Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster

phoenixaz · 24.09.2014, 18:50

Guten Abend ihr Retter,

ich habe das Laptop einer Bekannten erhalten mit der Bitte um Hilfe. Sie denkt, sie hat sich einen Schädling eingefangen. Es ist ein Intel I-5 2430M 2.4 Ghz, 4 GB RAM, 64 bit Windows 7 home.

Internetseiten öffnen sich langsam, Downloads sind eine Katastrophe. Angeblich gehen plötzlich Fenster mit kryptischen Zeichen auf und der PC braucht für alles eine Ewigkeit - die "Sanduhr" treibt meine Bekannte in den Wahn.

Es wurden schon Scans mit Malwarebytes, ESET und Stinger etc. durchgeführt, das Gefundene wurde bereinigt. Ich verfüge über einige Logs, die gespeichert wurden. Leider nicht von Malwarebytes. Da habe ich nur eine .dat Datei.

Könntet ihr mir bitte helfen, das System zu prüfen und evtl. zu bereinigen?

Ich habe den CCleaner benutzt, aber NICHT für die Registry (allerdings ein Held vor mir schon). Browser (sie hat IE und Firefox) manuell bereinigt und alles zurückgesetzt. Hat schon etwas geholfen; zumindest Seitenaufbau deutlich schneller.

Ach ja: Es waren mehrere Windows-Updates nicht installiert. Das habe ich geändert. Ich habe nach Updates gesucht - mehrfach. Jetzt ist alles up to date.

Hier die Logs. Erst Stinger:

Code:

ATTFilter

McAfee Stinger Scan Resultsfile:///C:/Users/Lena/AppData/Local/Temp/Stinger_23092014_194924...

AV Engine version v5700.7147 for Windows. Virus data file v1000.0 created on Sep 19, 2014 Ready to scan for 6364 viruses, trojans and variants.
Rootkit scan result : Clean.
Summary Report on C: File(s) TotalFiles:............965650

Trojan Remover:

Code:

ATTFilter

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 13:06:46 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
13:06:51: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
13:06:51: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
13:06:52: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2871808 bytes
Created:  31.10.2011 21:06
Modified: 25.02.2011 08:19
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe
30720 bytes
Created:  02.11.2011 20:41
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [ATKOSD2]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
5732992 bytes
Created:  17.08.2010 15:55
Modified: 17.08.2010 15:55
Company:  ASUS
--------------------
Value Name: [ATKMEDIA]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
170624 bytes
Created:  07.10.2010 15:05
Modified: 07.10.2010 15:05
Company:  ASUS
--------------------
Value Name: [HControlUser]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
105016 bytes
Created:  19.06.2009 11:29
Modified: 19.06.2009 11:29
Company:  ASUS
--------------------
Value Name: [Avira Systray]
Value Data: [C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe]
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
164656 bytes
Created:  17.09.2014 13:31
Modified: 17.09.2014 13:31
Company:  Avira Operations GmbH & Co. KG
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
751184 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [EPLTarget\P0000000000000000]
Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"]
C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
Value Name: [EPLTarget\P0000000000000001]
Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" /EF "HKCU"]
C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
13:06:58: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [AmIcoSinglun64]
Value Data: [C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe]
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
324096 bytes
Created:  11.08.2010 15:21
Modified: 11.08.2010 15:21
Company:  Alcor Micro Corp.
--------------------
Value Name: [ETDCtrl]
Value Data: [%ProgramFiles%\Elantech\ETDCtrl.exe]
C:\Program Files\Elantech\ETDCtrl.exe
2587944 bytes
Created:  13.12.2010 22:12
Modified: 13.12.2010 22:12
Company:  ELAN Microelectronics Corp.
--------------------
Value Name: [IgfxTray]
Value Data: ["C:\Windows\system32\igfxtray.exe"]
C:\Windows\System32\igfxtray.exe
171992 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Value Name: [HotKeysCmds]
Value Data: ["C:\Windows\system32\hkcmd.exe"]
C:\Windows\System32\hkcmd.exe
399832 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Value Name: [Persistence]
Value Data: ["C:\Windows\system32\igfxpers.exe"]
C:\Windows\System32\igfxpers.exe
442328 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
13:07:01: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
13:07:01: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
13:07:01: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
13:07:01: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]
----------

************************************************************
13:07:02: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
13:07:14: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       03e661da
ImagePath: "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
c:\progra~3\winfil~1\WinFilterSvc.dll - [file not found to scan]
----------

************************************************************
13:07:41: Scanning -----VXD ENTRIES-----

************************************************************
13:07:41: Scanning ----- ContextMenuHandlers -----

************************************************************
13:07:41: Scanning ----- Folder\ColumnHandlers -----

************************************************************
13:07:41: Scanning ----- 64-Bit ContextMenuHandlers -----
Key:   Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path:  C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
2591824 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
----------

************************************************************
13:07:42: Scanning ----- 64-Bit Folder\ColumnHandlers -----

************************************************************
13:07:42: Scanning ----- Browser Helper Objects -----
Key: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
BHO: C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
96128 bytes
Created:  09.04.2014 15:12
Modified: 09.04.2014 15:12
Company:  McAfee, Inc.
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
562904 bytes
Created:  06.03.2013 08:37
Modified: 06.03.2013 08:37
Company:  Microsoft Corporation
----------

************************************************************
13:07:43: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
690392 bytes
Created:  06.03.2013 08:39
Modified: 06.03.2013 08:39
Company:  Microsoft Corporation
----------

************************************************************
13:07:43: Scanning ----- ShellServiceObjectDelayLoad Entries -----

************************************************************
13:07:43: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

************************************************************
13:07:43: Scanning ----- ShellServiceObjects -----

************************************************************
13:07:55: Scanning ----- 64-Bit ShellServiceObjects -----

************************************************************
13:08:05: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
13:08:05: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
13:08:05: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll]
File: c:\windows\syswow64\nvinit.dll
c:\windows\syswow64\nvinit.dll
201576 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------
File: C:\Windows\SysWOW64\nvinit.dll
C:\Windows\SysWOW64\nvinit.dll
201576 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------

************************************************************
13:08:06: Scanning ----- 64-Bit APPINIT_DLLS -----
AppInitDLLs entry = [C:\Windows\system32\nvinitx.dll]
File: C:\Windows\system32\nvinitx.dll
C:\Windows\System32\nvinitx.dll
245872 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------

************************************************************
13:08:06: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
13:08:06: Scanning ----- CREDENTIAL PROVIDERS -----

************************************************************
13:08:08: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  14.07.2009 06:54
Modified: 14.07.2009 06:54
Company:  [no info]
--------------------
McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE
332016 bytes
Created:  09.04.2014 15:14
Modified: 09.04.2014 15:14
Company:  McAfee, Inc.
--------------------

************************************************************
13:08:08: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Lena
[C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  31.10.2011 20:00
Modified: 25.08.2014 20:08
Company:  [no info]
----------
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
228552 bytes
Created:  25.06.2013 21:48
Modified: 25.06.2013 21:48
Company:  Microsoft Corporation
----------
--------------------

************************************************************
13:08:08: Scanning ----- SCHEDULED TASKS -----
Taskname:      Adobe Flash Player Updater
File:          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
267440 bytes
Created:  03.10.2012 10:37
Modified: 21.09.2014 14:40
Company:  Adobe Systems Incorporated
Schedule:      At 01:43:00 every day
Next Run Time: 24.09.2014 13:43:00
Status:        Ready
Creator:       Adobe Systems Incorporated
Comments:      Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname:      ATKOSD2
File:          C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
5732992 bytes
Created:  17.08.2010 15:55
Modified: 17.08.2010 15:55
Company:  ASUS
Schedule:      At logon
Next Run Time: 
Status:        Running
Creator:       SSD, ASUSTek
Comments:      
----------

************************************************************
13:08:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
13:08:09: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File:  C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created:  14.07.2009 02:07
Modified: 14.07.2009 03:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------

************************************************************
13:08:10: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
642987 bytes
Created:  31.10.2011 20:00
Modified: 31.10.2011 20:00
Company:  [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Additional checks completed

************************************************************
13:08:11: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created:  15.09.2013 19:14
Modified: 02.08.2013 02:59
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created:  14.07.2009 01:19
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created:  14.07.2009 01:52
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created:  14.07.2009 01:19
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
455168 bytes
Created:  23.05.2014 21:50
Modified: 04.03.2014 11:43
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created:  23.05.2014 21:50
Modified: 12.04.2014 04:19
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created:  02.11.2011 20:41
Modified: 20.11.2010 15:24
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created:  14.07.2009 01:31
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\nvvsvc.exe
884512 bytes
Created:  28.01.2011 18:34
Modified: 14.03.2013 08:28
Company:  NVIDIA Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1134880 bytes
Created:  28.01.2011 18:33
Modified: 14.03.2013 08:29
Company:  NVIDIA Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
84536 bytes
Created:  15.06.2009 18:30
Modified: 15.06.2009 18:30
Company:  ASUS
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
96896 bytes
Created:  15.12.2009 11:39
Modified: 15.12.2009 11:39
Company:  ASUS
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created:  15.08.2012 11:53
Modified: 11.02.2012 08:36
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
430160 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created:  13.01.2013 12:25
Modified: 23.11.2012 05:13
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created:  14.07.2009 01:37
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
332016 bytes
Created:  09.04.2014 15:14
Modified: 09.04.2014 15:14
Company:  McAfee, Inc.
--------------------
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
228552 bytes
Created:  25.06.2013 21:48
Modified: 25.06.2013 21:48
Company:  Microsoft Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2450208 bytes
Created:  28.01.2011 18:34
Modified: 14.03.2013 08:29
Company:  NVIDIA Corporation
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
166528 bytes
Created:  25.01.2011 12:32
Modified: 25.01.2011 12:32
Company:  ASUS
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
430160 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
136576 bytes
Created:  17.03.2012 16:15
Modified: 24.04.2011 23:00
Company:  SEIKO EPSON CORPORATION
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
1809720 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
860472 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
6970168 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
161016 bytes
Created:  17.09.2014 13:31
Modified: 17.09.2014 13:31
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
2488888 bytes
Created:  19.06.2009 11:29
Modified: 19.06.2009 11:29
Company:  ASUS
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
174648 bytes
Created:  22.12.2008 18:15
Modified: 22.12.2008 18:15
Company:  ASUS
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
624432 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1260320 bytes
Created:  24.09.2014 00:02
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize:          5468008
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------

************************************************************
13:08:23: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
13:08:23: Checking ----- ROGUE BROWSER MODIFICATIONS -----

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 13:08:24 24 Sep 2014
Total Scan time: 00:01:37
************************************************************


======================================
[INCOMPLETE SCAN LOG RECOVERED]
======================================
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:31:25 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on C:\
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files already renamed by Trojan Remover.
------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[INCOMPLETE SCAN LOG RECOVERED]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:29:04 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
10:29:07: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
10:29:07: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
10:29:07: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2871808 bytes
Created:  31.10.2011 21:06
Modified: 25.02.2011 08:19
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe
30720 bytes
Created:  02.11.2011 20:41
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [ATKOSD2]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
5732992 bytes
Created:  17.08.2010 15:55
Modified: 17.08.2010 15:55
Company:  ASUS
--------------------
Value Name: [ATKMEDIA]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
170624 bytes
Created:  07.10.2010 15:05
Modified: 07.10.2010 15:05
Company:  ASUS
--------------------
Value Name: [HControlUser]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
105016 bytes
Created:  19.06.2009 11:29
Modified: 19.06.2009 11:29
Company:  ASUS
--------------------
Value Name: [Avira Systray]
Value Data: [C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe]
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
164656 bytes
Created:  17.09.2014 13:31
Modified: 17.09.2014 13:31
Company:  Avira Operations GmbH & Co. KG
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
751184 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
1666432 bytes
Created:  24.09.2014 10:13
Modified: 22.05.2014 19:53
Company:  Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [EPLTarget\P0000000000000000]
Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"]
C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
Value Name: [EPLTarget\P0000000000000001]
Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" /EF "HKCU"]
C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
10:29:13: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [AmIcoSinglun64]
Value Data: [C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe]
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
324096 bytes
Created:  11.08.2010 15:21
Modified: 11.08.2010 15:21
Company:  Alcor Micro Corp.
--------------------
Value Name: [ETDCtrl]
Value Data: [%ProgramFiles%\Elantech\ETDCtrl.exe]
C:\Program Files\Elantech\ETDCtrl.exe
2587944 bytes
Created:  13.12.2010 22:12
Modified: 13.12.2010 22:12
Company:  ELAN Microelectronics Corp.
--------------------
Value Name: [IgfxTray]
Value Data: ["C:\Windows\system32\igfxtray.exe"]
C:\Windows\System32\igfxtray.exe
171992 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Value Name: [HotKeysCmds]
Value Data: ["C:\Windows\system32\hkcmd.exe"]
C:\Windows\System32\hkcmd.exe
399832 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Value Name: [Persistence]
Value Data: ["C:\Windows\system32\igfxpers.exe"]
C:\Windows\System32\igfxpers.exe
442328 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
10:29:16: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
10:29:16: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
10:29:16: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
10:29:16: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]
----------

************************************************************
10:29:16: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
10:29:28: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       03e661da
ImagePath: "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
c:\progra~3\winfil~1\WinFilterSvc.dll - [file not found to scan]
----------

************************************************************
10:29:56: Scanning -----VXD ENTRIES-----

************************************************************
10:29:56: Scanning ----- ContextMenuHandlers -----

************************************************************
10:29:56: Scanning ----- Folder\ColumnHandlers -----

************************************************************
10:29:56: Scanning ----- 64-Bit ContextMenuHandlers -----
Key:   Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path:  C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
2591824 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
----------

************************************************************
10:29:56: Scanning ----- 64-Bit Folder\ColumnHandlers -----

************************************************************
10:29:56: Scanning ----- Browser Helper Objects -----
Key: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
BHO: C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
96128 bytes
Created:  09.04.2014 15:12
Modified: 09.04.2014 15:12
Company:  McAfee, Inc.
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
562904 bytes
Created:  06.03.2013 08:37
Modified: 06.03.2013 08:37
Company:  Microsoft Corporation
----------

************************************************************
10:29:57: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
690392 bytes
Created:  06.03.2013 08:39
Modified: 06.03.2013 08:39
Company:  Microsoft Corporation
----------

************************************************************
10:29:58: Scanning ----- ShellServiceObjectDelayLoad Entries -----

************************************************************
10:29:58: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

************************************************************
10:29:58: Scanning ----- ShellServiceObjects -----

************************************************************
10:30:10: Scanning ----- 64-Bit ShellServiceObjects -----

************************************************************
10:30:21: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
10:30:21: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
10:30:21: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll]
File: c:\windows\syswow64\nvinit.dll
c:\windows\syswow64\nvinit.dll
201576 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------
File: C:\Windows\SysWOW64\nvinit.dll
C:\Windows\SysWOW64\nvinit.dll
201576 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------

************************************************************
10:30:22: Scanning ----- 64-Bit APPINIT_DLLS -----
AppInitDLLs entry = [C:\Windows\system32\nvinitx.dll]
File: C:\Windows\system32\nvinitx.dll
C:\Windows\System32\nvinitx.dll
245872 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------

************************************************************
10:30:22: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
10:30:22: Scanning ----- CREDENTIAL PROVIDERS -----

************************************************************
10:30:27: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  14.07.2009 06:54
Modified: 14.07.2009 06:54
Company:  [no info]
--------------------
McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE
332016 bytes
Created:  09.04.2014 15:14
Modified: 09.04.2014 15:14
Company:  McAfee, Inc.
--------------------

************************************************************
10:30:28: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Lena
[C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  31.10.2011 20:00
Modified: 25.08.2014 20:08
Company:  [no info]
----------
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
228552 bytes
Created:  25.06.2013 21:48
Modified: 25.06.2013 21:48
Company:  Microsoft Corporation
----------
--------------------

************************************************************
10:30:29: Scanning ----- SCHEDULED TASKS -----
Taskname:      Adobe Flash Player Updater
File:          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
267440 bytes
Created:  03.10.2012 10:37
Modified: 21.09.2014 14:40
Company:  Adobe Systems Incorporated
Schedule:      At 01:43:00 every day
Next Run Time: 24.09.2014 10:43:00
Status:        Ready
Creator:       Adobe Systems Incorporated
Comments:      Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname:      ATKOSD2
File:          C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
5732992 bytes
Created:  17.08.2010 15:55
Modified: 17.08.2010 15:55
Company:  ASUS
Schedule:      At logon
Next Run Time: 
Status:        Running
Creator:       SSD, ASUSTek
Comments:      
----------

************************************************************
10:30:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
10:30:31: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File:  C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created:  14.07.2009 02:07
Modified: 14.07.2009 03:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------

************************************************************
10:30:32: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
642987 bytes
Created:  31.10.2011 20:00
Modified: 31.10.2011 20:00
Company:  [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Additional checks completed

************************************************************
10:30:33: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created:  15.09.2013 19:14
Modified: 02.08.2013 02:59
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created:  14.07.2009 01:19
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created:  14.07.2009 01:52
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created:  14.07.2009 01:19
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
455168 bytes
Created:  23.05.2014 21:50
Modified: 04.03.2014 11:43
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created:  23.05.2014 21:50
Modified: 12.04.2014 04:19
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created:  02.11.2011 20:41
Modified: 20.11.2010 15:24
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created:  14.07.2009 01:31
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\nvvsvc.exe
884512 bytes
Created:  28.01.2011 18:34
Modified: 14.03.2013 08:28
Company:  NVIDIA Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1134880 bytes
Created:  28.01.2011 18:33
Modified: 14.03.2013 08:29
Company:  NVIDIA Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
84536 bytes
Created:  15.06.2009 18:30
Modified: 15.06.2009 18:30
Company:  ASUS
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
96896 bytes
Created:  15.12.2009 11:39
Modified: 15.12.2009 11:39
Company:  ASUS
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created:  15.08.2012 11:53
Modified: 11.02.2012 08:36
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created:  14.07.2009 01:37
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
430160 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created:  13.01.2013 12:25
Modified: 23.11.2012 05:13
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
332016 bytes
Created:  09.04.2014 15:14
Modified: 09.04.2014 15:14
Company:  McAfee, Inc.
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2450208 bytes
Created:  28.01.2011 18:34
Modified: 14.03.2013 08:29
Company:  NVIDIA Corporation
--------------------
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
228552 bytes
Created:  25.06.2013 21:48
Modified: 25.06.2013 21:48
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
166528 bytes
Created:  25.01.2011 12:32
Modified: 25.01.2011 12:32
Company:  ASUS
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
430160 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
136576 bytes
Created:  17.03.2012 16:15
Modified: 24.04.2011 23:00
Company:  SEIKO EPSON CORPORATION
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
1809720 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
860472 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
161016 bytes
Created:  17.09.2014 13:31
Modified: 17.09.2014 13:31
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
6970168 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
2488888 bytes
Created:  19.06.2009 11:29
Modified: 19.06.2009 11:29
Company:  ASUS
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
174648 bytes
Created:  22.12.2008 18:15
Modified: 22.12.2008 18:15
Company:  ASUS
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
624432 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1260320 bytes
Created:  24.09.2014 00:02
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize:          5468008
[This is a Trojan Remover component]
--------------------
--------------------
C:\Program Files\Windows Defender\MpCmdRun.exe
190976 bytes
Created:  14.07.2009 01:53
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------

************************************************************
10:30:50: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
10:30:50: Checking ----- ROGUE BROWSER MODIFICATIONS -----

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 10:30:50 24 Sep 2014
Total Scan time: 00:01:45
************************************************************


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:28:43 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
The original HOSTS file has been backed up to C:\Windows\system32\Drivers\etc\hosts.trb
The HOSTS file has been reset to the default supplied by Microsoft
************************************************************


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:28:28 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
 - no action required on this key as it does not exist
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
 - no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
 - no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
 - no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
 - no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
 - no values to check [key does not exist]
----------
Checking Values in:
HKCU\Control Panel\Desktop
Value: WallpaperOriginX - value has been removed
Value: WallpaperOriginY - value has been removed
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
 - no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: DisallowRun            - value does not exist, no action required
Value: NoActiveDesktopChanges - value has been removed
Value: NoActiveDesktop        - value has been removed
Value: NoFileMenu             - value does not exist, no action required
Value: NoClose                - value does not exist, no action required
Value: NoDesktop              - value does not exist, no action required
Value: NoDrives               - value does not exist, no action required
Value: NoFind                 - value does not exist, no action required
Value: NoFolderOptions        - value does not exist, no action required
Value: NoRun                  - value does not exist, no action required
Value: NoFavoritesMenu        - value does not exist, no action required
Value: NoSetFolders           - value does not exist, no action required
Value: NoControlPanel         - value does not exist, no action required
Value: ForceActiveDesktopOn   - value has been removed
----------
Checking HKLM ActiveDesktop Policies:
Value: NoComponents                   - value has been removed
Value: NoAddingComponents             - value has been removed
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************************


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:28:19 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************************


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:27:57 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://www.google.com
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window_Placement" has been reset
--------------------
************************************************************

aswMBR

Code:

ATTFilter

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-23 22:24:43
-----------------------------
22:24:43.304    OS Version: Windows x64 6.1.7601 Service Pack 1
22:24:43.304    Number of processors: 4 586 0x2A07
22:24:43.304    ComputerName: LENA-PC  UserName: Lena
22:24:45.098    Initialize success
22:24:45.160    VM: initialized successfully
22:24:45.207    VM: Intel CPU supported 
22:24:50.444    VM: supported disk I/O ataport.SYS
22:25:07.234    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:25:07.249    Disk 0 Vendor: ST9500325AS 0003SDM1 Size: 476940MB BusType: 11
22:25:07.405    VM: Disk 0 MBR read successfully
22:25:07.405    Disk 0 MBR scan
22:25:07.405    Disk 0 Windows 7 default MBR code
22:25:07.436    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:25:07.452    Disk 0 default boot code
22:25:07.468    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
22:25:07.577    Disk 0 scanning C:\Windows\system32\drivers
22:25:15.704    Service scanning
22:25:35.064    Modules scanning
22:25:35.594    Disk 0 trace - called modules:
22:25:35.672    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
22:25:35.672    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800511f060]
22:25:35.688    3 CLASSPNP.SYS[fffff880015cb43f] -> nt!IofCallDriver -> [0xfffffa8004ad7520]
22:25:35.704    5 ACPI.sys[fffff88000ef27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ad6680]
22:25:35.719    Scan finished successfully
22:26:24.157    Disk 0 MBR has been saved successfully to "C:\Users\Lena\Documents\MBR.dat"
22:26:24.282    The log file has been saved successfully to "C:\Users\Lena\Documents\aswMBR.txt"

Ich hoffe, ich habe jetzt nichts falsch gemacht. Bitte um Nachsicht!

Viele Grüße

phoenixaz

schrauber · 24.09.2014, 21:53

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

phoenixaz · 25.09.2014, 13:19

Hallo Schrauber,

vielen Dank für Deine Hilfe.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Lena (administrator) on LENA-PC on 25-09-2014 14:11:40
Running from C:\Users\Lena\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\MountPoints2: D - D:\OblivionLauncher.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0A474F7721CCCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DC1792B2ADDD4F7A92C675CACEB4CFD2 URL = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQSNRS2wn&i=26
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SafeSearch - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\safesearch@avira.com [2014-09-23]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\achpabhngjadedgleiffefjcnkdlnlmn [2013-05-02]
CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpmkmcdokoghnccphoipjgdcommiomah [2014-01-01]
CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfgjeakafobopncbiopgikmdmgcpkdm [2013-05-02]
CHR Extension: (Facebook Platinum) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld [2014-09-12]
CHR Extension: (FindBiestDeAL) - C:\ProgramData\akllocijhjckflgnalkmmbelgejbmbcm\ [2014-09-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 14:11 - 2014-09-25 14:12 - 00014418 _____ () C:\Users\Lena\Downloads\FRST.txt
2014-09-25 14:11 - 2014-09-25 14:11 - 00000000 ____D () C:\FRST
2014-09-25 14:09 - 2014-09-25 14:09 - 02106880 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-09-24 12:57 - 2014-09-25 13:37 - 00000112 _____ () C:\Windows\setupact.log
2014-09-24 12:57 - 2014-09-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 11:55 - 2014-09-24 11:55 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-09-24 11:52 - 2014-09-24 11:52 - 00002200 _____ () C:\Users\Lena\Documents\cc_20140924_115232.reg
2014-09-24 10:28 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.trb
2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Simply Super Software
2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-09-24 09:56 - 2014-09-24 09:58 - 21657592 _____ (Simply Super Software ) C:\Users\Lena\Downloads\trjsetup691.exe
2014-09-24 00:37 - 2014-09-24 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-24 00:35 - 2014-09-24 00:35 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-09-24 00:24 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-24 00:24 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-24 00:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-24 00:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-24 00:17 - 2014-09-24 00:22 - 319671744 _____ (NVIDIA Corporation) C:\Users\Lena\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe
2014-09-23 23:54 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-23 23:54 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-23 23:54 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-23 23:54 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-23 23:54 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-23 23:54 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-23 23:54 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-23 23:54 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-23 23:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-23 23:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-23 23:54 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-23 23:54 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-23 23:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-23 23:54 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-23 23:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-23 23:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-23 23:52 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-23 23:52 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-23 23:52 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-23 23:52 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-23 23:51 - 2014-09-23 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-23 23:46 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-23 23:46 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-23 23:45 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-23 23:45 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 23:43 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 23:43 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 23:40 - 2014-09-23 23:40 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Avira
2014-09-23 23:37 - 2014-09-23 23:36 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-23 23:33 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-23 23:33 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-23 23:33 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-23 22:54 - 2014-09-25 13:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 22:54 - 2014-09-23 22:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-23 22:54 - 2014-09-23 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-23 22:53 - 2014-09-23 22:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-23 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-23 22:48 - 2014-09-23 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\ProgramData\Avira
2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-23 22:48 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-23 22:47 - 2014-09-23 22:47 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lena\Downloads\avira_de_av___ws.exe
2014-09-23 22:42 - 2014-09-23 22:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 22:27 - 2014-09-23 22:29 - 00000000 ____D () C:\AdwCleaner
2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\Users\Lena\Documents\Simply Super Software
2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-23 22:26 - 2014-09-23 22:26 - 00001812 _____ () C:\Users\Lena\Documents\aswMBR.txt
2014-09-23 22:26 - 2014-09-23 22:26 - 00000512 _____ () C:\Users\Lena\Documents\MBR.dat
2014-09-23 22:22 - 2014-09-23 22:22 - 00157069 _____ () C:\Users\Lena\Documents\Stingerlog.xps
2014-09-23 19:49 - 2014-09-23 22:22 - 00000000 ____D () C:\Program Files\stinger
2014-09-21 14:59 - 2014-09-21 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 19:34 - 2014-09-12 19:34 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\FUJIFILM
2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Users\Lena\AppData\Local\Packages
2014-09-10 23:05 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:05 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:05 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:05 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:05 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:05 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:05 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:05 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:05 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:05 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:05 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:05 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:05 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:05 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:05 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:05 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:05 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:05 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:05 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:05 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:05 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:05 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:05 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:05 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:05 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:05 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:05 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:05 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:05 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:05 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:05 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:05 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:05 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:05 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:05 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:05 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:05 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:05 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:05 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:05 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:05 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:05 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:05 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:05 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:05 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:05 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:05 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:05 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:05 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:05 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:05 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:05 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:05 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:05 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:05 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:05 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:54 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:54 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 16:29 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 16:29 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 16:28 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 16:28 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 16:28 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 16:28 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 16:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 16:28 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 16:28 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 16:28 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 16:28 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-28 15:10 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:10 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:10 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 14:12 - 2014-09-25 14:11 - 00014418 _____ () C:\Users\Lena\Downloads\FRST.txt
2014-09-25 14:11 - 2014-09-25 14:11 - 00000000 ____D () C:\FRST
2014-09-25 14:11 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-25 14:11 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-25 14:11 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 14:09 - 2014-09-25 14:09 - 02106880 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-09-25 13:47 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 13:47 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 13:45 - 2014-03-05 13:58 - 01885194 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 13:43 - 2012-10-03 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 13:41 - 2014-09-23 22:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 13:37 - 2014-09-24 12:57 - 00000112 _____ () C:\Windows\setupact.log
2014-09-25 13:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 07:54 - 2013-05-02 16:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-24 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 12:57 - 2014-09-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 11:55 - 2014-09-24 11:55 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-09-24 11:52 - 2014-09-24 11:52 - 00002200 _____ () C:\Users\Lena\Documents\cc_20140924_115232.reg
2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Simply Super Software
2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-09-24 09:58 - 2014-09-24 09:56 - 21657592 _____ (Simply Super Software ) C:\Users\Lena\Downloads\trjsetup691.exe
2014-09-24 07:11 - 2011-11-01 10:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-24 03:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 00:37 - 2014-09-24 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-24 00:35 - 2014-09-24 00:35 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-09-24 00:29 - 2009-07-14 06:45 - 00341792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-24 00:22 - 2014-09-24 00:17 - 319671744 _____ (NVIDIA Corporation) C:\Users\Lena\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe
2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\system32\NV
2014-09-24 00:10 - 2011-10-31 20:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-24 00:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-23 23:57 - 2011-10-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-23 23:51 - 2014-09-23 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-23 23:48 - 2011-10-31 21:19 - 00009872 _____ () C:\Windows\system32\RaCoInst.log
2014-09-23 23:40 - 2014-09-23 23:40 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Avira
2014-09-23 23:36 - 2014-09-23 23:37 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-23 23:34 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-23 23:33 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Avira
2014-09-23 23:33 - 2014-09-23 22:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-23 23:27 - 2014-01-05 11:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-23 22:54 - 2014-09-23 22:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-23 22:54 - 2014-09-23 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-23 22:54 - 2014-09-23 22:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-23 22:53 - 2014-01-25 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 22:49 - 2014-09-23 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 22:48 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-23 22:47 - 2014-09-23 22:47 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lena\Downloads\avira_de_av___ws.exe
2014-09-23 22:29 - 2014-09-23 22:27 - 00000000 ____D () C:\AdwCleaner
2014-09-23 22:29 - 2011-10-31 20:54 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\Users\Lena\Documents\Simply Super Software
2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-23 22:26 - 2014-09-23 22:26 - 00001812 _____ () C:\Users\Lena\Documents\aswMBR.txt
2014-09-23 22:26 - 2014-09-23 22:26 - 00000512 _____ () C:\Users\Lena\Documents\MBR.dat
2014-09-23 22:22 - 2014-09-23 22:22 - 00157069 _____ () C:\Users\Lena\Documents\Stingerlog.xps
2014-09-23 22:22 - 2014-09-23 19:49 - 00000000 ____D () C:\Program Files\stinger
2014-09-23 20:21 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\akllocijhjckflgnalkmmbelgejbmbcm
2014-09-22 15:46 - 2013-03-01 15:23 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Skype
2014-09-21 16:26 - 2011-10-31 20:00 - 00000000 ____D () C:\Users\Lena
2014-09-21 16:05 - 2012-05-25 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 15:00 - 2014-09-21 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 14:40 - 2012-10-03 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-21 14:40 - 2012-10-03 10:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-21 14:40 - 2011-12-31 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 09:06 - 2011-10-31 20:53 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:33 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\ce4c029df8982a8f
2014-09-12 19:34 - 2014-09-12 19:34 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\FUJIFILM
2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Users\Lena\AppData\Local\Packages
2014-09-10 23:04 - 2012-09-03 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 23:03 - 2011-11-01 10:02 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:00 - 2013-07-30 18:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:54 - 2014-05-31 21:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 22:54 - 2012-02-22 18:06 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 00:11 - 2014-09-23 23:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 23:47 - 2014-09-23 23:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-05 04:10 - 2014-09-10 16:28 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 16:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 21:57 - 2014-07-10 13:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-01 21:57 - 2013-03-01 15:23 - 00000000 ____D () C:\ProgramData\Skype
2014-08-28 15:01 - 2013-08-14 16:32 - 00000000 ____D () C:\Users\Lena\Documents\Neuer Ordner (4)

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\avgnt.exe
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-24 03:00

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Lena at 2014-09-25 14:13:06
Running from C:\Users\Lena\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Avira (HKLM-x32\...\{149bb302-ebda-47ae-b3e6-297cf4c356dc}) (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)
Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
FUJIFILM MyFinePix Studio 3.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (7.0.1) (HKLM-x32\...\Mozilla Thunderbird (7.0.1)) (Version: 7.0.1 (de) - Mozilla)
NVIDIA Grafiktreiber 311.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.44 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.44 (Version: 311.44 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
RAW FILE CONVERTER EX powered by SILKYPIX (HKLM-x32\...\InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}) (Version: 3 - Ichikawa Soft Laboratory)
RAW FILE CONVERTER EX powered by SILKYPIX (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-09-2014 18:14:00 Windows Update
10-09-2014 14:29:29 Windows Update
10-09-2014 20:52:50 Windows Update
16-09-2014 17:44:18 Windows Update
21-09-2014 12:51:08 Windows Update
23-09-2014 21:46:27 Windows Update
23-09-2014 22:24:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-24 10:28 - 00000975 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D4B9AB9-E80F-45C1-BE89-B1978FB4EE0C} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {46CC7F1F-4AB5-4AB1-A0E0-9D2004BEB72C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-24 00:01 - 2013-03-14 08:28 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-10-31 20:29 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-17 13:31 - 2014-09-17 13:31 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-23 23:35 - 2014-09-17 13:31 - 00052472 _____ () C:\Users\Lena\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-17 13:30 - 2014-09-17 13:30 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Lena:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\Users\Lena\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Lena\Cookies:gs5sys
AlternateDataStreams: C:\Users\Lena\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Lena\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Lena\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Lena\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Lena\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Lena\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Lena\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Lena\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 70e6ca8c => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Lena\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TrojanScanner => C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2014 05:35:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (09/25/2014 01:39:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.

Error: (09/25/2014 01:38:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.

Error: (09/24/2014 01:00:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/24/2014 01:00:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (09/24/2014 00:58:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.

Error: (09/24/2014 08:11:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.

Error: (09/24/2014 00:31:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.

Error: (09/24/2014 00:30:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.

Error: (09/24/2014 00:09:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.

Error: (09/24/2014 00:07:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinFilter erreicht.


Microsoft Office Sessions:
=========================
Error: (09/25/2014 05:35:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/24/2014 01:00:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (09/24/2014 01:00:42 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 4008.14 MB
Available physical RAM: 2619.04 MB
Total Pagefile: 8014.47 MB
Available Pagefile: 6217.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:375.29 GB) NTFS
Drive e: () (Fixed) (Total:29.8 GB) (Free:14.88 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 19871CA2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: C1D699A9)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== End Of Log ============================

Gruß!

schrauber · 25.09.2014, 19:07

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

phoenixaz · 26.09.2014, 10:53

Hi,

das Erstellen der Textdatei hat aber lange gedauert!

Code:

ATTFilter

ComboFix 14-09-24.01 - Lena 26.09.2014  11:05:56.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4008.2695 [GMT 2:00]
ausgeführt von:: c:\users\Lena\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld
c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\background.html
c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\content.js
c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\lsdb.js
c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\manifest.json
c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\118\okmw3qwh6u.js
c:\users\Lena\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Lena\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Lena\Documents\~WRL2279.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-26 bis 2014-09-26  ))))))))))))))))))))))))))))))
.
.
2014-09-26 09:19 . 2014-09-26 09:26	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-09-26 08:56 . 2014-09-15 00:08	11578928	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AEE5AA7-C913-41BC-9AFE-85E88A274900}\mpengine.dll
2014-09-25 12:11 . 2014-09-25 12:13	--------	d-----w-	C:\FRST
2014-09-24 08:13 . 2014-09-26 08:53	--------	d-----w-	c:\program files (x86)\Trojan Remover
2014-09-23 22:37 . 2014-09-23 22:37	--------	d-----w-	c:\program files (x86)\ESET
2014-09-23 22:24 . 2014-01-09 02:22	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-09-23 22:24 . 2014-01-03 22:44	6574592	----a-w-	c:\windows\system32\mstscax.dll
2014-09-23 22:24 . 2014-05-08 09:32	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2014-09-23 22:24 . 2014-05-08 09:32	3178496	----a-w-	c:\windows\system32\rdpcorets.dll
2014-09-23 21:52 . 2012-08-23 14:10	19456	----a-w-	c:\windows\system32\drivers\rdpvideominiport.sys
2014-09-23 21:52 . 2012-08-23 11:12	192000	----a-w-	c:\windows\SysWow64\rdpendp_winip.dll
2014-09-23 21:52 . 2012-08-23 14:13	243200	----a-w-	c:\windows\system32\rdpudd.dll
2014-09-23 21:52 . 2012-08-23 10:51	228864	----a-w-	c:\windows\system32\rdpendp_winip.dll
2014-09-23 21:48 . 2014-09-23 21:48	--------	d-----w-	c:\program files\Microsoft Silverlight
2014-09-23 21:48 . 2014-09-23 21:48	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2014-09-23 21:45 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-09-23 21:45 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDTAT.DLL
2014-09-23 21:45 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDRU1.DLL
2014-09-23 21:45 . 2014-07-09 02:03	6656	----a-w-	c:\windows\system32\KBDRU.DLL
2014-09-23 21:45 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-09-23 21:45 . 2014-07-09 01:31	7168	----a-w-	c:\windows\SysWow64\KBDYAK.DLL
2014-09-23 21:45 . 2014-07-09 01:31	6656	----a-w-	c:\windows\SysWow64\KBDBASH.DLL
2014-09-23 21:45 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2014-09-23 21:45 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-23 21:43 . 2014-09-09 22:11	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-23 21:43 . 2014-09-09 21:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-23 21:40 . 2014-09-23 21:40	--------	d-----w-	c:\users\Lena\AppData\Roaming\Avira
2014-09-23 21:37 . 2014-09-23 21:36	42040	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-09-23 21:33 . 2014-08-15 08:30	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-09-23 21:33 . 2014-08-15 08:30	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-09-23 21:33 . 2014-08-15 08:30	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-09-23 20:54 . 2014-09-26 09:24	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-23 20:53 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-09-23 20:53 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-23 20:53 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-23 20:53 . 2014-09-23 20:54	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-09-23 20:48 . 2014-09-23 21:33	--------	d-----w-	c:\program files (x86)\Avira
2014-09-23 20:48 . 2014-09-23 21:33	--------	d-----w-	c:\programdata\Avira
2014-09-23 20:48 . 2014-09-23 20:48	--------	d-----w-	c:\programdata\Package Cache
2014-09-23 20:27 . 2014-09-23 20:29	--------	d-----w-	C:\AdwCleaner
2014-09-23 20:27 . 2014-09-23 20:27	--------	d-----w-	c:\programdata\Licenses
2014-09-23 17:49 . 2014-09-23 20:22	--------	d-----w-	c:\program files\stinger
2014-09-12 17:34 . 2014-09-12 17:34	--------	d-----w-	c:\users\Lena\AppData\Roaming\FUJIFILM
2014-09-12 17:19 . 2014-09-12 17:19	--------	d-----w-	c:\users\Lena\AppData\Local\Packages
2014-09-10 20:54 . 2014-06-27 02:08	2777088	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-09-10 20:54 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 14:29 . 2014-08-01 11:53	1031168	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-10 14:29 . 2014-08-01 11:35	793600	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 14:28 . 2014-06-24 03:29	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-09-10 14:28 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-09-10 14:28 . 2014-07-07 02:06	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-09-10 14:28 . 2014-07-07 01:40	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-09-10 14:28 . 2014-07-07 02:06	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-10 14:28 . 2014-07-07 01:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-09-10 14:28 . 2014-07-07 01:39	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-09-10 14:28 . 2014-09-05 02:10	578048	----a-w-	c:\windows\system32\aepdu.dll
2014-09-10 14:28 . 2014-09-05 02:05	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-09-01 19:57 . 2014-09-01 19:57	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-08-28 13:10 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-28 13:10 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-28 13:10 . 2014-08-23 01:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-21 12:40 . 2012-10-03 08:37	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-21 12:40 . 2011-12-31 19:37	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 07:06 . 2011-10-31 18:53	278152	------w-	c:\windows\system32\MpSigStub.exe
2014-09-10 20:54 . 2012-02-22 16:06	101694776	----a-w-	c:\windows\system32\MRT.exe
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 02:02 . 2014-08-25 13:41	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-25 13:41	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-06-30 22:24 . 2014-08-25 13:38	8856	----a-w-	c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-25 13:38	8856	----a-w-	c:\windows\SysWow64\icardres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2011-04-24 239488]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2011-04-24 239488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-17 164656]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]
.
c:\users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
R2 03e661da;WinFilter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 12:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-26  11:39:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-26 09:39
.
Vor Suchlauf: 12 Verzeichnis(se), 402.733.633.536 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 402.263.003.136 Bytes frei
.
- - End Of File - - F9FC834AAD22E26D1C66DB8C7106CD7B
A36C5E4F47E84449FF07ED3517B43A31

Als ich das Laptop heute für die nächsten Schritte hochgefahren habe, war alles noch langsamer. Das Öffnen eines Browsers dauerte eine Ewigkeit und Avira deaktivieren war ein Kraftakt. Sowas habe ich noch nie erlebt

DANKE!!

schrauber · 26.09.2014, 15:58

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

phoenixaz · 26.09.2014, 18:58

Hallo,

hier das Gewünschte:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.09.2014
Suchlauf-Zeit: 17:48:23
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.26.06
Rootkit Datenbank: v2014.09.19.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lena

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 362116
Verstrichene Zeit: 15 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.310 - Bericht erstellt am 26/09/2014 um 18:12:30
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lena - LENA-PC
# Gestartet von : C:\Users\Lena\Downloads\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 de)

[ Datei : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [9448 octets] - [23/09/2014 22:28:01]
AdwCleaner[R1].txt - [991 octets] - [26/09/2014 18:11:14]
AdwCleaner[S0].txt - [8422 octets] - [23/09/2014 22:29:22]
AdwCleaner[S1].txt - [913 octets] - [26/09/2014 18:12:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [972 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.2 (09.26.2014:2)
OS: Windows 7 Home Premium x64
Ran by Lena on 26.09.2014 at 19:34:11,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904460}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\v2bg45cj.default-1390676715652\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.6.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Lena\\\\A
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"148a446f90c54-0b009149d108dc8-41534136-0-148a446f90d63\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1412110195");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"5bd48e1fd1bc80f051011e6bef792fde97056872\"");
user_pref("extensions.safesearch.SAUTH_userid", "4321486670");
user_pref("extensions.safesearch.SAUTH_utoken", "\"1ac1dc036e18323f339716c6ebc1784ed9e02def\"");
user_pref("extensions.safesearch.install", "1411505387803");
Emptied folder: C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\v2bg45cj.default-1390676715652\minidumps [55 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.09.2014 at 19:37:19,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Lena (administrator) on LENA-PC on 26-09-2014 19:48:55
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena & UpdatusUser (Available profiles: Lena & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0A474F7721CCCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DC1792B2ADDD4F7A92C675CACEB4CFD2 URL = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQSNRS2wn&i=26
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SafeSearch - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\safesearch@avira.com [2014-09-23]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\achpabhngjadedgleiffefjcnkdlnlmn [2013-05-02]
CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpmkmcdokoghnccphoipjgdcommiomah [2014-01-01]
CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfgjeakafobopncbiopgikmdmgcpkdm [2013-05-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 19:48 - 2014-09-26 19:48 - 02108928 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2014-09-26 19:48 - 2014-09-26 19:48 - 00013787 _____ () C:\Users\Lena\Desktop\FRST.txt
2014-09-26 19:47 - 2014-09-26 19:47 - 00002297 _____ () C:\Users\Lena\Desktop\JRTaktuell.txt
2014-09-26 19:37 - 2014-09-26 19:37 - 00002297 _____ () C:\Users\Lena\Desktop\JRT.txt
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Windows\ERUNT
2014-09-26 19:33 - 2014-09-26 19:33 - 01699118 _____ (Thisisu) C:\Users\Lena\Desktop\JRT.exe
2014-09-26 19:31 - 2014-09-26 19:31 - 01699118 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-09-26 19:29 - 2014-09-26 19:29 - 00001051 _____ () C:\Users\Lena\Desktop\AdwCleaner[S1].txt
2014-09-26 18:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-26 18:09 - 2014-09-26 18:09 - 01373475 _____ () C:\Users\Lena\Downloads\AdwCleaner.exe
2014-09-26 18:06 - 2014-09-26 18:06 - 00001154 _____ () C:\Users\Lena\Desktop\mbam.txt
2014-09-26 17:19 - 2014-09-26 17:24 - 00000026 _____ () C:\Users\Lena\Desktop\FreeMem.vbs
2014-09-26 11:45 - 2014-09-26 11:45 - 00016987 _____ () C:\Users\Lena\Documents\Combofix.txt
2014-09-26 11:39 - 2014-09-26 11:39 - 00016987 _____ () C:\ComboFix.txt
2014-09-26 11:20 - 2014-09-26 18:13 - 00001770 _____ () C:\Windows\PFRO.log
2014-09-26 10:59 - 2014-09-26 11:40 - 00000000 ____D () C:\Qoobox
2014-09-26 10:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-26 10:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-26 10:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-26 10:58 - 2014-09-26 11:34 - 00000000 ____D () C:\Windows\erdnt
2014-09-26 10:58 - 2014-09-26 10:58 - 00001142 _____ () C:\Users\Lena\Desktop\ComboFix.lnk
2014-09-26 10:56 - 2014-09-26 10:57 - 05580995 ____R (Swearware) C:\Users\Lena\Downloads\ComboFix.exe
2014-09-25 14:13 - 2014-09-25 14:13 - 00030191 _____ () C:\Users\Lena\Downloads\Addition.txt
2014-09-25 14:11 - 2014-09-26 19:48 - 00000000 ____D () C:\FRST
2014-09-25 14:11 - 2014-09-25 14:13 - 00041923 _____ () C:\Users\Lena\Downloads\FRST.txt
2014-09-25 14:09 - 2014-09-25 14:09 - 02106880 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-09-24 12:57 - 2014-09-26 18:13 - 00000448 _____ () C:\Windows\setupact.log
2014-09-24 12:57 - 2014-09-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 11:55 - 2014-09-24 11:55 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-09-24 11:52 - 2014-09-24 11:52 - 00002200 _____ () C:\Users\Lena\Documents\cc_20140924_115232.reg
2014-09-24 10:28 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.trb
2014-09-24 10:13 - 2014-09-26 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-09-24 09:56 - 2014-09-24 09:58 - 21657592 _____ (Simply Super Software ) C:\Users\Lena\Downloads\trjsetup691.exe
2014-09-24 00:37 - 2014-09-24 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-24 00:35 - 2014-09-24 00:35 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-09-24 00:24 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-24 00:24 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-24 00:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-24 00:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-24 00:17 - 2014-09-24 00:22 - 319671744 _____ (NVIDIA Corporation) C:\Users\Lena\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe
2014-09-23 23:54 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-23 23:54 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-23 23:54 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-23 23:54 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-23 23:54 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-23 23:54 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-23 23:54 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-23 23:54 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-23 23:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-23 23:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-23 23:54 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-23 23:54 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-23 23:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-23 23:54 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-23 23:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-23 23:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-23 23:52 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-23 23:52 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-23 23:52 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-23 23:52 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-23 23:51 - 2014-09-23 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-23 23:46 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-23 23:46 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-23 23:45 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-23 23:45 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 23:43 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 23:43 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 23:40 - 2014-09-23 23:40 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Avira
2014-09-23 23:37 - 2014-09-23 23:36 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-23 23:33 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-23 23:33 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-23 23:33 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-23 22:54 - 2014-09-26 19:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 22:54 - 2014-09-23 22:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-23 22:54 - 2014-09-23 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-23 22:53 - 2014-09-23 22:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-23 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-23 22:48 - 2014-09-23 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\ProgramData\Avira
2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-23 22:48 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-23 22:47 - 2014-09-23 22:47 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lena\Downloads\avira_de_av___ws.exe
2014-09-23 22:42 - 2014-09-23 22:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 22:27 - 2014-09-26 18:12 - 00000000 ____D () C:\AdwCleaner
2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-23 22:26 - 2014-09-23 22:26 - 00001812 _____ () C:\Users\Lena\Documents\aswMBR.txt
2014-09-23 22:26 - 2014-09-23 22:26 - 00000512 _____ () C:\Users\Lena\Documents\MBR.dat
2014-09-23 22:22 - 2014-09-23 22:22 - 00157069 _____ () C:\Users\Lena\Documents\Stingerlog.xps
2014-09-23 19:49 - 2014-09-23 22:22 - 00000000 ____D () C:\Program Files\stinger
2014-09-21 14:59 - 2014-09-21 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 19:34 - 2014-09-12 19:34 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\FUJIFILM
2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Users\Lena\AppData\Local\Packages
2014-09-10 23:05 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:05 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:05 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:05 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:05 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:05 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:05 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:05 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:05 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:05 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:05 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:05 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:05 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:05 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:05 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:05 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:05 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:05 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:05 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:05 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:05 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:05 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:05 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:05 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:05 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:05 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:05 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:05 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:05 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:05 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:05 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:05 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:05 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:05 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:05 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:05 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:05 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:05 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:05 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:05 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:05 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:05 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:05 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:05 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:05 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:05 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:05 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:05 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:05 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:05 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:05 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:05 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:05 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:05 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:05 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:05 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:54 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:54 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 16:29 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 16:29 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 16:28 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 16:28 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 16:28 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 16:28 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 16:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 16:28 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 16:28 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 16:28 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 16:28 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-28 15:10 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:10 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:10 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 19:43 - 2012-10-03 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 18:28 - 2014-03-05 13:58 - 01942569 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 18:23 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 18:23 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 18:19 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-26 18:19 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-26 18:19 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 18:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 11:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-26 11:24 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-26 11:09 - 2013-05-02 16:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-24 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 07:11 - 2011-11-01 10:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-24 03:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 00:29 - 2009-07-14 06:45 - 00341792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\system32\NV
2014-09-24 00:10 - 2011-10-31 20:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-24 00:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-23 23:57 - 2011-10-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-23 23:48 - 2011-10-31 21:19 - 00009872 _____ () C:\Windows\system32\RaCoInst.log
2014-09-23 23:27 - 2014-01-05 11:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-23 22:53 - 2014-01-25 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 22:29 - 2011-10-31 20:54 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-23 20:21 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\akllocijhjckflgnalkmmbelgejbmbcm
2014-09-22 15:46 - 2013-03-01 15:23 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Skype
2014-09-21 16:26 - 2011-10-31 20:00 - 00000000 ____D () C:\Users\Lena
2014-09-21 16:05 - 2012-05-25 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 14:40 - 2012-10-03 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-21 14:40 - 2012-10-03 10:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-21 14:40 - 2011-12-31 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 09:06 - 2011-10-31 20:53 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:33 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\ce4c029df8982a8f
2014-09-10 23:04 - 2012-09-03 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 23:03 - 2011-11-01 10:02 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:00 - 2013-07-30 18:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:54 - 2014-05-31 21:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 22:54 - 2012-02-22 18:06 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-01 21:57 - 2014-07-10 13:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-01 21:57 - 2013-03-01 15:23 - 00000000 ____D () C:\ProgramData\Skype
2014-08-28 15:01 - 2013-08-14 16:32 - 00000000 ____D () C:\Users\Lena\Documents\Neuer Ordner (4)

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\avgnt.exe
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:20

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß!

schrauber · 27.09.2014, 19:07

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

phoenixaz · 28.09.2014, 12:19

Hi,

wird erledigt. ESET wird aber über Nacht laufen. ESET und ich sind gute Freunde ;-)

Was meinst Du mit "noch Probleme"? Bezieht sich das auf das Ergebnis nach Deinen Anweisungen?

Melde mich mit den Logs zurück. Eine Frage noch zwischendurch: Meine Bekannte hatte schon öfter schwerwiegende Infektionen - die allerdings ihr Sohn "behandelt" hat. Kann es sein, dass sich z.B. ein Rootkit "eingefressen" hat und die Störungen verursacht? Trotz der bisherigen Rootkit Scans?

Danke und Gute Nacht!!

Hallo,

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=41b28b62529e1341a5de6da7dd975d78
# engine=20268
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-24 12:15:06
# local_time=2014-09-24 02:15:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 7771 3426303 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1134837 105695316 0 0
# scanned=173771
# found=5
# cleaned=4
# scan_time=5748
sh=74E7D99D3B29F1E124EBDCA6BE0184E24619EC5E ft=1 fh=57c05034de303995 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NI51GLP8\update[1]"
sh=060EF6FD539D3E1902185F691DD3D902FA4311D4 ft=1 fh=c71c0011caae087f vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WinFilter\WinFilter_x64.dll.vir"
sh=509EDE077A6FB3A8F89302460BD96A18471A6DAA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\achpabhngjadedgleiffefjcnkdlnlmn\1\5182817601da28.64750218.js"
sh=DC0B55BE7DC20FEF17431AD6E81539CF38967902 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfgjeakafobopncbiopgikmdmgcpkdm\1\518281b55b67b2.85711647.js"
sh=74E7D99D3B29F1E124EBDCA6BE0184E24619EC5E ft=1 fh=57c05034de303995 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NI51GLP8\update[1]"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=41b28b62529e1341a5de6da7dd975d78
# engine=20331
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-27 11:00:10
# local_time=2014-09-28 01:00:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 22891 3767407 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5444 163488660 0 0
# scanned=150679
# found=2
# cleaned=0
# scan_time=5049
sh=429FC48BC53BC454DBF9DD799994FD538DD2CD1C ft=1 fh=b14d744a763a52f9 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Lena\Downloads\ccsetup312.exe"
sh=30B843D04116D79B8CA789AA5774B025805348CF ft=1 fh=f8c0307fdde4b037 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Lena\Downloads\FoxitReader514.0104_enu_Setup.exe"

SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (32.0.3) 
 Mozilla Thunderbird (7.0.1) Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Lena (administrator) on LENA-PC on 28-09-2014 12:25:20
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena & UpdatusUser (Available profiles: Lena & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-149174802-4036715357-4051647580-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0A474F7721CCCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DC1792B2ADDD4F7A92C675CACEB4CFD2 URL = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQSNRS2wn&i=26
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SafeSearch - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\safesearch@avira.com [2014-09-23]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\v2bg45cj.default-1390676715652\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\achpabhngjadedgleiffefjcnkdlnlmn [2013-05-02]
CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpmkmcdokoghnccphoipjgdcommiomah [2014-01-01]
CHR Extension: (No Name) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfgjeakafobopncbiopgikmdmgcpkdm [2013-05-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 12:24 - 2014-09-28 12:24 - 00000878 _____ () C:\Users\Lena\Desktop\checkup.txt
2014-09-28 12:11 - 2014-09-28 12:11 - 00854417 _____ () C:\Users\Lena\Desktop\SecurityCheck.exe
2014-09-28 12:07 - 2014-09-28 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-28 12:03 - 2014-09-28 12:03 - 00000231 _____ () C:\Users\Lena\Desktop\eset.txt
2014-09-27 23:33 - 2014-09-27 23:33 - 02347384 _____ (ESET) C:\Users\Lena\Desktop\esetsmartinstaller_deu.exe
2014-09-26 19:52 - 2014-09-26 19:52 - 00038940 _____ () C:\Users\Lena\Desktop\FRSTaktuell.txt
2014-09-26 19:48 - 2014-09-28 12:25 - 00013787 _____ () C:\Users\Lena\Desktop\FRST.txt
2014-09-26 19:48 - 2014-09-26 19:48 - 02108928 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2014-09-26 19:47 - 2014-09-26 19:47 - 00002297 _____ () C:\Users\Lena\Desktop\JRTaktuell.txt
2014-09-26 19:37 - 2014-09-26 19:37 - 00002297 _____ () C:\Users\Lena\Desktop\JRT.txt
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Windows\ERUNT
2014-09-26 19:33 - 2014-09-26 19:33 - 01699118 _____ (Thisisu) C:\Users\Lena\Desktop\JRT.exe
2014-09-26 19:31 - 2014-09-26 19:31 - 01699118 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-09-26 19:29 - 2014-09-26 19:29 - 00001051 _____ () C:\Users\Lena\Desktop\AdwCleaner[S1].txt
2014-09-26 18:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-26 18:09 - 2014-09-26 18:09 - 01373475 _____ () C:\Users\Lena\Downloads\AdwCleaner.exe
2014-09-26 18:06 - 2014-09-26 18:06 - 00001154 _____ () C:\Users\Lena\Desktop\mbam.txt
2014-09-26 17:19 - 2014-09-26 17:24 - 00000026 _____ () C:\Users\Lena\Desktop\FreeMem.vbs
2014-09-26 11:45 - 2014-09-26 11:45 - 00016987 _____ () C:\Users\Lena\Documents\Combofix.txt
2014-09-26 11:39 - 2014-09-26 11:39 - 00016987 _____ () C:\ComboFix.txt
2014-09-26 11:20 - 2014-09-26 18:13 - 00001770 _____ () C:\Windows\PFRO.log
2014-09-26 10:59 - 2014-09-26 11:40 - 00000000 ____D () C:\Qoobox
2014-09-26 10:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-26 10:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-26 10:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-26 10:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-26 10:58 - 2014-09-26 11:34 - 00000000 ____D () C:\Windows\erdnt
2014-09-26 10:58 - 2014-09-26 10:58 - 00001142 _____ () C:\Users\Lena\Desktop\ComboFix.lnk
2014-09-26 10:56 - 2014-09-26 10:57 - 05580995 ____R (Swearware) C:\Users\Lena\Downloads\ComboFix.exe
2014-09-25 14:13 - 2014-09-25 14:13 - 00030191 _____ () C:\Users\Lena\Downloads\Addition.txt
2014-09-25 14:11 - 2014-09-28 12:25 - 00000000 ____D () C:\FRST
2014-09-25 14:11 - 2014-09-25 14:13 - 00041923 _____ () C:\Users\Lena\Downloads\FRST.txt
2014-09-25 14:09 - 2014-09-25 14:09 - 02106880 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-09-24 12:57 - 2014-09-27 23:10 - 00000560 _____ () C:\Windows\setupact.log
2014-09-24 12:57 - 2014-09-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 11:55 - 2014-09-24 11:55 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-09-24 11:52 - 2014-09-24 11:52 - 00002200 _____ () C:\Users\Lena\Documents\cc_20140924_115232.reg
2014-09-24 10:28 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.trb
2014-09-24 10:13 - 2014-09-26 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-09-24 09:56 - 2014-09-24 09:58 - 21657592 _____ (Simply Super Software ) C:\Users\Lena\Downloads\trjsetup691.exe
2014-09-24 00:37 - 2014-09-24 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-24 00:35 - 2014-09-24 00:35 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-09-24 00:24 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-24 00:24 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-24 00:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-24 00:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-24 00:17 - 2014-09-24 00:22 - 319671744 _____ (NVIDIA Corporation) C:\Users\Lena\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe
2014-09-23 23:54 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-23 23:54 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-23 23:54 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-23 23:54 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-23 23:54 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-23 23:54 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-23 23:54 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-23 23:54 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-23 23:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-23 23:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-23 23:54 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-23 23:54 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-23 23:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-23 23:54 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-23 23:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-23 23:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-23 23:52 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-23 23:52 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-23 23:52 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-23 23:52 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-23 23:51 - 2014-09-23 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-23 23:48 - 2014-09-23 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-23 23:46 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-23 23:46 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-23 23:45 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-23 23:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-23 23:45 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-23 23:45 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 23:43 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 23:43 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 23:40 - 2014-09-23 23:40 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Avira
2014-09-23 23:37 - 2014-09-23 23:36 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-23 23:33 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-23 23:33 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-23 23:33 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-23 22:54 - 2014-09-27 23:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 22:54 - 2014-09-23 22:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-23 22:54 - 2014-09-23 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-23 22:53 - 2014-09-23 22:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-23 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-23 22:48 - 2014-09-23 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\ProgramData\Avira
2014-09-23 22:48 - 2014-09-23 23:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-23 22:48 - 2014-09-23 22:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-23 22:47 - 2014-09-23 22:47 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lena\Downloads\avira_de_av___ws.exe
2014-09-23 22:42 - 2014-09-23 22:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 22:27 - 2014-09-26 18:12 - 00000000 ____D () C:\AdwCleaner
2014-09-23 22:27 - 2014-09-23 22:27 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-23 22:26 - 2014-09-23 22:26 - 00001812 _____ () C:\Users\Lena\Documents\aswMBR.txt
2014-09-23 22:26 - 2014-09-23 22:26 - 00000512 _____ () C:\Users\Lena\Documents\MBR.dat
2014-09-23 22:22 - 2014-09-23 22:22 - 00157069 _____ () C:\Users\Lena\Documents\Stingerlog.xps
2014-09-23 19:49 - 2014-09-23 22:22 - 00000000 ____D () C:\Program Files\stinger
2014-09-12 19:34 - 2014-09-12 19:34 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\FUJIFILM
2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Users\Lena\AppData\Local\Packages
2014-09-10 23:05 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:05 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:05 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:05 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:05 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:05 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:05 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:05 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:05 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:05 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:05 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:05 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:05 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:05 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:05 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:05 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:05 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:05 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:05 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:05 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:05 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:05 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:05 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:05 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:05 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:05 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:05 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:05 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:05 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:05 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:05 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:05 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:05 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:05 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:05 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:05 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:05 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:05 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:05 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:05 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:05 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:05 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:05 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:05 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:05 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:05 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:05 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:05 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:05 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:05 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:05 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:05 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:05 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:05 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:05 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:05 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:54 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:54 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 16:29 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 16:29 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 16:28 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 16:28 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 16:28 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 16:28 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 16:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 16:28 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 16:28 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 16:28 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 16:28 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 12:09 - 2012-05-25 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-28 12:05 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-28 12:05 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-28 12:05 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-28 11:43 - 2012-10-03 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-28 03:00 - 2014-03-05 13:58 - 01986972 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 23:19 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-27 23:19 - 2009-07-14 06:45 - 00023280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-27 23:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 11:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-26 11:24 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-26 11:09 - 2013-05-02 16:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-24 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 07:11 - 2011-11-01 10:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-24 03:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 00:29 - 2009-07-14 06:45 - 00341792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-24 00:10 - 2011-10-31 20:49 - 00000000 ____D () C:\Windows\system32\NV
2014-09-24 00:10 - 2011-10-31 20:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-24 00:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-24 00:02 - 2011-10-31 20:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-23 23:57 - 2011-10-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-23 23:48 - 2011-10-31 21:19 - 00009872 _____ () C:\Windows\system32\RaCoInst.log
2014-09-23 23:27 - 2014-01-05 11:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-23 22:53 - 2014-01-25 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 22:29 - 2011-10-31 20:54 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-23 20:21 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\akllocijhjckflgnalkmmbelgejbmbcm
2014-09-22 15:46 - 2013-03-01 15:23 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Skype
2014-09-21 16:26 - 2011-10-31 20:00 - 00000000 ____D () C:\Users\Lena
2014-09-21 14:40 - 2012-10-03 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-21 14:40 - 2012-10-03 10:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-21 14:40 - 2011-12-31 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 09:06 - 2011-10-31 20:53 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:33 - 2014-01-01 18:58 - 00000000 ____D () C:\ProgramData\ce4c029df8982a8f
2014-09-10 23:04 - 2012-09-03 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 23:03 - 2011-11-01 10:02 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:00 - 2013-07-30 18:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:54 - 2014-05-31 21:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 22:54 - 2012-02-22 18:06 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-01 21:57 - 2014-07-10 13:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-01 21:57 - 2013-03-01 15:23 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\avgnt.exe
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:20

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß und DANKE

schrauber · 28.09.2014, 16:36

Möglich.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Bestehen noch Probleme mit dem System?

phoenixaz · 28.09.2014, 17:55

Hallo,

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014
Ran by Lena at 2014-09-28 18:47:56 Run:1
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena & UpdatusUser (Available profiles: Lena & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S2 03e661da; "c:\windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
*****************

03e661da => Service deleted successfully.

==== End of Fixlog ====

Ja, weiter Probleme. Seltsam ist, dass nach jedem Neustart was anderes langsam geht. Einmal findet der Adapter das WLAN-Netz schnell, dann wieder überhaupt nicht. Dann steckt man einen Stick an den gleichen USB Port wie vorher - mal erkennt ihn das System binnen Sekunden, mal dauert es bis zu 2 Minuten. Mal öffnet sich der WIN Explorer schnell, nach dem nächsten Systemstart dauert es bis zu 20 Sekunden. Wäre es mein Laptop, wäre schon eine SSD drin und ich hätte das System neu aufgesetzt. Aber es ist nicht meins

4 Tage Arbeit, Analyse etc. ohne Erfolg.

Egal, bisher

für Deine Geduld und Hilfe!!

schrauber · 29.09.2014, 13:58

Zitat:

4 Tage Arbeit, Analyse etc. ohne Erfolg.

real life sucks. Wir können auch nicht hell sehen

Malware verursacht das jedenfalls nicht.

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

phoenixaz · 29.09.2014, 18:32

Wird gemacht.

schrauber · 30.09.2014, 15:17

ok

phoenixaz · 01.10.2014, 19:43

Alles erledigt. Vielen Dank! Es ist nicht gut; aber wie Du sagst, real life sucks

:
dankeschoen:

Zitat:

Zitat von schrauber

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S2 03e661da; "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Hallo Schrauber,

was tut FRST mit diesem Text? Welche Auswirkung hat das? Welcher Fehler wird
hier behoben?

Vielen Dank!

30.09.2014, 15:17	#14
schrauber /// the machine /// TB-Ausbilder	Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster

Plagegeister aller Art und deren Bekämpfung: Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster