 - 2013-08-16 16:09 - 00000338 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-08-06 16:33 - 2013-08-16 16:08 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00002642 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00001040 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-08-06 16:33 - 2013-08-06 16:33 - 00000075 _____ C:\DiskDefrag.log
2013-08-06 16:33 - 2013-08-05 11:10 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-08-06 16:31 - 2013-08-06 16:32 - 16137808 _____ C:\Users\Susanne\Downloads\gup3setup.exe
2013-08-04 10:19 - 2013-08-04 10:19 - 00000000 ____D C:\Temp\CDBurnerXP-updates
2013-08-03 11:36 - 2013-08-15 20:12 - 00000000 ____D C:\Temp\MPInstrumentation
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib4
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib3
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib2
2013-07-24 13:31 - 2013-08-06 16:09 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\vlc
2013-07-24 13:31 - 2013-07-24 13:31 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk

==================== One Month Modified Files and Folders =======

2013-08-16 16:17 - 2013-08-16 16:17 - 00011278 _____ C:\Temp\log1
2013-08-16 16:17 - 2013-08-16 16:16 - 00010092 _____ C:\Temp\frstlog
2013-08-16 16:17 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-16 16:17 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-16 16:16 - 2013-08-16 16:16 - 00000095 _____ C:\Temp\users00
2013-08-16 16:16 - 2013-08-16 16:16 - 00000003 _____ C:\Temp\others
2013-08-16 16:16 - 2013-08-13 21:33 - 00022016 _____ C:\Temp\MpCmdRun.log
2013-08-16 16:14 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-16 16:14 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-16 16:14 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____T C:\Temp\ib13
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____T C:\Temp\ib12
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____T C:\Temp\ib11
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____D C:\Temp\WPDNSE
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____D C:\Temp\nsaAD9D.tmp
2013-08-16 16:09 - 2013-08-06 16:33 - 00000338 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-08-16 16:08 - 2013-08-15 18:14 - 00000494 _____ C:\Temp\~glaryutilities-version.dat
2013-08-16 16:08 - 2013-08-06 16:33 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-08-16 16:08 - 2013-01-07 21:44 - 00000000 ____D C:\Temp\hsperfdata_SUSANNE-PC$
2013-08-16 16:07 - 2013-08-16 16:07 - 00000608 _____ C:\Temp\fwtsqmfile01.sqm
2013-08-16 16:07 - 2013-08-15 18:10 - 00000168 _____ C:\Windows\setupact.log
2013-08-16 16:07 - 2012-08-13 08:43 - 01589556 _____ C:\Windows\WindowsUpdate.log
2013-08-16 16:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-16 16:06 - 2013-08-16 16:05 - 00003551 _____ C:\AdwCleaner[S1].txt
2013-08-16 16:05 - 2013-08-16 16:05 - 00000000 ____D C:\Temp\MPTelemetrySubmit
2013-08-16 15:45 - 2013-08-16 15:45 - 00666633 _____ C:\Users\Susanne\Desktop\adwcleaner.exe
2013-08-16 15:15 - 2013-08-16 15:15 - 00000000 ____D C:\Temp\nsvCCD0.tmp
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib9
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib8
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib10
2013-08-16 15:13 - 2013-08-16 15:13 - 00262144 _____ C:\Windows\Minidump\081613-22900-01.dmp
2013-08-16 15:13 - 2013-08-16 15:13 - 00000000 ____D C:\Windows\Minidump
2013-08-16 15:12 - 2013-08-16 15:12 - 548217704 _____ C:\Windows\MEMORY.DMP
2013-08-16 14:43 - 2013-08-16 14:43 - 00006690 _____ C:\Users\Susanne\Desktop\gmer.txt
2013-08-16 14:25 - 2013-08-16 13:58 - 00019195 _____ C:\Users\Susanne\Desktop\Addition.txt
2013-08-16 14:25 - 2013-08-16 13:55 - 00000476 _____ C:\Users\Susanne\Desktop\defogger_disable.log
2013-08-16 14:18 - 2013-08-16 14:18 - 00377856 _____ C:\Users\Susanne\Desktop\1gww4hxu.exe
2013-08-16 13:57 - 2013-08-16 13:57 - 00000000 ____D C:\FRST
2013-08-16 13:56 - 2013-08-16 13:56 - 01576058 _____ (Farbar) C:\Users\Susanne\Desktop\FRST64.exe
2013-08-16 13:55 - 2013-08-16 13:55 - 00000000 _____ C:\Users\Susanne\defogger_reenable
2013-08-16 13:55 - 2012-08-13 08:51 - 00000000 ____D C:\Users\Susanne
2013-08-16 13:52 - 2013-08-16 13:52 - 00050477 _____ C:\Users\Susanne\Desktop\Defogger.exe
2013-08-16 11:56 - 2013-02-02 14:24 - 00000105 _____ C:\Windows\WISO.INI
2013-08-16 11:56 - 2012-08-13 09:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-16 08:31 - 2013-01-01 18:08 - 00000000 ____D C:\Temp\acro_rd_dir
2013-08-15 20:12 - 2013-08-03 11:36 - 00000000 ____D C:\Temp\MPInstrumentation
2013-08-15 18:21 - 2013-08-15 18:21 - 00000608 _____ C:\Temp\fwtsqmfile00.sqm
2013-08-15 18:19 - 2012-10-01 16:46 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{25777FCA-7115-44B3-A042-CC520D51DDC3}
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI485c2.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI476b5.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Snz
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\SCheck
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Intermediate
2013-08-15 18:14 - 2013-08-15 18:13 - 00000000 ____D C:\Temp\nsb20AB.tmp
2013-08-15 18:14 - 2013-08-15 18:13 - 00000000 ____D C:\Temp\nsb1D9F.tmp
2013-08-15 18:13 - 2013-08-15 18:13 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Common
2013-08-15 18:12 - 2012-08-13 09:39 - 00000000 ____D C:\Windows\Panther
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib7
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib6
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib5
2013-08-15 18:10 - 2013-08-15 18:10 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 18:09 - 2013-08-15 18:09 - 00003288 ____N C:\bootsqm.dat
2013-08-15 18:09 - 2013-08-15 18:09 - 00000284 _____ C:\Windows\PFRO.log
2013-08-15 16:39 - 2013-08-15 16:33 - 28613430 _____ C:\Temp\KB2840628v2_20130815_163345552-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2013-08-15 16:39 - 2013-08-15 16:33 - 00065664 _____ C:\Temp\KB2840628v2_20130815_163345552.html
2013-08-15 16:33 - 2013-08-15 16:33 - 00003017 _____ C:\Temp\dd_clwireg.txt
2013-08-15 16:33 - 2013-08-15 16:33 - 00000000 ____D C:\Temp\KB2840628v2_10.0.30319
2013-08-15 16:33 - 2013-08-15 16:30 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:30 - 2012-08-13 11:07 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 16:29 - 2009-07-14 04:34 - 00000586 _____ C:\Windows\win.ini
2013-08-13 12:00 - 2013-08-10 12:42 - 00000000 ____D C:\Temp\msohtml1
2013-08-12 21:29 - 2013-08-06 16:37 - 00000430 _____ C:\Windows\Tasks\GlaryOneClickOptimizer 3.job
2013-08-12 17:55 - 2013-08-12 17:55 - 00006119 ____T C:\Temp\VGX5554.tmp
2013-08-10 12:42 - 2013-08-10 12:42 - 00000000 ____D C:\Temp\msohtml
2013-08-06 16:40 - 2013-08-06 16:40 - 00000000 ____D C:\ProgramData\GlarySoft
2013-08-06 16:38 - 2013-08-06 16:38 - 00006119 ____T C:\Temp\VGXCAD.tmp
2013-08-06 16:37 - 2013-08-06 16:37 - 00003238 _____ C:\Windows\System32\Tasks\GlaryOneClickOptimizer 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00002642 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00001040 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-08-06 16:33 - 2013-08-06 16:33 - 00000075 _____ C:\DiskDefrag.log
2013-08-06 16:33 - 2012-12-02 11:23 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\GlarySoft
2013-08-06 16:32 - 2013-08-06 16:31 - 16137808 _____ C:\Users\Susanne\Downloads\gup3setup.exe
2013-08-06 16:09 - 2013-07-24 13:31 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\vlc
2013-08-05 18:48 - 2012-08-16 22:40 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Macromedia
2013-08-05 11:10 - 2013-08-06 16:33 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-08-04 21:31 - 2012-09-23 17:30 - 00000000 ____D C:\Users\Susanne\WISO
2013-08-04 10:19 - 2013-08-04 10:19 - 00000000 ____D C:\Temp\CDBurnerXP-updates
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib4
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib3
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib2
2013-07-26 07:13 - 2013-08-15 16:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:13 - 2013-08-15 16:40 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 16:40 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:35 - 2013-08-15 16:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 16:40 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 16:40 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 16:41 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 05:11 - 2013-08-15 16:40 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 04:49 - 2013-08-15 16:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 16:41 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 16:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 20:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 20:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 13:31 - 2013-07-24 13:31 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-24 13:18 - 2013-03-31 20:06 - 00000000 ____D C:\ProgramData\DatacardService
2013-07-24 13:14 - 2012-08-13 08:52 - 00000000 ___RD C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-24 13:13 - 2012-09-23 00:59 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\DVDVideoSoft
2013-07-22 21:40 - 2009-07-14 06:45 - 00299872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 21:38 - 2012-08-13 16:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-22 21:38 - 2012-08-13 16:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-22 19:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-22 19:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-22 19:05 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-22 16:48 - 2012-09-23 16:57 - 00000000 ____D C:\Users\Susanne\CHORtexte
2013-07-22 14:36 - 2012-08-16 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-19 03:58 - 2013-08-14 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-14 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 20:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 16.08.2013, 16:25   #8
aharonov
/// TB-Ausbilder
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



Wie sieht es nach diesem Fix aus?


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Snz
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\SCheck
2013-08-15 18:14 - 2013-08-15 18:14 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Intermediate
2013-08-15 18:13 - 2013-08-15 18:13 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Common
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
HKCU\...\Run: [SCheck] - C:\Users\Susanne\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Susanne\AppData\Roaming\Snz\Snz.exe [1137673 2013-07-23] ()
HKCU\...\Run: [Intermediate] - C:\Users\Susanne\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
cheers,
Leo

Alt 16.08.2013, 17:24   #9
unkrautlilie
 
fbDownloader eingefangen - Ausrufezeichen

fbDownloader eingefangen



danke Leo, ich glaube das wird jetzt gut.
Schon vor dem letzten FRST hat firefox nicht mehr das fbdownloader-fenster angezeigt.
uff. klasse, wenn das klappt!
hier das FIX LOG:

Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2013
Ran by Susanne at 2013-08-16 17:03:47 Run:1
Running from C:\Users\Susanne\Desktop
Boot Mode: Normal
==============================================

C:\Users\Susanne\AppData\Roaming\Snz => Moved successfully.
C:\Users\Susanne\AppData\Roaming\SCheck => Moved successfully.
C:\Users\Susanne\AppData\Roaming\Intermediate => Moved successfully.
C:\Users\Susanne\AppData\Roaming\Common => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SCheck => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Snoozer => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Intermediate => Value deleted successfully.

==== End of Fixlog ====
mist. ich habe immer noch den fbdownloader drauf... einmal öfffnete sich ein firefox fenster ohne ihn. dann wieder nur noch mit ihm. habe den rechner neu hochgefahren, weil ich dachte, es würde vielleicht erst dann wirksam, aber gleiches bild :-(

aha - jetzt sehe ich den unterschied :
firefox neu öffnen: fbdownloader.
nur ein neues tab öffnen: nicht fbdownloader drin!
das war vorher anders. da steckte der fbdownloader in jedem tab...

Alt 16.08.2013, 17:42   #10
aharonov
/// TB-Ausbilder
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



Ok.


Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von JRT
  • Log von FRST
__________________
cheers,
Leo

Alt 17.08.2013, 12:07   #11
unkrautlilie
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



alles erledigt, leider wieder fbdownloader beim öffnen von firefox.

hier die LOGs:

das JRT LOG:
Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.7 (08.17.2013:1)
OS: Windows 7 Ultimate x64
Ran by Susanne on 17.08.2013 at 11:55:26,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_nero-kwik-burn_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_nero-kwik-burn_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_nero-kwik-burn_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_nero-kwik-burn_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Susanne\AppData\Roaming\mozilla\firefox\profiles\2zo0xsz1.default\invalidprefs.js
Successfully deleted the following from C:\Users\Susanne\AppData\Roaming\mozilla\firefox\profiles\2zo0xsz1.default\prefs.js

user_pref("om.config", "{\"active\":true,\"name\":\"de\",\"id\":11,\"dispId\":\"CH-11\",\"aboutLink\":\"\",\"trackingGeneral\":true,\"gaAccount\":\"UA-39484183-1\",\"gaDomain\
Emptied folder: C:\Users\Susanne\AppData\Roaming\mozilla\firefox\profiles\2zo0xsz1.default\minidumps [147 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.08.2013 at 12:01:02,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und das neue FRST LOG:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013
Ran by Susanne (administrator) on 17-08-2013 12:04:01
Running from C:\Users\Susanne\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Sytems Incorporated) C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKCU\...\Run: [EPSON131837 (Epson Stylus SX440)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Temp\E_S317E.tmp" /EF "HKCU" [x]
HKCU\...\Run: [EPSON SX440 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Temp\E_S3314.tmp" /EF "HKCU" [x]
HKCU\...\Run: [EPSON131837 (Epson Stylus SX440) (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Temp\E_S3278.tmp" /EF "HKCU" [x]
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {26780cdd-a3a1-11e2-9f35-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966276-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966285-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f49664ec-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f49664f1-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966650-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
MountPoints2: {f4966658-9775-11e2-99d7-b4b52f2c752f} - E:\AutoRun.exe
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope value is missing.
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\..\Interfaces\{6DE81083-A3D9-41D7-AD49-4F6675915E74}: [NameServer]192.168.178.1
Tcpip\..\Interfaces\{9F6D36EE-FCCB-4C75-8E88-411610ADCB30}: [NameServer]192.168.178.1,192.168.178.0

FireFox:
========
FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://searchqm.com/?channel=sfde203fbdgy21
FF Keyword.URL: hxxp://searchqm.com/search.php?channel=sfde203fbdgy21&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\searchplugins\webde-suche.xml
FF Extension: YoutubeDownloader - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\2zo0xsz1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-07] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-07] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5\RpcAgentSrv.exe [68760 2009-08-03] (SiSoftware)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-07] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-07] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-07] (Avira GmbH)
R0 FancyRd; C:\Windows\System32\DRIVERS\fancyrd.sys [155072 2012-06-24] (Romex Software)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-16] (DiBcom S.A.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 mod7700; system32\DRIVERS\mod7700.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 12:04 - 2013-08-17 12:04 - 00011471 _____ C:\Temp\log1
2013-08-17 12:04 - 2013-08-17 12:04 - 00009499 _____ C:\Temp\frstlog
2013-08-17 12:04 - 2013-08-17 12:04 - 00000095 _____ C:\Temp\users00
2013-08-17 12:04 - 2013-08-17 12:04 - 00000003 _____ C:\Temp\others
2013-08-17 12:01 - 2013-08-17 12:01 - 00001939 _____ C:\Users\Susanne\Desktop\JRT.txt
2013-08-17 12:01 - 2013-08-17 12:01 - 00001939 _____ C:\Temp\JRT.txt
2013-08-17 11:58 - 2013-08-17 11:58 - 00000000 ____D C:\Temp\WPDNSE
2013-08-17 11:55 - 2013-08-17 11:55 - 00000000 ____D C:\Windows\ERUNT
2013-08-17 11:53 - 2013-08-17 11:53 - 00000000 ____D C:\Temp\jrt
2013-08-17 11:52 - 2013-08-17 11:52 - 01017778 _____ (Thisisu) C:\Users\Susanne\Desktop\JRT.exe
2013-08-16 17:54 - 2013-08-16 17:54 - 00000608 _____ C:\Temp\fwtsqmfile03.sqm
2013-08-16 17:21 - 2013-08-16 17:21 - 00000000 ____T C:\Temp\ib13
2013-08-16 17:21 - 2013-08-16 17:21 - 00000000 ____T C:\Temp\ib12
2013-08-16 17:21 - 2013-08-16 17:21 - 00000000 ____T C:\Temp\ib11
2013-08-16 17:19 - 2013-08-16 17:19 - 00000608 _____ C:\Temp\fwtsqmfile02.sqm
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____D C:\Temp\nsaAD9D.tmp
2013-08-16 16:07 - 2013-08-16 16:07 - 00000608 _____ C:\Temp\fwtsqmfile01.sqm
2013-08-16 16:05 - 2013-08-16 16:06 - 00003551 _____ C:\AdwCleaner[S1].txt
2013-08-16 16:05 - 2013-08-16 16:05 - 00000000 ____D C:\Temp\MPTelemetrySubmit
2013-08-16 15:45 - 2013-08-16 15:45 - 00666633 _____ C:\Users\Susanne\Desktop\adwcleaner.exe
2013-08-16 15:15 - 2013-08-16 15:15 - 00000000 ____D C:\Temp\nsvCCD0.tmp
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib9
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib8
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib10
2013-08-16 15:13 - 2013-08-16 15:13 - 00262144 _____ C:\Windows\Minidump\081613-22900-01.dmp
2013-08-16 15:13 - 2013-08-16 15:13 - 00000000 ____D C:\Windows\Minidump
2013-08-16 15:12 - 2013-08-16 15:12 - 548217704 _____ C:\Windows\MEMORY.DMP
2013-08-16 14:43 - 2013-08-16 14:43 - 00006690 _____ C:\Users\Susanne\Desktop\gmer.txt
2013-08-16 14:18 - 2013-08-16 14:18 - 00377856 _____ C:\Users\Susanne\Desktop\1gww4hxu.exe
2013-08-16 13:58 - 2013-08-16 14:25 - 00019195 _____ C:\Users\Susanne\Desktop\Addition.txt
2013-08-16 13:57 - 2013-08-16 13:57 - 00000000 ____D C:\FRST
2013-08-16 13:56 - 2013-08-16 13:56 - 01576058 _____ (Farbar) C:\Users\Susanne\Desktop\FRST64.exe
2013-08-16 13:55 - 2013-08-16 14:25 - 00000476 _____ C:\Users\Susanne\Desktop\defogger_disable.log
2013-08-16 13:55 - 2013-08-16 13:55 - 00000000 _____ C:\Users\Susanne\defogger_reenable
2013-08-16 13:52 - 2013-08-16 13:52 - 00050477 _____ C:\Users\Susanne\Desktop\Defogger.exe
2013-08-16 11:56 - 2000-10-05 16:00 - 00054272 _____ (InstallShield Software Corporation) C:\Temp\setA363.tmp
2013-08-15 18:21 - 2013-08-15 18:21 - 00000608 _____ C:\Temp\fwtsqmfile00.sqm
2013-08-15 18:14 - 2013-08-16 16:08 - 00000494 _____ C:\Temp\~glaryutilities-version.dat
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI485c2.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI476b5.LOG
2013-08-15 18:13 - 2013-08-15 18:14 - 00000000 ____D C:\Temp\nsb20AB.tmp
2013-08-15 18:13 - 2013-08-15 18:14 - 00000000 ____D C:\Temp\nsb1D9F.tmp
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib7
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib6
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib5
2013-08-15 18:10 - 2013-08-16 17:20 - 00000224 _____ C:\Windows\setupact.log
2013-08-15 18:10 - 2013-08-15 18:10 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 18:09 - 2013-08-15 18:09 - 00003288 ____N C:\bootsqm.dat
2013-08-15 18:09 - 2013-08-15 18:09 - 00000284 _____ C:\Windows\PFRO.log
2013-08-15 16:41 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 16:41 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 16:41 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 16:41 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 16:41 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 16:41 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 16:41 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 16:41 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 16:41 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 16:41 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 16:41 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 16:41 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 16:41 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 16:41 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:40 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 16:40 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 16:40 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 16:40 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 16:40 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 16:40 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 16:40 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 16:33 - 2013-08-15 16:39 - 28613430 _____ C:\Temp\KB2840628v2_20130815_163345552-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2013-08-15 16:33 - 2013-08-15 16:39 - 00065664 _____ C:\Temp\KB2840628v2_20130815_163345552.html
2013-08-15 16:33 - 2013-08-15 16:33 - 00003017 _____ C:\Temp\dd_clwireg.txt
2013-08-15 16:33 - 2013-08-15 16:33 - 00000000 ____D C:\Temp\KB2840628v2_10.0.30319
2013-08-15 16:30 - 2013-08-15 16:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 20:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 20:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 20:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 20:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 20:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 20:27 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 20:27 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 20:27 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 20:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 20:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:27 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-14 20:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 21:33 - 2013-08-17 08:58 - 00031248 _____ C:\Temp\MpCmdRun.log
2013-08-12 17:55 - 2013-08-12 17:55 - 00006119 ____T C:\Temp\VGX5554.tmp
2013-08-10 12:42 - 2013-08-13 12:00 - 00000000 ____D C:\Temp\msohtml1
2013-08-10 12:42 - 2013-08-10 12:42 - 00000000 ____D C:\Temp\msohtml
2013-08-06 16:40 - 2013-08-06 16:40 - 00000000 ____D C:\ProgramData\GlarySoft
2013-08-06 16:38 - 2013-08-06 16:38 - 00006119 ____T C:\Temp\VGXCAD.tmp
2013-08-06 16:37 - 2013-08-12 21:29 - 00000430 _____ C:\Windows\Tasks\GlaryOneClickOptimizer 3.job
2013-08-06 16:37 - 2013-08-06 16:37 - 00003238 _____ C:\Windows\System32\Tasks\GlaryOneClickOptimizer 3
2013-08-06 16:33 - 2013-08-16 17:22 - 00000338 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-08-06 16:33 - 2013-08-16 17:21 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00002642 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00001040 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-08-06 16:33 - 2013-08-06 16:33 - 00000075 _____ C:\DiskDefrag.log
2013-08-06 16:33 - 2013-08-05 11:10 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-08-06 16:31 - 2013-08-06 16:32 - 16137808 _____ C:\Users\Susanne\Downloads\gup3setup.exe
2013-08-04 10:19 - 2013-08-04 10:19 - 00000000 ____D C:\Temp\CDBurnerXP-updates
2013-08-03 11:36 - 2013-08-17 11:27 - 00000000 ____D C:\Temp\MPInstrumentation
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib4
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib3
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib2
2013-07-24 13:31 - 2013-08-06 16:09 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\vlc
2013-07-24 13:31 - 2013-07-24 13:31 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk

==================== One Month Modified Files and Folders =======

2013-08-17 12:04 - 2013-08-17 12:04 - 00011538 _____ C:\Temp\log1
2013-08-17 12:04 - 2013-08-17 12:04 - 00009499 _____ C:\Temp\frstlog
2013-08-17 12:04 - 2013-08-17 12:04 - 00000095 _____ C:\Temp\users00
2013-08-17 12:04 - 2013-08-17 12:04 - 00000003 _____ C:\Temp\others
2013-08-17 12:01 - 2013-08-17 12:01 - 00001939 _____ C:\Users\Susanne\Desktop\JRT.txt
2013-08-17 12:01 - 2013-08-17 12:01 - 00001939 _____ C:\Temp\JRT.txt
2013-08-17 11:58 - 2013-08-17 11:58 - 00000000 ____D C:\Temp\WPDNSE
2013-08-17 11:55 - 2013-08-17 11:55 - 00000000 ____D C:\Windows\ERUNT
2013-08-17 11:53 - 2013-08-17 11:53 - 00000000 ____D C:\Temp\jrt
2013-08-17 11:52 - 2013-08-17 11:52 - 01017778 _____ (Thisisu) C:\Users\Susanne\Desktop\JRT.exe
2013-08-17 11:27 - 2013-08-03 11:36 - 00000000 ____D C:\Temp\MPInstrumentation
2013-08-17 08:58 - 2013-08-13 21:33 - 00031248 _____ C:\Temp\MpCmdRun.log
2013-08-17 08:58 - 2012-08-13 08:43 - 01691205 _____ C:\Windows\WindowsUpdate.log
2013-08-16 17:54 - 2013-08-16 17:54 - 00000608 _____ C:\Temp\fwtsqmfile03.sqm
2013-08-16 17:29 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-16 17:29 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-16 17:27 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-16 17:27 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-16 17:27 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-16 17:22 - 2013-08-06 16:33 - 00000338 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-08-16 17:21 - 2013-08-16 17:21 - 00000000 ____T C:\Temp\ib13
2013-08-16 17:21 - 2013-08-16 17:21 - 00000000 ____T C:\Temp\ib12
2013-08-16 17:21 - 2013-08-16 17:21 - 00000000 ____T C:\Temp\ib11
2013-08-16 17:21 - 2013-08-06 16:33 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-08-16 17:20 - 2013-08-15 18:10 - 00000224 _____ C:\Windows\setupact.log
2013-08-16 17:20 - 2013-01-07 21:44 - 00000000 ____D C:\Temp\hsperfdata_SUSANNE-PC$
2013-08-16 17:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-16 17:19 - 2013-08-16 17:19 - 00000608 _____ C:\Temp\fwtsqmfile02.sqm
2013-08-16 16:09 - 2013-08-16 16:09 - 00000000 ____D C:\Temp\nsaAD9D.tmp
2013-08-16 16:08 - 2013-08-15 18:14 - 00000494 _____ C:\Temp\~glaryutilities-version.dat
2013-08-16 16:07 - 2013-08-16 16:07 - 00000608 _____ C:\Temp\fwtsqmfile01.sqm
2013-08-16 16:06 - 2013-08-16 16:05 - 00003551 _____ C:\AdwCleaner[S1].txt
2013-08-16 16:05 - 2013-08-16 16:05 - 00000000 ____D C:\Temp\MPTelemetrySubmit
2013-08-16 15:45 - 2013-08-16 15:45 - 00666633 _____ C:\Users\Susanne\Desktop\adwcleaner.exe
2013-08-16 15:15 - 2013-08-16 15:15 - 00000000 ____D C:\Temp\nsvCCD0.tmp
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib9
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib8
2013-08-16 15:14 - 2013-08-16 15:14 - 00000000 ____T C:\Temp\ib10
2013-08-16 15:13 - 2013-08-16 15:13 - 00262144 _____ C:\Windows\Minidump\081613-22900-01.dmp
2013-08-16 15:13 - 2013-08-16 15:13 - 00000000 ____D C:\Windows\Minidump
2013-08-16 15:12 - 2013-08-16 15:12 - 548217704 _____ C:\Windows\MEMORY.DMP
2013-08-16 14:43 - 2013-08-16 14:43 - 00006690 _____ C:\Users\Susanne\Desktop\gmer.txt
2013-08-16 14:25 - 2013-08-16 13:58 - 00019195 _____ C:\Users\Susanne\Desktop\Addition.txt
2013-08-16 14:25 - 2013-08-16 13:55 - 00000476 _____ C:\Users\Susanne\Desktop\defogger_disable.log
2013-08-16 14:18 - 2013-08-16 14:18 - 00377856 _____ C:\Users\Susanne\Desktop\1gww4hxu.exe
2013-08-16 13:57 - 2013-08-16 13:57 - 00000000 ____D C:\FRST
2013-08-16 13:56 - 2013-08-16 13:56 - 01576058 _____ (Farbar) C:\Users\Susanne\Desktop\FRST64.exe
2013-08-16 13:55 - 2013-08-16 13:55 - 00000000 _____ C:\Users\Susanne\defogger_reenable
2013-08-16 13:55 - 2012-08-13 08:51 - 00000000 ____D C:\Users\Susanne
2013-08-16 13:52 - 2013-08-16 13:52 - 00050477 _____ C:\Users\Susanne\Desktop\Defogger.exe
2013-08-16 11:56 - 2013-02-02 14:24 - 00000105 _____ C:\Windows\WISO.INI
2013-08-16 11:56 - 2012-08-13 09:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-16 08:31 - 2013-01-01 18:08 - 00000000 ____D C:\Temp\acro_rd_dir
2013-08-15 18:21 - 2013-08-15 18:21 - 00000608 _____ C:\Temp\fwtsqmfile00.sqm
2013-08-15 18:19 - 2012-10-01 16:46 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{25777FCA-7115-44B3-A042-CC520D51DDC3}
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI485c2.LOG
2013-08-15 18:14 - 2013-08-15 18:14 - 00000540 _____ C:\Temp\MSI476b5.LOG
2013-08-15 18:14 - 2013-08-15 18:13 - 00000000 ____D C:\Temp\nsb20AB.tmp
2013-08-15 18:14 - 2013-08-15 18:13 - 00000000 ____D C:\Temp\nsb1D9F.tmp
2013-08-15 18:12 - 2012-08-13 09:39 - 00000000 ____D C:\Windows\Panther
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib7
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib6
2013-08-15 18:11 - 2013-08-15 18:11 - 00000000 ____T C:\Temp\ib5
2013-08-15 18:10 - 2013-08-15 18:10 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 18:09 - 2013-08-15 18:09 - 00003288 ____N C:\bootsqm.dat
2013-08-15 18:09 - 2013-08-15 18:09 - 00000284 _____ C:\Windows\PFRO.log
2013-08-15 16:39 - 2013-08-15 16:33 - 28613430 _____ C:\Temp\KB2840628v2_20130815_163345552-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2013-08-15 16:39 - 2013-08-15 16:33 - 00065664 _____ C:\Temp\KB2840628v2_20130815_163345552.html
2013-08-15 16:33 - 2013-08-15 16:33 - 00003017 _____ C:\Temp\dd_clwireg.txt
2013-08-15 16:33 - 2013-08-15 16:33 - 00000000 ____D C:\Temp\KB2840628v2_10.0.30319
2013-08-15 16:33 - 2013-08-15 16:30 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:30 - 2012-08-13 11:07 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 16:29 - 2009-07-14 04:34 - 00000586 _____ C:\Windows\win.ini
2013-08-13 12:00 - 2013-08-10 12:42 - 00000000 ____D C:\Temp\msohtml1
2013-08-12 21:29 - 2013-08-06 16:37 - 00000430 _____ C:\Windows\Tasks\GlaryOneClickOptimizer 3.job
2013-08-12 17:55 - 2013-08-12 17:55 - 00006119 ____T C:\Temp\VGX5554.tmp
2013-08-10 12:42 - 2013-08-10 12:42 - 00000000 ____D C:\Temp\msohtml
2013-08-06 16:40 - 2013-08-06 16:40 - 00000000 ____D C:\ProgramData\GlarySoft
2013-08-06 16:38 - 2013-08-06 16:38 - 00006119 ____T C:\Temp\VGXCAD.tmp
2013-08-06 16:37 - 2013-08-06 16:37 - 00003238 _____ C:\Windows\System32\Tasks\GlaryOneClickOptimizer 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00002642 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-08-06 16:33 - 2013-08-06 16:33 - 00001040 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-08-06 16:33 - 2013-08-06 16:33 - 00000075 _____ C:\DiskDefrag.log
2013-08-06 16:33 - 2012-12-02 11:23 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\GlarySoft
2013-08-06 16:32 - 2013-08-06 16:31 - 16137808 _____ C:\Users\Susanne\Downloads\gup3setup.exe
2013-08-06 16:09 - 2013-07-24 13:31 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\vlc
2013-08-05 18:48 - 2012-08-16 22:40 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Macromedia
2013-08-05 11:10 - 2013-08-06 16:33 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-08-04 21:31 - 2012-09-23 17:30 - 00000000 ____D C:\Users\Susanne\WISO
2013-08-04 10:19 - 2013-08-04 10:19 - 00000000 ____D C:\Temp\CDBurnerXP-updates
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib4
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib3
2013-07-29 09:35 - 2013-07-29 09:35 - 00000000 ____T C:\Temp\ib2
2013-07-26 07:13 - 2013-08-15 16:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:13 - 2013-08-15 16:40 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 16:40 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 16:41 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 16:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:35 - 2013-08-15 16:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 16:40 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 16:40 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 16:41 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 16:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 16:41 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 05:11 - 2013-08-15 16:40 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 04:49 - 2013-08-15 16:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 16:41 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 16:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 20:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 20:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 13:31 - 2013-07-24 13:31 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-24 13:18 - 2013-03-31 20:06 - 00000000 ____D C:\ProgramData\DatacardService
2013-07-24 13:14 - 2012-08-13 08:52 - 00000000 ___RD C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-24 13:13 - 2012-09-23 00:59 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\DVDVideoSoft
2013-07-22 21:40 - 2009-07-14 06:45 - 00299872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 21:38 - 2012-08-13 16:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-22 21:38 - 2012-08-13 16:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-22 19:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-22 19:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-22 19:05 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-22 16:48 - 2012-09-23 16:57 - 00000000 ____D C:\Users\Susanne\CHORtexte
2013-07-22 14:36 - 2012-08-16 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-19 03:58 - 2013-08-14 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-14 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 20:19

==================== End Of Log ============================
         
--- --- ---

Alt 17.08.2013, 12:20   #12
aharonov
/// TB-Ausbilder
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



Und nach diesem Fix?


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF Homepage: http://searchqm.com/?channel=sfde203fbdgy21
FF Keyword.URL: http://searchqm.com/search.php?channel=sfde203fbdgy21&q=
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
cheers,
Leo

Alt 17.08.2013, 12:51   #13
unkrautlilie
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



OOOOHHHH, Leo, ich glaub es kaum - "Willkommen bei firefox" als Startseite! Ich glaube, Du hast es geschafft! Was für ein Theater... und vielen Danke für Deine Hilfe!!! Ich hoffe, damit haben wir ihn gekillt... Ich wünsche Dir, Euch allen, ein schönes Wochenende!

der neue FRST LOG:
Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2013
Ran by Susanne at 2013-08-17 12:49:08 Run:2
Running from C:\Users\Susanne\Desktop
Boot Mode: Normal
==============================================

Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.

==== End of Fixlog ====

Alt 17.08.2013, 12:56   #14
aharonov
/// TB-Ausbilder
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



Ok, dann noch eine schnelle Zweitmeinung:


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

__________________
cheers,
Leo

Alt 20.08.2013, 14:35   #15
unkrautlilie
 
fbDownloader eingefangen - Standard

fbDownloader eingefangen



DANKE LEO :-D

ich habe die zweitmeinun eingeholt. ein fund war noch zu verzeichnen. aber ich hoffe, das waren jetzt die letzten zeichen von malware auf meinem laptop... VIELEN DANK! hier der
LOGFILE:
Zitat:
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.08.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Susanne :: SUSANNE-PC [Administrator]

20.08.2013 14:20:17
mbam-log-2013-08-20 (14-20-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218929
Laufzeit: 8 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Susanne\Downloads\InstallRarZilla480.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Antwort

Themen zu fbDownloader eingefangen
eingefangen, fbdownloader, gefangen, gen, helft, herzlichen, herzlichen dank, loader, loszuwerden, nervt



Ähnliche Themen: fbDownloader eingefangen


  1. Habe mir einen Fbdownloader eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (2)
  2. fbdownloader und exQ.exe TR/Wysotot.Gen
    Plagegeister aller Art und deren Bekämpfung - 30.12.2013 (12)
  3. fbDownloader Search
    Plagegeister aller Art und deren Bekämpfung - 29.12.2013 (55)
  4. fbdownloader entfernen
    Anleitungen, FAQs & Links - 21.10.2013 (2)
  5. fbdownloader entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (13)
  6. fbdownloader
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (7)
  7. Vermutlich fbDownloader eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (11)
  8. fbDownloader entfernen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (4)
  9. FBdownloader - wie loswerden?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (13)
  10. Fbdownloader
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (9)
  11. FBDownloader/Trojaner
    Log-Analyse und Auswertung - 14.03.2013 (7)
  12. fbDownloader entfernen
    Log-Analyse und Auswertung - 18.02.2013 (23)
  13. Problem mit FBDownloader
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (13)
  14. Probleme mit FBDownloader
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (16)
  15. fbdownloader
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (1)
  16. fbdownloader
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (21)
  17. FBDownloader PopUp
    Log-Analyse und Auswertung - 21.11.2012 (14)

Zum Thema fbDownloader eingefangen - Leider habe auch ich mir den fbDownloader eingefangen und er nervt mich massiv. Bitte helft mir, ihn wieder loszuwerden! Herzlichen Dank im Voraus! - fbDownloader eingefangen...
Archiv
Du betrachtest: fbDownloader eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.