oh, hab ich vor lauter begeisterung ganz vergessen...

hier ist es

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by super (administrator) on SUPER-PC on 06-08-2014 18:10:19
Running from C:\Users\super\Desktop
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\DCService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(HP) C:\Windows\System32\HPSIsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
() C:\Program Files\Verbindungsassistent\WTGService.exe
() C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {078a01be-ccf9-11e2-b2d8-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {078a01c1-ccf9-11e2-b2d8-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {355d4f88-e4e8-11e3-bb3f-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {355d4f98-e4e8-11e3-bb3f-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {5f832fc8-6ef3-11e3-b38f-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {64773991-84cd-11e3-85e8-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {647739ca-84cd-11e3-85e8-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {647739d5-84cd-11e3-85e8-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {647739e6-84cd-11e3-85e8-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {647739fc-84cd-11e3-85e8-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {67592aa8-c6b1-11e2-8f72-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {67592aae-c6b1-11e2-8f72-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {7eabcbac-22d1-11e3-af7e-c338331bf082} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {80e2f548-cf7c-11e2-8ec5-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {80e2f54b-cf7c-11e2-8ec5-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {80e2f553-cf7c-11e2-8ec5-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {921a5434-0aca-11e1-9f4e-b4749f5fa87e} - I:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {921a5443-0aca-11e1-9f4e-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {921a55dc-0aca-11e1-9f4e-001e101f7fb6} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {a8b0ca30-8c85-11e3-bc11-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {add37728-c6fb-11e2-b382-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {add3772c-c6fb-11e2-b382-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebd4f-2593-11e3-8b42-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebd5a-2593-11e3-8b42-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebd64-2593-11e3-8b42-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebd71-2593-11e3-8b42-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebd7f-2593-11e3-8b42-001e101f50a4} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebd8b-2593-11e3-8b42-001e101f50a4} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebd98-2593-11e3-8b42-001e101f50a4} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebda5-2593-11e3-8b42-001e101f50a4} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebdb0-2593-11e3-8b42-001e101f50a4} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ce1ebdda-2593-11e3-8b42-001e101f50a4} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {d91f0927-c1c5-11e2-befb-b4749f5fa87e} - H:\iStudio.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {d96ca910-6867-11e3-afe4-806e6f6e6963} - H:\Windows\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {da3c2a69-713b-11e3-a275-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {da3c2a74-713b-11e3-a275-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ef0295b2-9b6c-11e3-bc5e-001e101f1f81} - H:\Windows/AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {ef0295c3-9b6c-11e3-bc5e-001e101f1f81} - H:\Windows/AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {fc681dc2-33cc-11e1-96f2-b4749f5fa87e} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {fc8675e9-7144-11e3-a100-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {fdd7a008-e420-11e3-bf3f-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {fdd7a00c-e420-11e3-bf3f-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {fdd7a033-e420-11e3-bf3f-b4749f5fa87e} - H:\AutoRun.exe
HKU\S-1-5-21-3479700722-3704285448-1082177249-1000\...\MountPoints2: {fdd7a036-e420-11e3-bf3f-b4749f5fa87e} - H:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/index.php?org=307&shopurl=
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{971C7590-14D2-4DA3-945F-2A8C0B3E5099}: [NameServer]212.23.115.148 212.23.115.150

FireFox:
========
FF ProfilePath: C:\Users\super\AppData\Roaming\Mozilla\Firefox\Profiles\h389c6y7.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\super\AppData\Roaming\Mozilla\Firefox\Profiles\h389c6y7.default\Extensions\abs@avira.com [2014-08-04]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2012-12-27]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\super\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-15]
CHR Extension: (Google Search) - C:\Users\super\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-15]
CHR Extension: (Gmail) - C:\Users\super\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-07-26] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [432384 2013-08-02] ()
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [82816 2014-06-02] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2014-06-02] (Huawei Technologies Co., Ltd.)
S3 massfilter; C:\Windows\System32\DRIVERS\ztembbmassfilter.sys [11776 2012-11-22] (MBB Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35088 2012-06-06] (CACE Technologies, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-27] (Avira GmbH)
S3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ztembbusbmdm.sys [107520 2012-11-23] (ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ztembbusbnmea.sys [107520 2012-11-23] (ZTE Incorporated)
S3 ZTEusbser6K; C:\Windows\System32\DRIVERS\ztembbusbser6k.sys [107520 2012-11-23] (ZTE Incorporated)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ztembbusbvoice.sys [107520 2012-11-23] (ZTE Incorporated)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 21:55 - 2014-08-06 18:10 - 00000000 ____D () C:\FRST
2014-08-06 18:10 - 2014-08-06 18:10 - 00015787 _____ () C:\Users\super\Desktop\FRST.txt
2014-08-06 16:52 - 2014-08-06 17:41 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 16:51 - 2014-08-06 16:51 - 00001024 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-06 16:51 - 2014-08-06 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-06 16:51 - 2014-08-06 16:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 16:51 - 2014-08-06 16:51 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-06 16:51 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 16:51 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-06 16:51 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-06 16:49 - 2014-08-06 16:49 - 00000970 _____ () C:\Users\super\Desktop\JRT.txt
2014-08-06 16:46 - 2014-08-06 16:46 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 16:36 - 2014-08-06 16:38 - 00000000 ____D () C:\AdwCleaner
2014-08-06 16:33 - 2014-08-06 16:34 - 01016261 _____ (Thisisu) C:\Users\super\Desktop\JRT.exe
2014-08-06 16:28 - 2014-08-06 16:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\super\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-06 16:22 - 2014-08-06 16:22 - 01361309 _____ () C:\Users\super\Desktop\adwcleaner_3.302.exe
2014-08-06 14:41 - 2014-08-06 14:41 - 00000468 _____ () C:\Users\super\Desktop\fixlist.txt
2014-08-06 11:37 - 2014-08-06 11:38 - 01084928 _____ (Farbar) C:\Users\super\Desktop\FRST.exe
2014-08-05 16:28 - 2014-08-05 17:03 - 00036352 ____H () C:\Users\super\Desktop\~WRL4064.tmp
2014-08-05 11:32 - 2014-08-05 11:32 - 00001111 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-05 11:32 - 2014-08-05 11:32 - 00000000 ____D () C:\Users\super\AppData\Roaming\Nico Mak Computing
2014-08-05 11:32 - 2014-08-05 11:32 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-05 11:32 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-08-04 10:32 - 2014-08-04 10:32 - 00001055 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-04 10:32 - 2014-08-04 10:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-02 21:11 - 2014-08-02 21:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 11:26 - 2014-07-29 11:26 - 00027136 _____ () C:\Users\super\Desktop\All_remitance_report_2014(1).xls
2014-07-29 11:02 - 2014-08-06 17:02 - 00000000 ____D () C:\Users\super\AppData\Roaming\Alar
2014-07-29 11:02 - 2014-08-05 19:23 - 00000000 ____D () C:\Users\super\AppData\Roaming\Yqece
2014-07-29 11:02 - 2014-07-29 11:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-27 19:00 - 2014-07-27 18:58 - 05622848 ____R () C:\Users\super\Desktop\Compost ...zip
2014-07-19 16:52 - 2014-07-19 16:52 - 05112905 _____ () C:\Users\super\Desktop\Vortrag_Mati_Adel.pptx
2014-07-14 09:19 - 2014-07-14 09:22 - 00408576 _____ () C:\Users\super\Desktop\IDAEP-5 Cash book (2nd year).xls
2014-07-13 15:18 - 2014-07-13 15:18 - 00408064 _____ () C:\Users\super\Desktop\Copy of IDAEP-5 Cash book (2nd year).xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 18:10 - 2014-08-06 21:55 - 00000000 ____D () C:\FRST
2014-08-06 18:10 - 2014-08-06 18:10 - 00015787 _____ () C:\Users\super\Desktop\FRST.txt
2014-08-06 17:41 - 2014-08-06 16:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 17:20 - 2014-06-21 10:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-06 17:10 - 2011-11-05 07:54 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-06 17:05 - 2012-12-21 07:21 - 00123145 _____ () C:\Windows\setupact.log
2014-08-06 17:05 - 2012-12-21 07:20 - 00185300 _____ () C:\Windows\PFRO.log
2014-08-06 17:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 17:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas
2014-08-06 17:04 - 2011-11-05 20:45 - 02081974 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 17:02 - 2014-07-29 11:02 - 00000000 ____D () C:\Users\super\AppData\Roaming\Alar
2014-08-06 16:51 - 2014-08-06 16:51 - 00001024 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-06 16:51 - 2014-08-06 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-06 16:51 - 2014-08-06 16:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 16:51 - 2014-08-06 16:51 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-06 16:49 - 2014-08-06 16:49 - 00000970 _____ () C:\Users\super\Desktop\JRT.txt
2014-08-06 16:46 - 2014-08-06 16:46 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 16:38 - 2014-08-06 16:36 - 00000000 ____D () C:\AdwCleaner
2014-08-06 16:34 - 2014-08-06 16:33 - 01016261 _____ (Thisisu) C:\Users\super\Desktop\JRT.exe
2014-08-06 16:28 - 2014-08-06 16:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\super\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-06 16:22 - 2014-08-06 16:22 - 01361309 _____ () C:\Users\super\Desktop\adwcleaner_3.302.exe
2014-08-06 14:41 - 2014-08-06 14:41 - 00000468 _____ () C:\Users\super\Desktop\fixlist.txt
2014-08-06 11:40 - 2009-07-14 06:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 11:38 - 2014-08-06 11:37 - 01084928 _____ (Farbar) C:\Users\super\Desktop\FRST.exe
2014-08-05 19:23 - 2014-07-29 11:02 - 00000000 ____D () C:\Users\super\AppData\Roaming\Yqece
2014-08-05 17:03 - 2014-08-05 16:28 - 00036352 ____H () C:\Users\super\Desktop\~WRL4064.tmp
2014-08-05 11:32 - 2014-08-05 11:32 - 00001111 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-05 11:32 - 2014-08-05 11:32 - 00000000 ____D () C:\Users\super\AppData\Roaming\Nico Mak Computing
2014-08-05 11:32 - 2014-08-05 11:32 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-05 11:22 - 2014-06-02 15:56 - 00000000 ____D () C:\Users\super\AppData\Roaming\ALDITALKVerbindungsassistent
2014-08-04 10:32 - 2014-08-04 10:32 - 00001055 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-04 10:32 - 2014-08-04 10:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-04 10:32 - 2013-02-28 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-04 10:32 - 2013-02-28 14:17 - 00000000 ____D () C:\ProgramData\Avira
2014-08-04 10:32 - 2013-02-28 14:17 - 00000000 ____D () C:\Program Files\Avira
2014-08-04 10:26 - 2013-06-15 07:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-02 21:11 - 2014-08-02 21:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-31 09:31 - 2013-05-24 08:17 - 00000000 ____D () C:\Users\super\Desktop\privat
2014-07-31 09:26 - 2012-12-22 10:49 - 00027648 ____H () C:\Users\super\Desktop\~WRL1468.tmp
2014-07-31 09:26 - 2012-12-22 10:49 - 00027136 ____H () C:\Users\super\Desktop\~WRL1289.tmp
2014-07-31 09:25 - 2012-12-22 10:49 - 00027136 ____H () C:\Users\super\Desktop\~WRL2305.tmp
2014-07-31 09:20 - 2012-12-22 10:49 - 00026624 ____H () C:\Users\super\Desktop\~WRL0001.tmp
2014-07-31 09:14 - 2012-12-22 10:49 - 00024064 ____H () C:\Users\super\Desktop\~WRL0965.tmp
2014-07-29 11:26 - 2014-07-29 11:26 - 00027136 _____ () C:\Users\super\Desktop\All_remitance_report_2014(1).xls
2014-07-29 11:02 - 2014-07-29 11:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-28 16:14 - 2014-06-08 20:17 - 00000000 ____D () C:\Users\super\Desktop\SEZ2014
2014-07-27 18:58 - 2014-07-27 19:00 - 05622848 ____R () C:\Users\super\Desktop\Compost ...zip
2014-07-25 10:50 - 2013-05-06 11:22 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-19 16:52 - 2014-07-19 16:52 - 05112905 _____ () C:\Users\super\Desktop\Vortrag_Mati_Adel.pptx
2014-07-14 18:19 - 2014-04-13 06:13 - 00000000 ____D () C:\Users\super\Desktop\newsletter
2014-07-14 09:22 - 2014-07-14 09:19 - 00408576 _____ () C:\Users\super\Desktop\IDAEP-5 Cash book (2nd year).xls
2014-07-13 15:18 - 2014-07-13 15:18 - 00408064 _____ () C:\Users\super\Desktop\Copy of IDAEP-5 Cash book (2nd year).xls
2014-07-11 21:20 - 2013-07-28 11:20 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 21:20 - 2013-07-28 11:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\super\AppData\Local\Temp\AskSLib.dll
C:\Users\super\AppData\Local\Temp\avgnt.exe
C:\Users\super\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\super\AppData\Local\Temp\KMP_3.5.0.77.exe
C:\Users\super\AppData\Local\Temp\mfc80.dll
C:\Users\super\AppData\Local\Temp\mfc80u.dll
C:\Users\super\AppData\Local\Temp\mfcm80.dll
C:\Users\super\AppData\Local\Temp\mfcm80u.dll
C:\Users\super\AppData\Local\Temp\msvcm80.dll
C:\Users\super\AppData\Local\Temp\msvcp80.dll
C:\Users\super\AppData\Local\Temp\msvcr80.dll
C:\Users\super\AppData\Local\Temp\OSU.exe
C:\Users\super\AppData\Local\Temp\Quarantine.exe
C:\Users\super\AppData\Local\Temp\ResetDevice.exe
C:\Users\super\AppData\Local\Temp\siinst.exe
C:\Users\super\AppData\Local\Temp\siuninst.exe
C:\Users\super\AppData\Local\Temp\strings.dll
C:\Users\super\AppData\Local\Temp\UninstallSer.exe
C:\Users\super\AppData\Local\Temp\update.exe
C:\Users\super\AppData\Local\Temp\VersionUpdater.exe
C:\Users\super\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\super\AppData\Local\Temp\WTGXMLUtil.dll
C:\Users\super\AppData\Local\Temp\WtgZip.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 14:12

==================== End Of Log ============================
         

--- --- ---

Zitat:

Zitat von andreara

oh, hab ich vor lauter begeisterung ganz vergessen...

OK, dann jetzt bitte nicht die Begeisterung verlieren, der folgende Schritt dauert i.d.R. etwas länger als die bisherigen, manchmal auch einige Stunden.


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset