Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 - mit mehreren Viren & Trojanern infiziert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.12.2013, 18:19   #1
Der Alex
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Ausrufezeichen

Windows 7 - mit mehreren Viren & Trojanern infiziert



Liebe Forumsexperten,

ein Familienmitglied von mir hat Probleme mit seinem Notebook.

Fehlerbeschreibung:
Bei diesem Notebook öffnen sich selbstständig mehrere Seiten über den Browser Firefox. Zudem ist der Rechner sehr "lahm", sowohl beim Windowsstart, als auch beim "arbeiten" damit. Der Virenscanner von McAfee war eine Trial-Version und ist seit ca. 3 Monaten nicht mehr aktualisiert worden. Ich habe auf dem Rechner bereits mehrere Viren & Trojaner, wie z.B. BitGuard, Lollipop.exe oder Remoteanwendungen über ActiveX, gefunden und (hoffentlich vollständig) gelöscht.

Habe bisher folgendes unternommen:
- Mehrere nicht benötigte Programme deinstalliert
- Mehrere Addon's im Firefox Browser deinstalliert

- Virenscanner AVIRA AntiVir installiert & Virendefinitionen aktualisiert
- Vollständiger Scan mit AntiVir -> 24 Funde, Funde in Quarantäne und dann gelöscht, siehe Ereignissbericht

Code:
ATTFilter
Exportierte Ereignisse:

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\BiMi\AppData\Local\Temp\photoscape-de.exe\51571970a9fc4d18892400afb8e7
      8788\globalKeyChecker.exe'
      enthielt einen Virus oder unerwünschtes Programm 'SPR/Agent.dkb' [riskware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '552e10b8.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\AppData\Local\Temp\jvfcvyvlhy.pre'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Matsnu.EB.132' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c4f2b2c.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\AppData\Local\Temp\ccuburujuz.pre'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Matsnu.EB.132' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '201c07e9.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\BiMi\AppData\Local\Temp\Setup(1).exe\9055d99fff1a487bb2b057d2230d5538\
      parent.txt'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/DomaIQ.Gen' [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48d1531b.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\BiMi\AppData\Local\Temp\photoscape-de.exe\51571970a9fc4d18892400afb8e7
      8788\photoscape-de.exe'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/DomaIQ.Gen' [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '046c7f59.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\BiMi\AppData\Local\Temp\photoscape-de.exe\51571970a9fc4d18892400afb8e7
      8788\parent.txt'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/DomaIQ.Gen' [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '78713f00.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\AppData\Local\Temp\16E0.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/InstallBrain.AS' 
      [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50753e49.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Content.IE5\99ZWQICD\pack[1].7z'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/BProtector.2736128' 
      [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4bee6a35.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Content.IE5\99ZWQICD\download[1].php'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/Lollipop.GB.15' 
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6736130b.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\AppData\Local\Temp\12ED.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/InstallBrain.AS' 
      [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5e6f0e8a.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Content.IE5\H5OQX401\pack[1].7z'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/BHO.Bprotector.1.4' 
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1aa477f7.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Content.IE5\FMWQTXGV\pack[1].7z'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/BProtector.U' [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '13af735c.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\Downloads\Setup(1).exe'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/DomaIQ.Gen' [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '46245962.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\Downloads\Setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/DomaIQ.Gen' [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5eb376c5.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\Downloads\Picasa.exe'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/Firseria.Gen' [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1448038e.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\BiMi\AppData\Local\Temp\Setup(1).exe\9055d99fff1a487bb2b057d2230d5538\
      Setup(1).exe'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/DomaIQ.Gen' [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '37c86176.qua' 
      verschoben!

25.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\BiMi\Downloads\photoscape-de.exe'
      enthielt einen Virus oder unerwünschtes Programm 'APPL/DomaIQ.Gen' [program].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '724b4c4f.qua' 
      verschoben!
         
- SUPERAntiSpyware installiert & aktualisiert
- Scan mit SUPERAntiSpyware -> 1 Fund siehe Protokoll -> Fund wurde entfernt
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/25/2013 at 02:47 PM

Application Version : 5.7.1016

Core Rules Database Version : 10943
Trace Rules Database Version: 8755

Scan type       : Complete Scan
Total Scan Time : 00:40:45

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 571
Memory threats detected   : 0
Registry items scanned    : 69569
Registry threats detected : 1
File items scanned        : 39524
File threats detected     : 0

PUP.bProtector
	(x86) HKU\S-1-5-21-275248636-1398956739-23730197-1000\Software\Microsoft\Internet Explorer\SearchScopes#bProtectorDefaultScope [ {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} ]
         
- Malwarebytes Anti-Malware installiert & aktualisiert
- anbei das Protokoll
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.25.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
BiMi :: BIMI-TOSH [Administrator]

Schutz: Aktiviert

25.12.2013 14:05:28
mbam-log-2013-12-25 (14-05-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Heuristiks/Extra | HeuristiKs/Shuriken | P2P
Durchsuchte Objekte: 131171
Laufzeit: 1 Stunde(n), 21 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BiMi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
So...nun zu euren ersten Schritten laut FAQ. Hoffe, ich habe alles gewissenhaft genug durchgearbeitet ;-)

Laufwerksemulationen abschalten mit Defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:45 on 25/12/2013 (BiMi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

Systemscan mit FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by BiMi (administrator) on BIMI-TOSH on 25-12-2013 17:47:24
Running from C:\Users\BiMi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Windows\System32\GFNEXSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-20] (SUPERAntiSpyware)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=5CBC446D578814A8&affID=126473&tsp=5039
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 - DefaultScope {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKCU - DefaultScope {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE487
SearchScopes: HKCU - {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE487
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default
FF user.js: detected! => C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\user.js
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\optitoolbar.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\Extensions\staged

Chrome: 
=======
CHR HomePage: hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=5CBC446D578814A8&affID=126473&tsp=5039
CHR RestoreOnStartup: "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=5CBC446D578814A8&affID=119557&tsp=5033"
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5CBC446D578814A8&affID=119557&tsp=5033
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Opti Toolbar) - C:\Users\BiMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoodlkjimgohlngmapmpnbfaoifkhnd\1.6.2
CHR Extension: (Widget context) - C:\Users\BiMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp\3.0_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Tosrfcom; No ImagePath
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-25 17:47 - 2013-12-25 17:47 - 00013557 _____ C:\Users\BiMi\Desktop\FRST.txt
2013-12-25 17:47 - 2013-12-25 17:47 - 00000000 ____D C:\FRST
2013-12-25 17:45 - 2013-12-25 17:45 - 00000470 _____ C:\Users\BiMi\Desktop\defogger_disable.log
2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 _____ C:\Users\BiMi\defogger_reenable
2013-12-25 17:44 - 2013-12-25 17:42 - 00377856 _____ C:\Users\BiMi\Desktop\gmer_2.1.19163.exe
2013-12-25 17:44 - 2013-12-25 17:41 - 01928716 _____ (Farbar) C:\Users\BiMi\Desktop\FRST64.exe
2013-12-25 17:44 - 2013-12-25 17:39 - 00050477 _____ C:\Users\BiMi\Desktop\Defogger.exe
2013-12-25 17:36 - 2013-12-25 17:36 - 00002348 _____ C:\windows\PFRO.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00000056 _____ C:\windows\setupact.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00000000 _____ C:\windows\setuperr.log
2013-12-25 14:06 - 2013-12-25 14:06 - 00000000 ____D C:\SUPERDelete
2013-12-25 14:02 - 2013-12-25 14:02 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 14:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-25 14:00 - 2013-12-25 17:36 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4.job
2013-12-25 14:00 - 2013-12-25 17:36 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7.job
2013-12-25 14:00 - 2013-12-25 14:00 - 00003582 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4
2013-12-25 14:00 - 2013-12-25 14:00 - 00003508 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7
2013-12-25 14:00 - 2013-12-25 14:00 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 13:51 - 2013-12-25 13:51 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-25 13:51 - 2013-12-25 13:51 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 10:29 - 2013-12-25 10:29 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\ProgramData\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-25 10:27 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-25 10:27 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-25 10:27 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-25 10:27 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-25 10:09 - 2013-12-25 09:38 - 129598176 _____ C:\Users\BiMi\Desktop\avira_free_antivirus_de_14.0.2.286.exe
2013-12-25 09:47 - 2013-12-25 09:47 - 00000000 ____D C:\Users\BiMi\AppData\Local\{6B8AB722-D9A4-4D61-B425-912373C8202D}
2013-12-25 09:31 - 2013-12-25 09:31 - 04645232 _____ (Piriform Ltd) C:\Users\BiMi\Desktop\ccsetup409.exe
2013-12-25 09:31 - 2013-12-25 09:31 - 00532480 _____ (Trend Micro Incorporated) C:\Users\BiMi\Desktop\cwshredder.exe
2013-12-25 09:29 - 2013-12-25 09:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\BiMi\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-25 09:28 - 2013-12-25 09:29 - 29118680 _____ (SUPERAntiSpyware) C:\Users\BiMi\Desktop\SUPERAntiSpyware.exe
2013-12-24 21:32 - 2013-12-24 21:55 - 00000000 ____D C:\Users\BiMi\Desktop\Datensicherung
2013-12-24 21:17 - 2013-12-24 21:49 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de.exe
2013-12-24 21:16 - 2013-12-24 21:54 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-24 21:08 - 2013-12-24 21:08 - 00000000 ____D C:\windows\pss
2013-12-13 14:14 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-13 14:14 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-13 14:14 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-13 14:14 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-13 14:12 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-13 14:12 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-13 14:12 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-13 14:12 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-13 14:12 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-13 14:12 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-13 14:12 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-13 14:12 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-13 14:12 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-13 14:12 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-13 14:12 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-13 14:12 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-13 14:12 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-13 14:12 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-13 14:12 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-13 14:12 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-13 14:12 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-13 14:12 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-13 14:12 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-13 14:12 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-13 14:12 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-13 14:12 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-13 14:12 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-13 14:12 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-13 14:12 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-13 14:12 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-13 14:12 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-13 14:12 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-13 14:12 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-13 14:12 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-13 14:12 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 13:50 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 13:49 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 13:49 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 13:49 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 13:49 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 13:49 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 13:49 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 13:48 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 13:48 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 13:47 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 13:47 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 13:47 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 13:47 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 13:47 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 13:47 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 13:47 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 13:47 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 13:46 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 13:46 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-11-28 12:38 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-11-28 12:32 - 2013-11-28 12:32 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe

==================== One Month Modified Files and Folders =======

2013-12-25 17:47 - 2013-12-25 17:47 - 00013557 _____ C:\Users\BiMi\Desktop\FRST.txt
2013-12-25 17:47 - 2013-12-25 17:47 - 00000000 ____D C:\FRST
2013-12-25 17:46 - 2011-02-11 09:21 - 00630046 _____ C:\windows\system32\perfh007.dat
2013-12-25 17:46 - 2011-02-11 09:21 - 00120628 _____ C:\windows\system32\perfc007.dat
2013-12-25 17:46 - 2009-07-14 06:13 - 01435892 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-25 17:45 - 2013-12-25 17:45 - 00000470 _____ C:\Users\BiMi\Desktop\defogger_disable.log
2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 _____ C:\Users\BiMi\defogger_reenable
2013-12-25 17:45 - 2012-06-05 16:14 - 00000000 ____D C:\Users\BiMi
2013-12-25 17:42 - 2013-12-25 17:44 - 00377856 _____ C:\Users\BiMi\Desktop\gmer_2.1.19163.exe
2013-12-25 17:41 - 2013-12-25 17:44 - 01928716 _____ (Farbar) C:\Users\BiMi\Desktop\FRST64.exe
2013-12-25 17:40 - 2012-05-11 23:10 - 01846271 _____ C:\windows\WindowsUpdate.log
2013-12-25 17:39 - 2013-12-25 17:44 - 00050477 _____ C:\Users\BiMi\Desktop\Defogger.exe
2013-12-25 17:36 - 2013-12-25 17:36 - 00002348 _____ C:\windows\PFRO.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00000056 _____ C:\windows\setupact.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00000000 _____ C:\windows\setuperr.log
2013-12-25 17:36 - 2013-12-25 14:00 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4.job
2013-12-25 17:36 - 2013-12-25 14:00 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7.job
2013-12-25 17:36 - 2012-05-11 23:16 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-12-25 17:36 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-25 17:34 - 2013-10-12 11:17 - 00000000 ____D C:\ProgramData\DSearchLink
2013-12-25 16:03 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-12-25 14:06 - 2013-12-25 14:06 - 00000000 ____D C:\SUPERDelete
2013-12-25 14:02 - 2013-12-25 14:02 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 14:00 - 2013-12-25 14:00 - 00003582 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4
2013-12-25 14:00 - 2013-12-25 14:00 - 00003508 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7
2013-12-25 14:00 - 2013-12-25 14:00 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 13:58 - 2012-02-18 05:32 - 00000000 ____D C:\windows\Panther
2013-12-25 13:51 - 2013-12-25 13:51 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-25 13:51 - 2013-12-25 13:51 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 13:33 - 2012-05-11 23:16 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-12-25 12:51 - 2012-05-11 23:37 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2013-12-25 10:39 - 2009-07-14 05:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-25 10:39 - 2009-07-14 05:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-25 10:33 - 2012-02-17 06:28 - 00000000 ____D C:\ProgramData\McAfee
2013-12-25 10:32 - 2009-07-14 04:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-12-25 10:29 - 2013-12-25 10:29 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\ProgramData\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-25 10:18 - 2012-02-17 05:42 - 00000000 ____D C:\Program Files (x86)\Nero
2013-12-25 10:16 - 2012-02-17 06:14 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2013-12-25 10:14 - 2012-02-17 06:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-25 10:14 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-25 10:11 - 2012-06-06 12:55 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\SoftGrid Client
2013-12-25 10:06 - 2012-06-06 13:39 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-25 10:05 - 2012-07-08 10:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-25 10:00 - 2012-02-17 06:21 - 00000000 ____D C:\ProgramData\Adobe
2013-12-25 09:55 - 2012-05-11 23:15 - 00000000 ____D C:\Program Files\Intel
2013-12-25 09:55 - 2012-05-11 23:13 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-25 09:54 - 2012-02-17 06:07 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-12-25 09:47 - 2013-12-25 09:47 - 00000000 ____D C:\Users\BiMi\AppData\Local\{6B8AB722-D9A4-4D61-B425-912373C8202D}
2013-12-25 09:42 - 2012-06-06 08:48 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\WildTangent
2013-12-25 09:42 - 2012-05-11 23:37 - 00000000 ____D C:\ProgramData\WildTangent
2013-12-25 09:41 - 2012-06-24 11:02 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Skype
2013-12-25 09:41 - 2012-02-17 06:01 - 00000000 ____D C:\ProgramData\Skype
2013-12-25 09:40 - 2012-10-04 09:18 - 00000000 ____D C:\Program Files\HP
2013-12-25 09:38 - 2013-12-25 10:09 - 129598176 _____ C:\Users\BiMi\Desktop\avira_free_antivirus_de_14.0.2.286.exe
2013-12-25 09:33 - 2012-06-05 17:21 - 00000000 ____D C:\Users\BiMi\AppData\Local\Google
2013-12-25 09:33 - 2012-02-17 06:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-25 09:31 - 2013-12-25 09:31 - 04645232 _____ (Piriform Ltd) C:\Users\BiMi\Desktop\ccsetup409.exe
2013-12-25 09:31 - 2013-12-25 09:31 - 00532480 _____ (Trend Micro Incorporated) C:\Users\BiMi\Desktop\cwshredder.exe
2013-12-25 09:29 - 2013-12-25 09:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\BiMi\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-25 09:29 - 2013-12-25 09:28 - 29118680 _____ (SUPERAntiSpyware) C:\Users\BiMi\Desktop\SUPERAntiSpyware.exe
2013-12-25 09:23 - 2013-08-31 11:38 - 00000000 ____D C:\windows\system32\MRT
2013-12-25 09:19 - 2012-02-17 06:25 - 00000000 ____D C:\Program Files\Google
2013-12-24 21:57 - 2012-11-13 18:58 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-24 21:55 - 2013-12-24 21:32 - 00000000 ____D C:\Users\BiMi\Desktop\Datensicherung
2013-12-24 21:54 - 2013-12-24 21:16 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-24 21:49 - 2013-12-24 21:17 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de.exe
2013-12-24 21:39 - 2012-12-13 09:10 - 00000000 ____D C:\ProgramData\Trymedia
2013-12-24 21:24 - 2013-10-12 11:17 - 00000000 ____D C:\Users\BiMi\AppData\Local\Lollipop
2013-12-24 21:20 - 2012-02-17 06:24 - 00000000 ____D C:\ProgramData\Google
2013-12-24 21:10 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-24 21:08 - 2013-12-24 21:08 - 00000000 ____D C:\windows\pss
2013-12-13 14:32 - 2009-07-14 05:45 - 00275856 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-09 11:37 - 2013-12-25 10:27 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-25 10:27 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-25 10:27 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2013-12-25 10:27 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-11-28 12:55 - 2012-06-05 17:18 - 00001428 _____ C:\Users\BiMi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-28 12:32 - 2013-11-28 12:32 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-26 12:54 - 2013-12-13 14:12 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-13 14:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-13 14:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-13 14:12 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-13 14:12 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-13 14:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-13 14:12 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-13 14:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-13 14:12 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-13 14:12 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-13 14:12 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-13 14:12 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-13 14:12 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-13 14:12 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-13 14:12 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-13 14:12 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-13 14:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-13 14:12 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-13 14:12 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-13 14:12 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-13 14:12 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-13 14:12 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-13 14:12 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-13 14:12 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-13 14:12 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-13 14:12 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-13 14:12 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-13 14:12 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-13 14:12 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-13 14:12 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-13 14:12 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\BiMi\AppData\Local\Temp\avgnt.exe
C:\Users\BiMi\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-25 15:56

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2013
Ran by BiMi at 2013-12-25 17:48:15
Running from C:\Users\BiMi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AMD APP SDK Runtime (Version: 10.0.851.6)
AMD Catalyst Install Manager (Version: 3.0.859.0)
Atheros Bluetooth Filter Driver Package (Version: 1.0.0.12)
Atheros Driver Installation Program (x32 Version: 9.2)
Avira Free Antivirus (x32 Version: 14.0.2.286)
Bluetooth Stack for Windows by Toshiba (Version: v9.00.00(T))
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0120.420.7502)
Catalyst Control Center InstallProxy (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Localization All (x32 Version: 2012.0120.420.7502)
CCC Help Chinese Standard (x32 Version: 2012.0120.0419.7502)
CCC Help Chinese Traditional (x32 Version: 2012.0120.0419.7502)
CCC Help Czech (x32 Version: 2012.0120.0419.7502)
CCC Help Danish (x32 Version: 2012.0120.0419.7502)
CCC Help Dutch (x32 Version: 2012.0120.0419.7502)
CCC Help English (x32 Version: 2012.0120.0419.7502)
CCC Help Finnish (x32 Version: 2012.0120.0419.7502)
CCC Help French (x32 Version: 2012.0120.0419.7502)
CCC Help German (x32 Version: 2012.0120.0419.7502)
CCC Help Greek (x32 Version: 2012.0120.0419.7502)
CCC Help Hungarian (x32 Version: 2012.0120.0419.7502)
CCC Help Italian (x32 Version: 2012.0120.0419.7502)
CCC Help Japanese (x32 Version: 2012.0120.0419.7502)
CCC Help Korean (x32 Version: 2012.0120.0419.7502)
CCC Help Norwegian (x32 Version: 2012.0120.0419.7502)
CCC Help Polish (x32 Version: 2012.0120.0419.7502)
CCC Help Portuguese (x32 Version: 2012.0120.0419.7502)
CCC Help Russian (x32 Version: 2012.0120.0419.7502)
CCC Help Spanish (x32 Version: 2012.0120.0419.7502)
CCC Help Swedish (x32 Version: 2012.0120.0419.7502)
CCC Help Thai (x32 Version: 2012.0120.0419.7502)
CCC Help Turkish (x32 Version: 2012.0120.0419.7502)
ccc-utility64 (Version: 2012.0120.420.7502)
CCleaner (Version: 4.09)
High-Definition Video Playback (x32 Version: 11.1.10500.2.65)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Update (x32 Version: 5.003.003.001)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5139.5005)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Nero 11 Essentials (x32 Version: 11.0.00300)
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0)
Nero BackItUp 11 (x32 Version: 6.0.18000.19.100)
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10200)
Nero BurnRights 11 (x32 Version: 5.0.10300.4.100)
Nero BurnRights 11 Help (CHM) (x32 Version: 11.0.10100)
Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27)
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Core Components 11 (x32 Version: 11.0.15500.1.16)
Nero Express 11 (x32 Version: 11.0.11900.24.100)
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Kwik Media (x32 Version: 1.10.24800.146.100)
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200)
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400)
Nero Update (x32 Version: 11.0.11400.27.0)
nero.prerequisites.msi (x32 Version: 11.0.20008)
Premium Sound HD (Version: 1.12.1800)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6597)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30130)
SUPERAntiSpyware (Version: 5.7.1016)
Synaptics Pointing Device Driver (Version: 15.3.38.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.10.64)
TOSHIBA Hardware Setup (x32 Version: 2.00.0020)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.11)
TOSHIBA Media Controller (x32 Version: 1.0.87.5)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.7)
TOSHIBA Online Product Information (x32 Version: 4.01.0000)
TOSHIBA PC Health Monitor (Version: 1.7.15.64)
TOSHIBA Places Icon Utility (x32 Version: 1.1.1.4)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.6.52020009)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)
TOSHIBA Service Station (x32 Version: 2.2.13)
TOSHIBA Sleep Utility (x32 Version: 1.4.0022.000104)
TOSHIBA Supervisor Password (x32 Version: 2.00.0009)
TOSHIBA TEMPRO (x32 Version: 3.35)
TOSHIBA Value Added Package (Version: 1.6.0021.640203)
TOSHIBA Value Added Package (x32 Version: 1.6.0021.640203)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
welcome (x32 Version: 11.0.22500.0.0)

==================== Restore Points  =========================

24-12-2013 20:57:17 Windows Update
25-12-2013 08:22:31 Removed Microsoft Silverlight
25-12-2013 08:39:23 Removed Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten
25-12-2013 08:40:18 Removed Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
25-12-2013 08:40:42 Removed Skype™ 5.10
25-12-2013 08:41:33 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
25-12-2013 08:45:21 Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen wird entfernt
25-12-2013 08:45:47 Windows Live Mesh ActiveX control for remote connections wird entfernt
25-12-2013 08:46:07 Windows Live Mesh ActiveX Control for Remote Connections wird entfernt
25-12-2013 08:46:33 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
25-12-2013 08:48:01 Windows Live Essentials
25-12-2013 08:48:20 WLSetup
25-12-2013 08:50:28 Windows Live Essentials
25-12-2013 08:50:54 WLSetup
25-12-2013 08:53:14 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
25-12-2013 08:53:48 Windows Live Mesh ActiveX Control for Remote Connections wird entfernt
25-12-2013 08:54:11 Contrôle ActiveX Windows Live Mesh pour connexions à distance wird entfernt
25-12-2013 08:55:30 Removed Intel® Trusted Connect Service Client
25-12-2013 08:56:02 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
25-12-2013 08:57:56 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
25-12-2013 08:58:31 Microsoft Visual C++ 2005 Redistributable wird entfernt
25-12-2013 08:58:54 Removed Adobe Reader X (10.1.4) MUI.
25-12-2013 09:03:00 Removed HP Deskjet 3050A J611 series Hilfe
25-12-2013 09:06:55 Removed Apple Application Support
25-12-2013 09:07:28 Removed iTunes
25-12-2013 09:09:24 Removed Apple Software Update
25-12-2013 09:10:32 Microsoft Visual C++ 2005 Redistributable (x64) wird entfernt
25-12-2013 09:11:09 Removed Apple Mobile Device Support
25-12-2013 09:13:01 Windows Modules Installer
25-12-2013 09:13:52 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
25-12-2013 09:14:32 Removed TOSHIBA Resolution+ Plug-in for Windows Media Player
25-12-2013 09:15:17 Removed Java(TM) 6 Update 30
25-12-2013 09:16:07 Removed Toshiba Manuals
25-12-2013 09:18:17 Removed Nero Backup Drivers.

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2FA439AB-562C-4BFC-9D68-FEA598664C9E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {3C07C874-5231-4712-9AA0-AAF7FAAEFE02} - System32\Tasks\ScanToPCActivationApp.exe_{8B66A50E-A5B5-45F9-8116-E4B77CF2D7DA} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {41E05249-EA2F-46AE-BEBE-83F9DFEEF472} - System32\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {4963E752-3E30-4F4A-8679-18182386BEB2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {739F880D-0ADA-459E-BF42-5A15CBCF05D8} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {80B7FE5D-1CB4-4EC0-82A0-828E66FD19AA} - System32\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2012-02-17 06:14 - 2011-02-22 11:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll
2013-12-25 10:27 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-05-11 23:15 - 2012-02-21 20:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2013 05:46:38 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/25/2013 05:36:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2013 00:50:57 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (12/25/2013 00:50:57 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{a66a6d42-9bb5-11e1-9ceb-806e6f6e6963} - 0000000000000150,0x0053c010,0000000000482830,0,0000000000484850,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (12/25/2013 10:43:45 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/25/2013 10:33:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2013 10:18:31 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy45,0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   PostFinalCommitSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (12/25/2013 10:07:22 AM) (Source: Microsoft-Windows-RestartManager) (User: BiMi-TOSH)
Description: Die Anwendung oder der Dienst "Apple Mobile Device" konnte nicht neu gestartet werden.

Error: (12/25/2013 09:30:27 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/25/2013 09:20:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/25/2013 10:18:31 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "TI30876100B" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (12/25/2013 10:07:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/25/2013 10:07:22 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.

Error: (12/24/2013 09:10:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util glindorus" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/24/2013 09:10:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Util glindorus erreicht.

Error: (12/15/2013 00:03:48 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎13.‎12.‎2013 um 21:05:40 unerwartet heruntergefahren.

Error: (12/13/2013 08:57:58 PM) (Source: DCOM) (User: )
Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/08/2013 09:37:31 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/08/2013 09:36:04 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/08/2013 09:22:13 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (12/25/2013 05:46:38 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/25/2013 05:36:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2013 00:50:57 PM) (Source: VSS)(User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (12/25/2013 00:50:57 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{a66a6d42-9bb5-11e1-9ceb-806e6f6e6963} - 0000000000000150,0x0053c010,0000000000482830,0,0000000000484850,4096,[0])

Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (12/25/2013 10:43:45 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/25/2013 10:33:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2013 10:18:31 AM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy45,0xc0000000,0x00000003,...)0x80070005, Zugriff verweigert


Vorgang:
   PostFinalCommitSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (12/25/2013 10:07:22 AM) (Source: Microsoft-Windows-RestartManager)(User: BiMi-TOSH)
Description: 0AppleMobileDeviceService.exeApple Mobile Device03026217812400

Error: (12/25/2013 09:30:27 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/25/2013 09:20:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 6103.8 MB
Available physical RAM: 4489.83 MB
Total Pagefile: 12205.79 MB
Available Pagefile: 10087.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI30876100B) (Fixed) (Total:578.55 GB) (Free:518.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (UDISK PRO) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 1DE56D1D)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=17)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 1FB80119)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0B)

==================== End Of Log ============================
         
Scan mit GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-25 18:04:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\BiMi\AppData\Local\Temp\kgtdqpob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3380] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000763f1465 2 bytes [3F, 76]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3380] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000763f14bb 2 bytes [3F, 76]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\windows\SysWOW64\ntdll.dll [4708:4712]                                                                                                              0000000001106971
Thread  C:\windows\SysWOW64\ntdll.dll [4708:3568]                                                                                                              0000000074abb89c
Thread  C:\windows\SysWOW64\ntdll.dll [4708:1620]                                                                                                              0000000074abbaf3
Thread  C:\windows\SysWOW64\ntdll.dll [4708:1668]                                                                                                              0000000074abb3c2
Thread  C:\windows\SysWOW64\ntdll.dll [4708:1616]                                                                                                              0000000070ca786a
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2092:4064]                                                                                         000007fefba22a7c

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d5788229a                                                                            
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d5788229a (not active ControlSet)                                                        

---- EOF - GMER 2.1 ----
         
Ich hoffe ihr könnt mit den vielen Infos etwas anfangen.
Vorab schon einmal ein RIESEN für die Unterstützung.

weihnachtliche Grüße
der Alex

Alt 25.12.2013, 22:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Hallo und

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 26.12.2013, 04:30   #3
Der Alex
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Guten Morgen Cosinus,

keine Malware gefunden. Hier das Logfile dazu.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
BiMi :: BIMI-TOSH [administrator]

26.12.2013 04:58:00
mbar-log-2013-12-26 (04-58-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 228194
Time elapsed: 24 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 26.12.2013, 16:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.12.2013, 18:31   #5
Der Alex
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Hallo cosinus,

bitte schön.

1. Schritt: adwCleaner

LOGFILE 1. Durchlauf
Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 26/12/2013 um 18:36:22
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : BiMi - BIMI-TOSH
# Gestartet von : C:\Users\BiMi\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\BiMi\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\BiMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoodlkjimgohlngmapmpnbfaoifkhnd
Datei Gelöscht : C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\invalidprefs.js
Datei Gelöscht : C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\optitoolbar.xml
Datei Gelöscht : C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\5e558c8ae16dec12
Schlüssel Gelöscht : HKLM\SOFTWARE\5e558c8ae16dec12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "141ac2c6515b14a2e464f292b6f17d15");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "5cbcea0c000000000000446d578814a8");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15990");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.612:18:24");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119557&tsp=5033");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

[ Datei : C:\Users\BiMi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4566 octets] - [26/12/2013 18:34:39]
AdwCleaner[S0].txt - [4185 octets] - [26/12/2013 18:36:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4245 octets] ##########
         
LOGFILE 2. Durchlauf (Stand jetzt nicht in deiner Mail, habe intuitiv gemacht)
Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 26/12/2013 um 18:44:03
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : BiMi - BIMI-TOSH
# Gestartet von : C:\Users\BiMi\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\BiMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoodlkjimgohlngmapmpnbfaoifkhnd

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\BiMi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4566 octets] - [26/12/2013 18:34:39]
AdwCleaner[R1].txt - [1159 octets] - [26/12/2013 18:42:50]
AdwCleaner[S0].txt - [4333 octets] - [26/12/2013 18:36:22]
AdwCleaner[S1].txt - [1081 octets] - [26/12/2013 18:44:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1141 octets] ##########
         
2. Schritt: JRT - Junkware Removal Tool
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by BiMi on 26.12.2013 at 18:55:28,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-275248636-1398956739-23730197-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{0A842400-F1A2-4975-B1F6-5FCF0E4E0A35}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{3AC6A669-861E-4603-AC90-B90D2CE4C2B8}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{4F61817B-24E6-4D80-955E-0682741C9666}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{525922EE-EFCD-44F8-9C44-5F8AE62D12E0}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{6B8AB722-D9A4-4D61-B425-912373C8202D}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{7465559B-BCA3-4F72-A0D0-1CBE034EE1D3}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{835D2166-9FBC-4979-A0BB-77E2727208BD}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{B3A91801-6DD0-4EE9-96B1-4E83DE767F66}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{BAC4AE7D-7DA1-4952-A594-EE49B47ADC12}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{C6197ACD-0C58-4BBD-8406-F0F729366959}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{D302B0C5-92DB-449D-A2EA-F1D5119CFA75}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{D5271BD9-847F-42C8-9353-902543340790}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{E9C844D5-F673-48D9-B2D6-4F340DFC290A}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{EDB77AFD-B87E-49F8-9D55-648EFB46117D}
Successfully deleted: [Empty Folder] C:\Users\BiMi\appdata\local\{FB109B5E-9433-47C4-9507-D43E05AB8189}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\BiMi\AppData\Roaming\mozilla\firefox\profiles\0b4hjed5.default\extensions\staged
Emptied folder: C:\Users\BiMi\AppData\Roaming\mozilla\firefox\profiles\0b4hjed5.default\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.12.2013 at 19:06:14,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
3. Schritt: Frisches Log mit FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by BiMi (administrator) on BIMI-TOSH on 26-12-2013 19:09:33
Running from C:\Users\BiMi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\System32\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-20] (SUPERAntiSpyware)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=5CBC446D578814A8&affID=126473&tsp=5039
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 - {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKCU - {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE487
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default
FF Homepage: https://www.google.de/
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HomePage: hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=5CBC446D578814A8&affID=126473&tsp=5039
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Widget context) - C:\Users\BiMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp\3.0_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Tosrfcom; No ImagePath
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-26 19:09 - 2013-12-26 19:09 - 00012259 _____ C:\Users\BiMi\Desktop\FRST.txt
2013-12-26 19:08 - 2013-12-26 19:09 - 00000000 ____D C:\Users\BiMi\Desktop\Malware Fight
2013-12-26 19:08 - 2013-12-26 19:08 - 01928716 _____ (Farbar) C:\Users\BiMi\Desktop\FRST64.exe
2013-12-26 19:06 - 2013-12-26 19:07 - 00002641 _____ C:\Users\BiMi\Desktop\JRT.txt
2013-12-26 18:55 - 2013-12-26 18:55 - 00000000 ____D C:\windows\ERUNT
2013-12-26 18:54 - 2013-12-26 18:54 - 01034531 _____ (Thisisu) C:\Users\BiMi\Desktop\JRT.exe
2013-12-26 18:47 - 2013-12-26 18:44 - 00001221 _____ C:\Users\BiMi\Desktop\AdwCleaner[S1].txt
2013-12-26 18:47 - 2013-12-26 18:43 - 00001159 _____ C:\Users\BiMi\Desktop\AdwCleaner[R1].txt
2013-12-26 18:42 - 2013-12-26 18:40 - 00004333 _____ C:\Users\BiMi\Desktop\AdwCleaner[S0].txt
2013-12-26 18:42 - 2013-12-26 18:35 - 00004566 _____ C:\Users\BiMi\Desktop\AdwCleaner[R0].txt
2013-12-26 18:34 - 2013-12-26 18:46 - 00000000 ____D C:\AdwCleaner
2013-12-26 18:34 - 2013-12-26 18:34 - 01233962 _____ C:\Users\BiMi\Desktop\adwcleaner.exe
2013-12-26 04:57 - 2013-12-26 05:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-26 04:57 - 2013-12-26 04:57 - 00117464 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-26 04:55 - 2013-12-26 04:56 - 00089304 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-12-26 04:54 - 2013-12-26 04:54 - 00000000 ____D C:\Users\BiMi\Desktop\Malwarebytes_AntiRootKit
2013-12-26 04:53 - 2013-12-26 04:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\BiMi\Desktop\mbar-1.07.0.1008.exe
2013-12-25 18:29 - 2013-12-25 18:29 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-12-25 18:16 - 2013-12-25 18:16 - 549107631 _____ C:\windows\MEMORY.DMP
2013-12-25 18:16 - 2013-12-25 18:16 - 00714752 _____ C:\windows\Minidump\122513-25693-01.dmp
2013-12-25 18:16 - 2013-12-25 18:16 - 00000000 ____D C:\windows\Minidump
2013-12-25 17:47 - 2013-12-25 17:47 - 00000000 ____D C:\FRST
2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 _____ C:\Users\BiMi\defogger_reenable
2013-12-25 17:36 - 2013-12-26 18:44 - 00000336 _____ C:\windows\setupact.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00002348 _____ C:\windows\PFRO.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00000000 _____ C:\windows\setuperr.log
2013-12-25 14:06 - 2013-12-25 14:06 - 00000000 ____D C:\SUPERDelete
2013-12-25 14:02 - 2013-12-25 14:02 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 14:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-25 14:00 - 2013-12-25 17:36 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4.job
2013-12-25 14:00 - 2013-12-25 17:36 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7.job
2013-12-25 14:00 - 2013-12-25 14:00 - 00003582 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4
2013-12-25 14:00 - 2013-12-25 14:00 - 00003508 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7
2013-12-25 14:00 - 2013-12-25 14:00 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 13:51 - 2013-12-25 13:51 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-25 13:51 - 2013-12-25 13:51 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 10:29 - 2013-12-25 10:29 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\ProgramData\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-25 10:27 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-25 10:27 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-25 10:27 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-25 10:27 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-25 10:09 - 2013-12-25 09:38 - 129598176 _____ C:\Users\BiMi\Desktop\avira_free_antivirus_de_14.0.2.286.exe
2013-12-25 09:31 - 2013-12-25 09:31 - 04645232 _____ (Piriform Ltd) C:\Users\BiMi\Desktop\ccsetup409.exe
2013-12-25 09:31 - 2013-12-25 09:31 - 00532480 _____ (Trend Micro Incorporated) C:\Users\BiMi\Desktop\cwshredder.exe
2013-12-25 09:29 - 2013-12-25 09:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\BiMi\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-25 09:28 - 2013-12-25 09:29 - 29118680 _____ (SUPERAntiSpyware) C:\Users\BiMi\Desktop\SUPERAntiSpyware.exe
2013-12-24 21:32 - 2013-12-24 21:55 - 00000000 ____D C:\Users\BiMi\Desktop\Datensicherung
2013-12-24 21:17 - 2013-12-24 21:49 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de.exe
2013-12-24 21:16 - 2013-12-24 21:54 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-24 21:08 - 2013-12-24 21:08 - 00000000 ____D C:\windows\pss
2013-12-13 14:14 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-13 14:14 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-13 14:14 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-13 14:14 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-13 14:12 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-13 14:12 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-13 14:12 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-13 14:12 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-13 14:12 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-13 14:12 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-13 14:12 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-13 14:12 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-13 14:12 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-13 14:12 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-13 14:12 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-13 14:12 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-13 14:12 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-13 14:12 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-13 14:12 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-13 14:12 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-13 14:12 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-13 14:12 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-13 14:12 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-13 14:12 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-13 14:12 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-13 14:12 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-13 14:12 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-13 14:12 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-13 14:12 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-13 14:12 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-13 14:12 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-13 14:12 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-13 14:12 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-13 14:12 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-13 14:12 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 13:50 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 13:49 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 13:49 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 13:49 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 13:49 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 13:49 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 13:49 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 13:48 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 13:48 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 13:47 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 13:47 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 13:47 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 13:47 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 13:47 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 13:47 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 13:47 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 13:47 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 13:46 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 13:46 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-11-28 12:38 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-11-28 12:32 - 2013-11-28 12:32 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe

==================== One Month Modified Files and Folders =======

2013-12-26 19:09 - 2013-12-26 19:09 - 00012259 _____ C:\Users\BiMi\Desktop\FRST.txt
2013-12-26 19:09 - 2013-12-26 19:08 - 00000000 ____D C:\Users\BiMi\Desktop\Malware Fight
2013-12-26 19:08 - 2013-12-26 19:08 - 01928716 _____ (Farbar) C:\Users\BiMi\Desktop\FRST64.exe
2013-12-26 19:07 - 2013-12-26 19:06 - 00002641 _____ C:\Users\BiMi\Desktop\JRT.txt
2013-12-26 19:07 - 2012-07-08 10:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-26 18:55 - 2013-12-26 18:55 - 00000000 ____D C:\windows\ERUNT
2013-12-26 18:54 - 2013-12-26 18:54 - 01034531 _____ (Thisisu) C:\Users\BiMi\Desktop\JRT.exe
2013-12-26 18:52 - 2009-07-14 05:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 18:52 - 2009-07-14 05:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 18:46 - 2013-12-26 18:34 - 00000000 ____D C:\AdwCleaner
2013-12-26 18:45 - 2012-05-11 23:16 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-12-26 18:44 - 2013-12-26 18:47 - 00001221 _____ C:\Users\BiMi\Desktop\AdwCleaner[S1].txt
2013-12-26 18:44 - 2013-12-25 17:36 - 00000336 _____ C:\windows\setupact.log
2013-12-26 18:44 - 2012-05-11 23:10 - 01902178 _____ C:\windows\WindowsUpdate.log
2013-12-26 18:44 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-26 18:43 - 2013-12-26 18:47 - 00001159 _____ C:\Users\BiMi\Desktop\AdwCleaner[R1].txt
2013-12-26 18:40 - 2013-12-26 18:42 - 00004333 _____ C:\Users\BiMi\Desktop\AdwCleaner[S0].txt
2013-12-26 18:35 - 2013-12-26 18:42 - 00004566 _____ C:\Users\BiMi\Desktop\AdwCleaner[R0].txt
2013-12-26 18:34 - 2013-12-26 18:34 - 01233962 _____ C:\Users\BiMi\Desktop\adwcleaner.exe
2013-12-26 05:23 - 2013-12-26 04:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-26 04:57 - 2013-12-26 04:57 - 00117464 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-26 04:56 - 2013-12-26 04:55 - 00089304 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-12-26 04:54 - 2013-12-26 04:54 - 00000000 ____D C:\Users\BiMi\Desktop\Malwarebytes_AntiRootKit
2013-12-26 04:53 - 2013-12-26 04:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\BiMi\Desktop\mbar-1.07.0.1008.exe
2013-12-25 18:29 - 2013-12-25 18:29 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-12-25 18:16 - 2013-12-25 18:16 - 549107631 _____ C:\windows\MEMORY.DMP
2013-12-25 18:16 - 2013-12-25 18:16 - 00714752 _____ C:\windows\Minidump\122513-25693-01.dmp
2013-12-25 18:16 - 2013-12-25 18:16 - 00000000 ____D C:\windows\Minidump
2013-12-25 17:47 - 2013-12-25 17:47 - 00000000 ____D C:\FRST
2013-12-25 17:46 - 2011-02-11 09:21 - 00630046 _____ C:\windows\system32\perfh007.dat
2013-12-25 17:46 - 2011-02-11 09:21 - 00120628 _____ C:\windows\system32\perfc007.dat
2013-12-25 17:46 - 2009-07-14 06:13 - 01435892 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 _____ C:\Users\BiMi\defogger_reenable
2013-12-25 17:45 - 2012-06-05 16:14 - 00000000 ____D C:\Users\BiMi
2013-12-25 17:36 - 2013-12-25 17:36 - 00002348 _____ C:\windows\PFRO.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00000000 _____ C:\windows\setuperr.log
2013-12-25 17:36 - 2013-12-25 14:00 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4.job
2013-12-25 17:36 - 2013-12-25 14:00 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7.job
2013-12-25 16:03 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-12-25 14:06 - 2013-12-25 14:06 - 00000000 ____D C:\SUPERDelete
2013-12-25 14:02 - 2013-12-25 14:02 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 14:00 - 2013-12-25 14:00 - 00003582 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4
2013-12-25 14:00 - 2013-12-25 14:00 - 00003508 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7
2013-12-25 14:00 - 2013-12-25 14:00 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 13:58 - 2012-02-18 05:32 - 00000000 ____D C:\windows\Panther
2013-12-25 13:51 - 2013-12-25 13:51 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-25 13:51 - 2013-12-25 13:51 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 13:33 - 2012-05-11 23:16 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-12-25 12:51 - 2012-05-11 23:37 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2013-12-25 10:33 - 2012-02-17 06:28 - 00000000 ____D C:\ProgramData\McAfee
2013-12-25 10:32 - 2009-07-14 04:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-12-25 10:29 - 2013-12-25 10:29 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\ProgramData\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-25 10:18 - 2012-02-17 05:42 - 00000000 ____D C:\Program Files (x86)\Nero
2013-12-25 10:16 - 2012-02-17 06:14 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2013-12-25 10:14 - 2012-02-17 06:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-25 10:14 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-25 10:11 - 2012-06-06 12:55 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\SoftGrid Client
2013-12-25 10:06 - 2012-06-06 13:39 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-25 10:00 - 2012-02-17 06:21 - 00000000 ____D C:\ProgramData\Adobe
2013-12-25 09:55 - 2012-05-11 23:15 - 00000000 ____D C:\Program Files\Intel
2013-12-25 09:55 - 2012-05-11 23:13 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-25 09:54 - 2012-02-17 06:07 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-12-25 09:42 - 2012-06-06 08:48 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\WildTangent
2013-12-25 09:42 - 2012-05-11 23:37 - 00000000 ____D C:\ProgramData\WildTangent
2013-12-25 09:41 - 2012-06-24 11:02 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Skype
2013-12-25 09:41 - 2012-02-17 06:01 - 00000000 ____D C:\ProgramData\Skype
2013-12-25 09:40 - 2012-10-04 09:18 - 00000000 ____D C:\Program Files\HP
2013-12-25 09:38 - 2013-12-25 10:09 - 129598176 _____ C:\Users\BiMi\Desktop\avira_free_antivirus_de_14.0.2.286.exe
2013-12-25 09:33 - 2012-06-05 17:21 - 00000000 ____D C:\Users\BiMi\AppData\Local\Google
2013-12-25 09:33 - 2012-02-17 06:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-25 09:31 - 2013-12-25 09:31 - 04645232 _____ (Piriform Ltd) C:\Users\BiMi\Desktop\ccsetup409.exe
2013-12-25 09:31 - 2013-12-25 09:31 - 00532480 _____ (Trend Micro Incorporated) C:\Users\BiMi\Desktop\cwshredder.exe
2013-12-25 09:29 - 2013-12-25 09:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\BiMi\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-25 09:29 - 2013-12-25 09:28 - 29118680 _____ (SUPERAntiSpyware) C:\Users\BiMi\Desktop\SUPERAntiSpyware.exe
2013-12-25 09:23 - 2013-08-31 11:38 - 00000000 ____D C:\windows\system32\MRT
2013-12-25 09:19 - 2012-02-17 06:25 - 00000000 ____D C:\Program Files\Google
2013-12-24 21:57 - 2012-11-13 18:58 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-24 21:55 - 2013-12-24 21:32 - 00000000 ____D C:\Users\BiMi\Desktop\Datensicherung
2013-12-24 21:54 - 2013-12-24 21:16 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-24 21:49 - 2013-12-24 21:17 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de.exe
2013-12-24 21:20 - 2012-02-17 06:24 - 00000000 ____D C:\ProgramData\Google
2013-12-24 21:10 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-24 21:08 - 2013-12-24 21:08 - 00000000 ____D C:\windows\pss
2013-12-13 14:32 - 2009-07-14 05:45 - 00275856 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-09 11:37 - 2013-12-25 10:27 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-25 10:27 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-25 10:27 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2013-12-25 10:27 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-11-28 12:55 - 2012-06-05 17:18 - 00001428 _____ C:\Users\BiMi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-28 12:32 - 2013-11-28 12:32 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-26 12:54 - 2013-12-13 14:12 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-13 14:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-13 14:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-13 14:12 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-13 14:12 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-13 14:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-13 14:12 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-13 14:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-13 14:12 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-13 14:12 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-13 14:12 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-13 14:12 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-13 14:12 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-13 14:12 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-13 14:12 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-13 14:12 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-13 14:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-13 14:12 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-13 14:12 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-13 14:12 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-13 14:12 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-13 14:12 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-13 14:12 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-13 14:12 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-13 14:12 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-13 14:12 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-13 14:12 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-13 14:12 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-13 14:12 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-13 14:12 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-13 14:12 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\BiMi\AppData\Local\Temp\avgnt.exe
C:\Users\BiMi\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-25 15:56

==================== End Of Log ============================
         
--- --- ---


Die Datei addition.txt wurde nicht mit geloggt. Der Haken dafür ist im Tool auch auf disable. Daher habe ich den Haken bei addition.txt gesetzt und einen zweiten Scan gestartet, um das Logfile zu erhalten.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2013
Ran by BiMi at 2013-12-26 19:21:59
Running from C:\Users\BiMi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AMD APP SDK Runtime (Version: 10.0.851.6)
AMD Catalyst Install Manager (Version: 3.0.859.0)
Atheros Bluetooth Filter Driver Package (Version: 1.0.0.12)
Atheros Driver Installation Program (x32 Version: 9.2)
Avira Free Antivirus (x32 Version: 14.0.2.286)
Bluetooth Stack for Windows by Toshiba (Version: v9.00.00(T))
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0120.420.7502)
Catalyst Control Center InstallProxy (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Localization All (x32 Version: 2012.0120.420.7502)
CCC Help Chinese Standard (x32 Version: 2012.0120.0419.7502)
CCC Help Chinese Traditional (x32 Version: 2012.0120.0419.7502)
CCC Help Czech (x32 Version: 2012.0120.0419.7502)
CCC Help Danish (x32 Version: 2012.0120.0419.7502)
CCC Help Dutch (x32 Version: 2012.0120.0419.7502)
CCC Help English (x32 Version: 2012.0120.0419.7502)
CCC Help Finnish (x32 Version: 2012.0120.0419.7502)
CCC Help French (x32 Version: 2012.0120.0419.7502)
CCC Help German (x32 Version: 2012.0120.0419.7502)
CCC Help Greek (x32 Version: 2012.0120.0419.7502)
CCC Help Hungarian (x32 Version: 2012.0120.0419.7502)
CCC Help Italian (x32 Version: 2012.0120.0419.7502)
CCC Help Japanese (x32 Version: 2012.0120.0419.7502)
CCC Help Korean (x32 Version: 2012.0120.0419.7502)
CCC Help Norwegian (x32 Version: 2012.0120.0419.7502)
CCC Help Polish (x32 Version: 2012.0120.0419.7502)
CCC Help Portuguese (x32 Version: 2012.0120.0419.7502)
CCC Help Russian (x32 Version: 2012.0120.0419.7502)
CCC Help Spanish (x32 Version: 2012.0120.0419.7502)
CCC Help Swedish (x32 Version: 2012.0120.0419.7502)
CCC Help Thai (x32 Version: 2012.0120.0419.7502)
CCC Help Turkish (x32 Version: 2012.0120.0419.7502)
ccc-utility64 (Version: 2012.0120.420.7502)
CCleaner (Version: 4.09)
High-Definition Video Playback (x32 Version: 11.1.10500.2.65)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Update (x32 Version: 5.003.003.001)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5139.5005)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Nero 11 Essentials (x32 Version: 11.0.00300)
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0)
Nero BackItUp 11 (x32 Version: 6.0.18000.19.100)
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10200)
Nero BurnRights 11 (x32 Version: 5.0.10300.4.100)
Nero BurnRights 11 Help (CHM) (x32 Version: 11.0.10100)
Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27)
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Core Components 11 (x32 Version: 11.0.15500.1.16)
Nero Express 11 (x32 Version: 11.0.11900.24.100)
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Kwik Media (x32 Version: 1.10.24800.146.100)
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200)
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400)
Nero Update (x32 Version: 11.0.11400.27.0)
nero.prerequisites.msi (x32 Version: 11.0.20008)
Premium Sound HD (Version: 1.12.1800)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6597)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30130)
SUPERAntiSpyware (Version: 5.7.1016)
Synaptics Pointing Device Driver (Version: 15.3.38.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.10.64)
TOSHIBA Hardware Setup (x32 Version: 2.00.0020)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.11)
TOSHIBA Media Controller (x32 Version: 1.0.87.5)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.7)
TOSHIBA Online Product Information (x32 Version: 4.01.0000)
TOSHIBA PC Health Monitor (Version: 1.7.15.64)
TOSHIBA Places Icon Utility (x32 Version: 1.1.1.4)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.6.52020009)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)
TOSHIBA Service Station (x32 Version: 2.2.13)
TOSHIBA Sleep Utility (x32 Version: 1.4.0022.000104)
TOSHIBA Supervisor Password (x32 Version: 2.00.0009)
TOSHIBA TEMPRO (x32 Version: 3.35)
TOSHIBA Value Added Package (Version: 1.6.0021.640203)
TOSHIBA Value Added Package (x32 Version: 1.6.0021.640203)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
welcome (x32 Version: 11.0.22500.0.0)

==================== Restore Points  =========================

25-12-2013 08:22:31 Removed Microsoft Silverlight
25-12-2013 08:39:23 Removed Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten
25-12-2013 08:40:18 Removed Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
25-12-2013 08:40:42 Removed Skype™ 5.10
25-12-2013 08:41:33 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
25-12-2013 08:45:21 Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen wird entfernt
25-12-2013 08:45:47 Windows Live Mesh ActiveX control for remote connections wird entfernt
25-12-2013 08:46:07 Windows Live Mesh ActiveX Control for Remote Connections wird entfernt
25-12-2013 08:46:33 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
25-12-2013 08:48:01 Windows Live Essentials
25-12-2013 08:48:20 WLSetup
25-12-2013 08:50:28 Windows Live Essentials
25-12-2013 08:50:54 WLSetup
25-12-2013 08:53:14 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
25-12-2013 08:53:48 Windows Live Mesh ActiveX Control for Remote Connections wird entfernt
25-12-2013 08:54:11 Contrôle ActiveX Windows Live Mesh pour connexions à distance wird entfernt
25-12-2013 08:55:30 Removed Intel® Trusted Connect Service Client
25-12-2013 08:56:02 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
25-12-2013 08:57:56 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
25-12-2013 08:58:31 Microsoft Visual C++ 2005 Redistributable wird entfernt
25-12-2013 08:58:54 Removed Adobe Reader X (10.1.4) MUI.
25-12-2013 09:03:00 Removed HP Deskjet 3050A J611 series Hilfe
25-12-2013 09:06:55 Removed Apple Application Support
25-12-2013 09:07:28 Removed iTunes
25-12-2013 09:09:24 Removed Apple Software Update
25-12-2013 09:10:32 Microsoft Visual C++ 2005 Redistributable (x64) wird entfernt
25-12-2013 09:11:09 Removed Apple Mobile Device Support
25-12-2013 09:13:01 Windows Modules Installer
25-12-2013 09:13:52 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
25-12-2013 09:14:32 Removed TOSHIBA Resolution+ Plug-in for Windows Media Player
25-12-2013 09:15:17 Removed Java(TM) 6 Update 30
25-12-2013 09:16:07 Removed Toshiba Manuals
25-12-2013 09:18:17 Removed Nero Backup Drivers.
25-12-2013 19:01:05 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2FA439AB-562C-4BFC-9D68-FEA598664C9E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {3C07C874-5231-4712-9AA0-AAF7FAAEFE02} - System32\Tasks\ScanToPCActivationApp.exe_{8B66A50E-A5B5-45F9-8116-E4B77CF2D7DA} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {41E05249-EA2F-46AE-BEBE-83F9DFEEF472} - System32\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {4963E752-3E30-4F4A-8679-18182386BEB2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {739F880D-0ADA-459E-BF42-5A15CBCF05D8} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {80B7FE5D-1CB4-4EC0-82A0-828E66FD19AA} - System32\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2012-02-17 06:14 - 2011-02-22 11:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll
2013-12-25 10:27 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-05-11 23:15 - 2012-02-21 20:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-07-08 10:42 - 2013-12-26 19:07 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 6103.8 MB
Available physical RAM: 4416.61 MB
Total Pagefile: 12205.79 MB
Available Pagefile: 9927.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI30876100B) (Fixed) (Total:578.55 GB) (Free:517.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 1DE56D1D)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=17)

==================== End Of Log ============================
         


Alt 26.12.2013, 19:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [] - [x]
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] ()
c:\progra~3\bitguard
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
--> Windows 7 - mit mehreren Viren & Trojanern infiziert

Alt 26.12.2013, 19:56   #7
Der Alex
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Fixlog.txt
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-12-2013
Ran by BiMi at 2013-12-26 20:55:40 Run:1
Running from C:\Users\BiMi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] - [x]
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] ()
c:\progra~3\bitguard      
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
"c:\progra~3\bitguard" => File/Directory not found.

==== End of Fixlog ====
         

Alt 26.12.2013, 21:26   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Frische FRST Logs bitte; FRST neu runterladen, starten per Doppelklick, Haken setzen bei additions.txt und auf Scan klicken
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.12.2013, 21:40   #9
Der Alex
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



bitte sehr...


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by BiMi (administrator) on BIMI-TOSH on 26-12-2013 22:37:33
Running from C:\Users\BiMi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\System32\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-20] (SUPERAntiSpyware)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=5CBC446D578814A8&affID=126473&tsp=5039
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 - {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKCU - {A8B9485A-4F0D-4D48-A0F6-FD739BBD3F8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE487
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default
FF Homepage: https://www.google.de/
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\BiMi\AppData\Roaming\Mozilla\Firefox\Profiles\0b4hjed5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HomePage: hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=5CBC446D578814A8&affID=126473&tsp=5039
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Widget context) - C:\Users\BiMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp\3.0_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Tosrfcom; No ImagePath
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-26 22:37 - 2013-12-26 22:37 - 00012132 _____ C:\Users\BiMi\Desktop\FRST.txt
2013-12-26 22:36 - 2013-12-26 22:37 - 01928716 _____ (Farbar) C:\Users\BiMi\Desktop\FRST64.exe
2013-12-26 19:08 - 2013-12-26 22:36 - 00000000 ____D C:\Users\BiMi\Desktop\Malware Fight
2013-12-26 18:55 - 2013-12-26 18:55 - 00000000 ____D C:\windows\ERUNT
2013-12-26 18:34 - 2013-12-26 18:46 - 00000000 ____D C:\AdwCleaner
2013-12-26 04:57 - 2013-12-26 05:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-26 04:57 - 2013-12-26 04:57 - 00117464 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-26 04:55 - 2013-12-26 04:56 - 00089304 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-12-25 18:29 - 2013-12-25 18:29 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-12-25 18:16 - 2013-12-25 18:16 - 549107631 _____ C:\windows\MEMORY.DMP
2013-12-25 18:16 - 2013-12-25 18:16 - 00714752 _____ C:\windows\Minidump\122513-25693-01.dmp
2013-12-25 18:16 - 2013-12-25 18:16 - 00000000 ____D C:\windows\Minidump
2013-12-25 17:47 - 2013-12-25 17:47 - 00000000 ____D C:\FRST
2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 _____ C:\Users\BiMi\defogger_reenable
2013-12-25 17:36 - 2013-12-26 20:52 - 00000392 _____ C:\windows\setupact.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00002348 _____ C:\windows\PFRO.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00000000 _____ C:\windows\setuperr.log
2013-12-25 14:06 - 2013-12-25 14:06 - 00000000 ____D C:\SUPERDelete
2013-12-25 14:02 - 2013-12-25 14:02 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 14:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-25 14:00 - 2013-12-26 22:00 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7.job
2013-12-25 14:00 - 2013-12-25 17:36 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4.job
2013-12-25 14:00 - 2013-12-25 14:00 - 00003582 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4
2013-12-25 14:00 - 2013-12-25 14:00 - 00003508 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7
2013-12-25 14:00 - 2013-12-25 14:00 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 13:51 - 2013-12-25 13:51 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-25 13:51 - 2013-12-25 13:51 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 10:29 - 2013-12-25 10:29 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\ProgramData\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-25 10:27 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-25 10:27 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-25 10:27 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-25 10:27 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-25 10:09 - 2013-12-25 09:38 - 129598176 _____ C:\Users\BiMi\Desktop\avira_free_antivirus_de_14.0.2.286.exe
2013-12-25 09:31 - 2013-12-25 09:31 - 04645232 _____ (Piriform Ltd) C:\Users\BiMi\Desktop\ccsetup409.exe
2013-12-25 09:31 - 2013-12-25 09:31 - 00532480 _____ (Trend Micro Incorporated) C:\Users\BiMi\Desktop\cwshredder.exe
2013-12-25 09:29 - 2013-12-25 09:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\BiMi\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-25 09:28 - 2013-12-25 09:29 - 29118680 _____ (SUPERAntiSpyware) C:\Users\BiMi\Desktop\SUPERAntiSpyware.exe
2013-12-24 21:32 - 2013-12-24 21:55 - 00000000 ____D C:\Users\BiMi\Desktop\Datensicherung
2013-12-24 21:17 - 2013-12-24 21:49 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de.exe
2013-12-24 21:16 - 2013-12-24 21:54 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-24 21:08 - 2013-12-24 21:08 - 00000000 ____D C:\windows\pss
2013-12-13 14:14 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-13 14:14 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-13 14:14 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-13 14:14 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-13 14:12 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-13 14:12 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-13 14:12 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-13 14:12 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-13 14:12 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-13 14:12 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-13 14:12 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-13 14:12 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-13 14:12 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-13 14:12 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-13 14:12 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-13 14:12 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-13 14:12 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-13 14:12 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-13 14:12 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-13 14:12 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-13 14:12 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-13 14:12 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-13 14:12 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-13 14:12 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-13 14:12 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-13 14:12 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-13 14:12 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-13 14:12 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-13 14:12 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-13 14:12 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-13 14:12 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-13 14:12 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-13 14:12 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-13 14:12 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-13 14:12 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 13:50 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 13:49 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 13:49 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 13:49 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 13:49 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 13:49 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 13:49 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 13:48 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 13:48 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 13:47 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 13:47 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 13:47 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 13:47 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 13:47 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 13:47 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 13:47 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 13:47 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 13:46 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 13:46 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-11-28 12:38 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-11-28 12:32 - 2013-11-28 12:32 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe

==================== One Month Modified Files and Folders =======

2013-12-26 22:37 - 2013-12-26 22:37 - 00012132 _____ C:\Users\BiMi\Desktop\FRST.txt
2013-12-26 22:37 - 2013-12-26 22:36 - 01928716 _____ (Farbar) C:\Users\BiMi\Desktop\FRST64.exe
2013-12-26 22:36 - 2013-12-26 19:08 - 00000000 ____D C:\Users\BiMi\Desktop\Malware Fight
2013-12-26 22:31 - 2012-05-11 23:10 - 01910731 _____ C:\windows\WindowsUpdate.log
2013-12-26 22:00 - 2013-12-25 14:00 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7.job
2013-12-26 20:59 - 2009-07-14 05:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 20:59 - 2009-07-14 05:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 20:52 - 2013-12-25 17:36 - 00000392 _____ C:\windows\setupact.log
2013-12-26 20:52 - 2012-05-11 23:16 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-12-26 20:52 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-26 19:07 - 2012-07-08 10:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-26 18:55 - 2013-12-26 18:55 - 00000000 ____D C:\windows\ERUNT
2013-12-26 18:46 - 2013-12-26 18:34 - 00000000 ____D C:\AdwCleaner
2013-12-26 05:23 - 2013-12-26 04:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-26 04:57 - 2013-12-26 04:57 - 00117464 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-26 04:56 - 2013-12-26 04:55 - 00089304 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-12-25 18:29 - 2013-12-25 18:29 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-12-25 18:16 - 2013-12-25 18:16 - 549107631 _____ C:\windows\MEMORY.DMP
2013-12-25 18:16 - 2013-12-25 18:16 - 00714752 _____ C:\windows\Minidump\122513-25693-01.dmp
2013-12-25 18:16 - 2013-12-25 18:16 - 00000000 ____D C:\windows\Minidump
2013-12-25 17:47 - 2013-12-25 17:47 - 00000000 ____D C:\FRST
2013-12-25 17:46 - 2011-02-11 09:21 - 00630046 _____ C:\windows\system32\perfh007.dat
2013-12-25 17:46 - 2011-02-11 09:21 - 00120628 _____ C:\windows\system32\perfc007.dat
2013-12-25 17:46 - 2009-07-14 06:13 - 01435892 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 _____ C:\Users\BiMi\defogger_reenable
2013-12-25 17:45 - 2012-06-05 16:14 - 00000000 ____D C:\Users\BiMi
2013-12-25 17:36 - 2013-12-25 17:36 - 00002348 _____ C:\windows\PFRO.log
2013-12-25 17:36 - 2013-12-25 17:36 - 00000000 _____ C:\windows\setuperr.log
2013-12-25 17:36 - 2013-12-25 14:00 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4.job
2013-12-25 16:03 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-12-25 14:06 - 2013-12-25 14:06 - 00000000 ____D C:\SUPERDelete
2013-12-25 14:02 - 2013-12-25 14:02 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 14:01 - 2013-12-25 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 14:00 - 2013-12-25 14:00 - 00003582 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4
2013-12-25 14:00 - 2013-12-25 14:00 - 00003508 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7
2013-12-25 14:00 - 2013-12-25 14:00 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 13:58 - 2012-02-18 05:32 - 00000000 ____D C:\windows\Panther
2013-12-25 13:51 - 2013-12-25 13:51 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-25 13:51 - 2013-12-25 13:51 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 13:33 - 2012-05-11 23:16 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-12-25 12:51 - 2012-05-11 23:37 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2013-12-25 10:33 - 2012-02-17 06:28 - 00000000 ____D C:\ProgramData\McAfee
2013-12-25 10:32 - 2009-07-14 04:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-12-25 10:29 - 2013-12-25 10:29 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\ProgramData\Avira
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-25 10:18 - 2012-02-17 05:42 - 00000000 ____D C:\Program Files (x86)\Nero
2013-12-25 10:16 - 2012-02-17 06:14 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2013-12-25 10:14 - 2012-02-17 06:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-25 10:14 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-25 10:11 - 2012-06-06 12:55 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\SoftGrid Client
2013-12-25 10:06 - 2012-06-06 13:39 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-25 10:00 - 2012-02-17 06:21 - 00000000 ____D C:\ProgramData\Adobe
2013-12-25 09:55 - 2012-05-11 23:15 - 00000000 ____D C:\Program Files\Intel
2013-12-25 09:55 - 2012-05-11 23:13 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-25 09:54 - 2012-02-17 06:07 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-12-25 09:42 - 2012-06-06 08:48 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\WildTangent
2013-12-25 09:42 - 2012-05-11 23:37 - 00000000 ____D C:\ProgramData\WildTangent
2013-12-25 09:41 - 2012-06-24 11:02 - 00000000 ____D C:\Users\BiMi\AppData\Roaming\Skype
2013-12-25 09:41 - 2012-02-17 06:01 - 00000000 ____D C:\ProgramData\Skype
2013-12-25 09:40 - 2012-10-04 09:18 - 00000000 ____D C:\Program Files\HP
2013-12-25 09:38 - 2013-12-25 10:09 - 129598176 _____ C:\Users\BiMi\Desktop\avira_free_antivirus_de_14.0.2.286.exe
2013-12-25 09:33 - 2012-06-05 17:21 - 00000000 ____D C:\Users\BiMi\AppData\Local\Google
2013-12-25 09:33 - 2012-02-17 06:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-25 09:31 - 2013-12-25 09:31 - 04645232 _____ (Piriform Ltd) C:\Users\BiMi\Desktop\ccsetup409.exe
2013-12-25 09:31 - 2013-12-25 09:31 - 00532480 _____ (Trend Micro Incorporated) C:\Users\BiMi\Desktop\cwshredder.exe
2013-12-25 09:29 - 2013-12-25 09:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\BiMi\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-25 09:29 - 2013-12-25 09:28 - 29118680 _____ (SUPERAntiSpyware) C:\Users\BiMi\Desktop\SUPERAntiSpyware.exe
2013-12-25 09:23 - 2013-08-31 11:38 - 00000000 ____D C:\windows\system32\MRT
2013-12-25 09:19 - 2012-02-17 06:25 - 00000000 ____D C:\Program Files\Google
2013-12-24 21:57 - 2012-11-13 18:58 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-24 21:55 - 2013-12-24 21:32 - 00000000 ____D C:\Users\BiMi\Desktop\Datensicherung
2013-12-24 21:54 - 2013-12-24 21:16 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-24 21:49 - 2013-12-24 21:17 - 129598176 _____ C:\Users\BiMi\Downloads\avira_free_antivirus_de.exe
2013-12-24 21:20 - 2012-02-17 06:24 - 00000000 ____D C:\ProgramData\Google
2013-12-24 21:10 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-24 21:08 - 2013-12-24 21:08 - 00000000 ____D C:\windows\pss
2013-12-13 14:32 - 2009-07-14 05:45 - 00275856 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-09 11:37 - 2013-12-25 10:27 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-25 10:27 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-25 10:27 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2013-12-25 10:27 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-11-28 12:55 - 2012-06-05 17:18 - 00001428 _____ C:\Users\BiMi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-28 12:32 - 2013-11-28 12:32 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-28 12:32 - 2013-11-28 12:32 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-28 12:32 - 2013-11-28 12:32 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-28 12:32 - 2013-11-28 12:32 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-28 12:32 - 2013-11-28 12:32 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-28 12:32 - 2013-11-28 12:32 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-26 12:54 - 2013-12-13 14:12 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-13 14:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-13 14:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-13 14:12 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-13 14:12 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-13 14:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-13 14:12 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-13 14:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-13 14:12 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-13 14:12 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-13 14:12 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-13 14:12 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-13 14:12 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-13 14:12 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-13 14:12 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-13 14:12 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-13 14:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-13 14:12 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-13 14:12 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-13 14:12 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-13 14:12 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-13 14:12 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-13 14:12 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-13 14:12 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-13 14:12 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-13 14:12 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-13 14:12 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-13 14:12 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-13 14:12 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-13 14:12 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-13 14:12 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\BiMi\AppData\Local\Temp\avgnt.exe
C:\Users\BiMi\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-25 15:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2013
Ran by BiMi at 2013-12-26 22:38:21
Running from C:\Users\BiMi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AMD APP SDK Runtime (Version: 10.0.851.6)
AMD Catalyst Install Manager (Version: 3.0.859.0)
Atheros Bluetooth Filter Driver Package (Version: 1.0.0.12)
Atheros Driver Installation Program (x32 Version: 9.2)
Avira Free Antivirus (x32 Version: 14.0.2.286)
Bluetooth Stack for Windows by Toshiba (Version: v9.00.00(T))
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0120.420.7502)
Catalyst Control Center InstallProxy (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Localization All (x32 Version: 2012.0120.420.7502)
CCC Help Chinese Standard (x32 Version: 2012.0120.0419.7502)
CCC Help Chinese Traditional (x32 Version: 2012.0120.0419.7502)
CCC Help Czech (x32 Version: 2012.0120.0419.7502)
CCC Help Danish (x32 Version: 2012.0120.0419.7502)
CCC Help Dutch (x32 Version: 2012.0120.0419.7502)
CCC Help English (x32 Version: 2012.0120.0419.7502)
CCC Help Finnish (x32 Version: 2012.0120.0419.7502)
CCC Help French (x32 Version: 2012.0120.0419.7502)
CCC Help German (x32 Version: 2012.0120.0419.7502)
CCC Help Greek (x32 Version: 2012.0120.0419.7502)
CCC Help Hungarian (x32 Version: 2012.0120.0419.7502)
CCC Help Italian (x32 Version: 2012.0120.0419.7502)
CCC Help Japanese (x32 Version: 2012.0120.0419.7502)
CCC Help Korean (x32 Version: 2012.0120.0419.7502)
CCC Help Norwegian (x32 Version: 2012.0120.0419.7502)
CCC Help Polish (x32 Version: 2012.0120.0419.7502)
CCC Help Portuguese (x32 Version: 2012.0120.0419.7502)
CCC Help Russian (x32 Version: 2012.0120.0419.7502)
CCC Help Spanish (x32 Version: 2012.0120.0419.7502)
CCC Help Swedish (x32 Version: 2012.0120.0419.7502)
CCC Help Thai (x32 Version: 2012.0120.0419.7502)
CCC Help Turkish (x32 Version: 2012.0120.0419.7502)
ccc-utility64 (Version: 2012.0120.420.7502)
CCleaner (Version: 4.09)
High-Definition Video Playback (x32 Version: 11.1.10500.2.65)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Update (x32 Version: 5.003.003.001)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5139.5005)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Nero 11 Essentials (x32 Version: 11.0.00300)
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0)
Nero BackItUp 11 (x32 Version: 6.0.18000.19.100)
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10200)
Nero BurnRights 11 (x32 Version: 5.0.10300.4.100)
Nero BurnRights 11 Help (CHM) (x32 Version: 11.0.10100)
Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27)
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Core Components 11 (x32 Version: 11.0.15500.1.16)
Nero Express 11 (x32 Version: 11.0.11900.24.100)
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Kwik Media (x32 Version: 1.10.24800.146.100)
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200)
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400)
Nero Update (x32 Version: 11.0.11400.27.0)
nero.prerequisites.msi (x32 Version: 11.0.20008)
Premium Sound HD (Version: 1.12.1800)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6597)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30130)
SUPERAntiSpyware (Version: 5.7.1016)
Synaptics Pointing Device Driver (Version: 15.3.38.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.10.64)
TOSHIBA Hardware Setup (x32 Version: 2.00.0020)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.11)
TOSHIBA Media Controller (x32 Version: 1.0.87.5)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.7)
TOSHIBA Online Product Information (x32 Version: 4.01.0000)
TOSHIBA PC Health Monitor (Version: 1.7.15.64)
TOSHIBA Places Icon Utility (x32 Version: 1.1.1.4)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.6.52020009)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)
TOSHIBA Service Station (x32 Version: 2.2.13)
TOSHIBA Sleep Utility (x32 Version: 1.4.0022.000104)
TOSHIBA Supervisor Password (x32 Version: 2.00.0009)
TOSHIBA TEMPRO (x32 Version: 3.35)
TOSHIBA Value Added Package (Version: 1.6.0021.640203)
TOSHIBA Value Added Package (x32 Version: 1.6.0021.640203)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
welcome (x32 Version: 11.0.22500.0.0)

==================== Restore Points  =========================

25-12-2013 08:22:31 Removed Microsoft Silverlight
25-12-2013 08:39:23 Removed Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten
25-12-2013 08:40:18 Removed Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
25-12-2013 08:40:42 Removed Skype™ 5.10
25-12-2013 08:41:33 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
25-12-2013 08:45:21 Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen wird entfernt
25-12-2013 08:45:47 Windows Live Mesh ActiveX control for remote connections wird entfernt
25-12-2013 08:46:07 Windows Live Mesh ActiveX Control for Remote Connections wird entfernt
25-12-2013 08:46:33 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
25-12-2013 08:48:01 Windows Live Essentials
25-12-2013 08:48:20 WLSetup
25-12-2013 08:50:28 Windows Live Essentials
25-12-2013 08:50:54 WLSetup
25-12-2013 08:53:14 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
25-12-2013 08:53:48 Windows Live Mesh ActiveX Control for Remote Connections wird entfernt
25-12-2013 08:54:11 Contrôle ActiveX Windows Live Mesh pour connexions à distance wird entfernt
25-12-2013 08:55:30 Removed Intel® Trusted Connect Service Client
25-12-2013 08:56:02 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
25-12-2013 08:57:56 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
25-12-2013 08:58:31 Microsoft Visual C++ 2005 Redistributable wird entfernt
25-12-2013 08:58:54 Removed Adobe Reader X (10.1.4) MUI.
25-12-2013 09:03:00 Removed HP Deskjet 3050A J611 series Hilfe
25-12-2013 09:06:55 Removed Apple Application Support
25-12-2013 09:07:28 Removed iTunes
25-12-2013 09:09:24 Removed Apple Software Update
25-12-2013 09:10:32 Microsoft Visual C++ 2005 Redistributable (x64) wird entfernt
25-12-2013 09:11:09 Removed Apple Mobile Device Support
25-12-2013 09:13:01 Windows Modules Installer
25-12-2013 09:13:52 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
25-12-2013 09:14:32 Removed TOSHIBA Resolution+ Plug-in for Windows Media Player
25-12-2013 09:15:17 Removed Java(TM) 6 Update 30
25-12-2013 09:16:07 Removed Toshiba Manuals
25-12-2013 09:18:17 Removed Nero Backup Drivers.
25-12-2013 19:01:05 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2FA439AB-562C-4BFC-9D68-FEA598664C9E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {3C07C874-5231-4712-9AA0-AAF7FAAEFE02} - System32\Tasks\ScanToPCActivationApp.exe_{8B66A50E-A5B5-45F9-8116-E4B77CF2D7DA} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {41E05249-EA2F-46AE-BEBE-83F9DFEEF472} - System32\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {4963E752-3E30-4F4A-8679-18182386BEB2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {739F880D-0ADA-459E-BF42-5A15CBCF05D8} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {80B7FE5D-1CB4-4EC0-82A0-828E66FD19AA} - System32\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 451bc219-4d84-44cf-9bda-4b6bf0aa38f7.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e37bfdcf-de68-4d35-8654-100e54ba10e4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2012-02-17 06:14 - 2011-02-22 11:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll
2013-12-25 10:27 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-07-08 10:42 - 2013-12-26 19:07 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-05-11 23:15 - 2012-02-21 20:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2013 08:52:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (12/26/2013 08:52:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 6103.8 MB
Available physical RAM: 4326.32 MB
Total Pagefile: 12205.79 MB
Available Pagefile: 9857.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI30876100B) (Fixed) (Total:578.55 GB) (Free:517.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 1DE56D1D)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=17)

==================== End Of Log ============================
         

Alt 26.12.2013, 21:44   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.12.2013, 23:11   #11
Der Alex
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



das hört sich gut an...die Logs.

Quickscan mit Malwarebytes Anti-Malware (MBAM)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
BiMi :: BIMI-TOSH [Administrator]

Schutz: Aktiviert

26.12.2013 22:52:48
mbam-log-2013-12-26 (22-52-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Heuristiks/Extra | HeuristiKs/Shuriken | P2P
Durchsuchte Objekte: 29556
Laufzeit: 2 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET Online Scanner
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=320961e629b6b642bb3ed6c5345bdf50
# engine=16412
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-26 11:03:13
# local_time=2013-12-27 12:03:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 23176 1517155 15932 0
# compatibility_mode=5893 16776574 100 94 12803187 139728843 0 0
# scanned=112864
# found=0
# cleaned=0
# scan_time=3824
         

Alt 27.12.2013, 00:56   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.12.2013, 10:19   #13
Der Alex
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Hallo cosinus,

Temp File Cleaner ist durchgeführt.

Habe jetzte das Firefox Add-On Adblock Plus 2.4 installiert.
Darüber hinaus die Firefox so eingestellt, dass die Chronik inkl. Cookies nach dem Beenden automtisch gelöscht wird.

Ich habe keine weiteren Probleme oder Funde mit dem Nootebook.



Reicht darüberhinaus der AVIRA Free AntiVirus und die Windows Firewall als "Standardschutz",
oder soll ich weitere Tools mitlaufen lassen?

Alt 27.12.2013, 15:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 - mit mehreren Viren & Trojanern infiziert - Standard

Windows 7 - mit mehreren Viren & Trojanern infiziert



Windows-Firewall ist ok, andere Desktop-Firewalls sind kontraproduktiv.

Avira Free empfehlen wir nicht mehr.

Lesestoff:
Warum wir Avira nicht mehr empfehlen
Avira liefert seit einiger Zeit mit der Standardinstallation die Ask Toolbar mit aus. Diese Toolbar ist Voraussetzung dafür, dass der Webguard zuverlässig funktioniert. Die Ask Toolbar ist dafür bekannt, dass sie das Surfverhalten des Benutzers ausspioniert, um damit in letzter Konsequenz Geld zu verdienen. Daher wird diese Toolbar von uns als "schädlich" eingestuft. Mehr Informationen.

Eine Sicherheitsfirma, die dem Benutzer praktisch ungefragt schädliche Software "unterjubelt", scheidet für uns daher aus. Wir empfehlen daher allen Nutzern von Avira aufgrund dieser Geschäftspraktik, der teilweise äußerst schlechten Erkennungsrate und der überaus nervtötenden Werbung Avira zu deinstallieren und auf ein alternatives Produkt auszuweichen.

Solltest du dich zu einem Wechsel entscheiden, empfehlen wir dir nach der Deinstallation mit dem Avira-Cleaner alle Reste zu entfernen.



Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 7 - mit mehreren Viren & Trojanern infiziert
antivir, appl/bprotector.u, appl/domaiq.gen, appl/firseria.gen, ausgelastet, branding, ccsetup, device driver, homepage, installation, internet, internet explorer, lollipop.exe, malware, ntdll.dll, pup.optional.browserdefender.a, pup.optional.delta.a, spr/agent.dkb, svchost.exe, tr/matsnu.eb.132, trojaner, viren, wildtangent games, windows



Ähnliche Themen: Windows 7 - mit mehreren Viren & Trojanern infiziert


  1. Mit Maleware und Trojanern infiziert
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (14)
  2. Acer Windows 7-Rechner * Befall von Viren und Trojanern? * Antivir Rescue CD beseitigt Viren/Trojanernicht
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (15)
  3. Win XP: Infektion mit mehreren Trojanern
    Log-Analyse und Auswertung - 28.04.2014 (33)
  4. Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ
    Log-Analyse und Auswertung - 15.02.2014 (86)
  5. PC mit mehreren Trojanern verseucht
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (2)
  6. Infizierung mit mehreren Trojanern
    Log-Analyse und Auswertung - 06.09.2012 (8)
  7. Internetprobleme auf mehreren Rechnern, einer war(ist?) mit My Security Shield infiziert
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (2)
  8. Windows 7 infiziert - 50 Euro zahlen zur Beseitigung aller Viren
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (1)
  9. Problem mit mehreren Viren/Trojanern
    Log-Analyse und Auswertung - 31.01.2011 (10)
  10. Probleme mit mehreren Trojanern
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (22)
  11. PC von Trojanern infiziert
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (3)
  12. mein PC ist mit paar Trojanern infiziert - Disabled.SecurityCenter
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (1)
  13. PC infiziert mit Trojanern TR/Fregee.H.9 nach UPS Mail
    Plagegeister aller Art und deren Bekämpfung - 11.03.2010 (18)
  14. WINXP mit mehreren Trojanern verseucht!?
    Plagegeister aller Art und deren Bekämpfung - 05.05.2009 (8)
  15. infiziert mit Trojanern und Viren; brauche dringend Hilfe
    Plagegeister aller Art und deren Bekämpfung - 26.05.2008 (1)
  16. mit verschiedenen Trojanern infiziert (VundoGen etc.)
    Plagegeister aller Art und deren Bekämpfung - 16.05.2008 (35)
  17. Windows 2000 mit Viren und Trojanern verseucht
    Plagegeister aller Art und deren Bekämpfung - 18.11.2007 (3)

Zum Thema Windows 7 - mit mehreren Viren & Trojanern infiziert - Liebe Forumsexperten, ein Familienmitglied von mir hat Probleme mit seinem Notebook. Fehlerbeschreibung: Bei diesem Notebook öffnen sich selbstständig mehrere Seiten über den Browser Firefox . Zudem ist der Rechner sehr - Windows 7 - mit mehreren Viren & Trojanern infiziert...
Archiv
Du betrachtest: Windows 7 - mit mehreren Viren & Trojanern infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.