Programme starten nicht mehr kurz nach Windows-Neustart

mskreativ · 10.02.2015, 00:12

Hallo, bei dem Rechner von Freunden starten alle Nicht-Microsoft-Programme kurze Zeit nach dem Windows7-Neustart nicht mehr korrekt. Dazu gehören z.B. Firefox, Thunderbird, OpenOffice.

Im Task-Manager sehe ich zwar für die betroffenen Programme einen Prozess, der aber nur wenig RAM belegt und keine CPU-Zeit beansprucht. Bei einigen Programmen erscheint zwar immerhin die GUI, aber mir scheint, dass sobald ein Internetzugriff erfolgt, die entsprechenden Threads des Programms hängen und nur noch gekillt werden können.

Leider komme ich nun nicht mehr weiter und bitte um Hilfe.

Lediglich im abgesicherten Modus tritt das Phänomen nicht auf.

Versucht habe ich folgendes:

- Start im abgesicherten Modus

- Installation und Scan von Malwarebytes, Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 09.02.2015
Scan Time: 21:22:03
Logfile: mbam-log-150209.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2015.02.09.09
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Maier

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 262762
Time Elapsed: 3 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.FakePlug, C:\Users\Maier\AppData\Local\Temp\{FEAF890F-D1DE-4566-A78D-99FC254CABF9}\Addons\browser_coupon_setup.exe, Quarantined, [264749d3f39720162581f8d77a867888], 
Spyware.Password, C:\Users\Maier\AppData\Local\Temp\{FEAF890F-D1DE-4566-A78D-99FC254CABF9}\Addons\savebc1.exe, Quarantined, [6c01fe1eb7d357df1f21b8b85ea38779], 
Trojan.Dropped, C:\Windows\hidcon.exe, Delete-on-Reboot, [76f725f75a3088aee8dd0c2f669c5ba5], 
PUP.Optional.Babylon.A, C:\Users\Maier\AppData\Roaming\Mozilla\Firefox\Profiles\vnwf1vwa.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkDS", 0);), Replaced,[d09dfe1e454511252b36db1907fe01ff]
PUP.Optional.Babylon.A, C:\Users\Maier\AppData\Roaming\Mozilla\Firefox\Profiles\vnwf1vwa.default\prefs.js, Good: (), Bad: (Preferences

/* Do not edit this file.
 *
 * If), Replaced,[4e1fa577771334026001f00440c56898]

Physical Sectors: 0
(No malicious items detected)


(end)

- Installation und Run CCleaner, keine Auffälligkeiten in Startup oder Installed-Programs gesehen

- OTL laufen lassen, Log:

Code:

ATTFilter

OTL logfile created on: 09.02.2015 21:30:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,95 Gb Total Physical Memory | 14,90 Gb Available Physical Memory | 93,42% Memory free
15,95 Gb Paging File | 14,92 Gb Available in Paging File | 93,58% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,57 Gb Total Space | 166,98 Gb Free Space | 74,69% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 348,74 Gb Free Space | 74,88% Space Free | Partition Type: NTFS
Drive E: | 1,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PCROLANDHELGA | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (MSI_SuperCharger) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI)
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SIVDriver) -- C:\Windows\SysNative\drivers\SIVX64.sys (Ray Hinchliffe)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ipadtst) -- C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys (Windows (R) Win 7 DDK provider)
DRV - (NTIOLib_1_0_3) -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys (MSI)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EC9D9AD7-4201-4497-913A-1BB8BDD6717C}
IE:64bit: - HKLM\..\SearchScopes\{EC9D9AD7-4201-4497-913A-1BB8BDD6717C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EC9D9AD7-4201-4497-913A-1BB8BDD6717C}
IE - HKLM\..\SearchScopes\{EC9D9AD7-4201-4497-913A-1BB8BDD6717C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2110714021-3018614368-4389767-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
IE - HKU\S-1-5-21-2110714021-3018614368-4389767-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
IE - HKU\S-1-5-21-2110714021-3018614368-4389767-1001\..\SearchScopes,DefaultScope = {EC9D9AD7-4201-4497-913A-1BB8BDD6717C}
IE - HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2110714021-3018614368-4389767-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
IE - HKU\S-1-5-21-2110714021-3018614368-4389767-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
IE - HKU\S-1-5-21-2110714021-3018614368-4389767-1004\..\SearchScopes,DefaultScope = {EC9D9AD7-4201-4497-913A-1BB8BDD6717C}
IE - HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VLC media player\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VLC media player\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2015.01.29 19:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2015.01.29 19:13:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}] C:\ProgramData\Package Cache\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}\Avira.OE.Setup.Bundle.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8EB799C-7CC2-4527-91AF-B811DE3312D8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.20 13:34:54 | 000,000,511 | RH-- | M] () - E:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2015.02.09 21:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2015.02.09 21:13:39 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.02.09 21:13:39 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015.02.09 21:13:39 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015.02.09 21:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2015.02.09 21:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.02.09 21:12:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2015.02.08 22:53:11 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2015.02.08 22:53:11 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2015.02.08 22:53:11 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2015.02.08 22:53:11 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2015.02.08 22:53:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2015.02.08 22:53:11 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2015.02.08 22:53:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2015.02.08 22:53:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2015.02.08 22:53:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2015.02.08 22:53:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2015.02.08 22:52:47 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2015.02.08 22:52:47 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2015.02.08 22:47:38 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2015.02.08 22:47:24 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2015.02.08 22:47:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2015.02.08 22:47:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2015.02.08 22:47:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2015.02.08 22:47:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2015.02.08 22:47:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2015.02.08 22:47:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2015.02.08 22:47:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2015.02.08 22:47:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2015.02.08 22:47:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2015.02.08 22:47:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2015.02.08 22:47:23 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2015.02.08 22:47:23 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2015.02.08 22:47:23 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2015.02.08 22:47:23 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2015.02.08 22:47:23 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2015.02.08 22:47:23 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2015.02.08 22:47:23 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2015.02.08 22:47:22 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2015.02.08 22:47:22 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2015.02.08 22:47:04 | 006,584,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2015.02.08 22:47:04 | 005,703,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2015.02.08 22:47:04 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2015.02.08 22:47:04 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2015.02.08 22:47:04 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2015.02.08 22:47:04 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2015.02.08 22:47:04 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2015.01.29 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015.01.14 11:07:41 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015.01.14 11:07:41 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015.01.14 11:07:40 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015.01.14 11:07:40 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015.01.14 11:07:40 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015.01.14 11:07:40 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015.01.14 11:07:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015.01.14 11:07:40 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015.01.07 14:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOPP Vorlagen-Druckstudio
[2015.01.07 14:18:33 | 000,540,672 | ---- | C] (HPH-Software® GmbH  (hxxp://www.hph-software.de)) -- C:\Windows\SysWow64\Druckstudio_Ctrl.dll
[2015.01.07 14:18:33 | 000,249,856 | ---- | C] (Newtone Corp.) -- C:\Windows\SysWow64\Ik6Effect.dll
[2015.01.07 14:18:33 | 000,200,704 | ---- | C] (Newtone Corp.) -- C:\Windows\SysWow64\Ik6Tiff.dll
[2015.01.07 14:18:33 | 000,184,320 | ---- | C] (Newtone Corp.) -- C:\Windows\SysWow64\Ik6Com.dll
[2015.01.07 14:18:33 | 000,163,840 | ---- | C] (Newtone Corp.) -- C:\Windows\SysWow64\Ik6Jpeg.dll
[2015.01.07 14:18:33 | 000,102,400 | ---- | C] (Newtone Corp.) -- C:\Windows\SysWow64\Ik6Print.dll
[2015.01.07 14:18:33 | 000,081,920 | ---- | C] (Newtone Corp.) -- C:\Windows\SysWow64\Ik6File.dll
[2015.01.07 14:18:33 | 000,081,920 | ---- | C] (HPH-Software® GmbH) -- C:\Windows\SysWow64\Druckstudio_db.dll
[2015.01.07 14:18:33 | 000,061,440 | ---- | C] (Newtone Corp.) -- C:\Windows\SysWow64\Ik6Bmp.dll
[2015.01.07 14:18:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmdlgde.dll
[2015.01.07 14:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOPP Vorlagen-Druckstudio
[2014.12.17 19:04:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.12.17 19:04:14 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.12.11 19:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014.12.11 07:17:05 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.12.11 07:17:05 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.12.11 07:17:05 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.12.11 07:17:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.12.11 07:17:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.12.11 07:17:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.12.11 07:17:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.12.11 07:17:05 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.12.11 07:17:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.12.11 07:17:04 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.12.11 07:17:04 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.12.11 07:17:04 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.12.11 07:17:04 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.12.11 07:17:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.12.11 07:17:03 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.12.11 07:17:03 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.12.11 07:17:03 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.12.11 07:17:03 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.12.11 07:17:03 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.12.11 07:17:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.12.11 07:17:02 | 002,125,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.12.11 07:17:02 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.12.11 07:17:02 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.12.11 07:17:02 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.12.11 07:17:01 | 006,039,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.12.11 07:17:01 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.12.11 07:17:01 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.12.11 07:17:01 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.12.11 07:17:01 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.12.11 07:17:01 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.12.11 07:17:00 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.12.11 07:17:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.12.11 07:17:00 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.12.10 20:21:01 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014.11.12 07:16:15 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014.11.12 07:16:14 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014.11.12 07:16:14 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014.11.12 07:16:14 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014.11.12 07:16:14 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014.11.12 07:11:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.11.12 07:11:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.11.12 07:11:10 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014.11.12 07:11:10 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014.11.12 07:11:08 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014.11.12 07:11:08 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014.11.12 07:11:08 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014.11.12 07:11:08 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014.11.12 07:11:08 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014.11.12 07:11:06 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014.11.12 07:10:59 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014.11.12 07:10:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014.11.12 07:10:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
 
========== Files - Modified Within 90 Days ==========
 
[2015.02.09 21:29:00 | 001,624,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.02.09 21:29:00 | 000,700,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2015.02.09 21:29:00 | 000,655,324 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.02.09 21:29:00 | 000,150,124 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2015.02.09 21:29:00 | 000,122,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.02.09 21:27:51 | 4255,313,918 | -HS- | M] () -- C:\hiberfil.sys
[2015.02.09 21:27:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.02.09 21:13:44 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.09 21:13:44 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.09 20:07:05 | 000,341,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.02.09 12:01:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job
[2015.01.02 10:41:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014.12.13 06:09:01 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.12.13 04:33:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.12.12 06:35:10 | 005,553,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014.12.12 06:31:49 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014.12.12 06:31:49 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2014.12.12 06:31:22 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2014.12.12 06:11:44 | 003,971,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.12.12 06:11:43 | 003,916,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.12.11 18:47:17 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014.12.06 04:50:18 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2014.11.22 04:06:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.11.22 03:50:39 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.11.22 03:50:10 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.11.22 03:49:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.11.22 03:48:20 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.11.22 03:40:41 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.11.22 03:37:10 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.11.22 03:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.11.22 03:34:51 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.11.22 03:34:07 | 006,039,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.11.22 03:26:31 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.22 03:22:40 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.11.22 03:14:16 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.22 03:09:12 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.11.22 03:08:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.11.22 03:07:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.11.22 03:06:32 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.11.22 03:05:02 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.11.22 03:05:01 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.11.22 02:58:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.11.22 02:56:40 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.11.22 02:54:30 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.11.22 02:49:29 | 000,718,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.11.22 02:49:28 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.11.22 02:47:10 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.11.22 02:46:58 | 002,125,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.11.22 02:40:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.22 02:36:14 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.11.22 02:35:24 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.11.22 02:22:49 | 002,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.11.22 02:21:57 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.11.22 02:03:42 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.11.22 01:54:44 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.11.21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.11.21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.11.21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2015.01.02 10:41:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

- HijackThis laufen lassen, Log:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:59:50, on 09.02.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 35.0.1 (x86 de)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
D:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2110714021-3018614368-4389767-1001\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR (User 'Maier')
O4 - S-1-5-21-2110714021-3018614368-4389767-1001 Startup: FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (User 'Maier')
O4 - S-1-5-21-2110714021-3018614368-4389767-1001 User Startup: FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (User 'Maier')
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: Intel(R) Rapid Storage-Technologie (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9283 bytes

- LSPFix laufen lassen, Found:
NLAapi.dll, @%SystemRoot%\system32\nlasvc.dll,-1000
napinsp.dll, @%SystemRoot%\system32\napinsp.dll,-1000
pnrpnsp.dll, @%SystemRoot%\system32\pnrpnsp.dll,-1000
mswsock.dll, @%SystemRoot%\system32\wshtcpip.dll,-60103
winrnr.dll, NTDS
WLIDNSP.DLL, WindowsLive NSP
sarah.dll, Sarah NSP

- AdwCleaner laufen lassen, der hat aber nichts gefunden

- JRT laufen lassen, der hat aber nichts gefunden

cosinus · 10.02.2015, 00:19

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

mskreativ · 10.02.2015, 00:52

wow, danke für die schnelle Antwort.

Erst nach meinem ersten Post habe ich die "Erstanleitung" gelesen und füge nun unten die Logs defogger_disable.txt, FRST.txt, Additions.txt, Gmer.txt an.

Als AntiVirus-Programm ist Avira Free Antivirus installiert. Dort sehe ich unter Reports und Quarantine keine Einträge von gefundenen Detects. Aber ich sehe unter Reports, dass eine ganze Weile das automatische Update des Virus-Definition-Files verhindert wurde, zumindest soweit das Log reicht. Ein Update des Virus-Definition-Files konnte ich aber vorgestern zuletzt durchführen.

Soll ich einen Antivir-Scan manuell starten?

defogger_disable.txt:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:23 on 10/02/2015 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Admin (administrator) on PCROLANDHELGA on 10-02-2015 00:27:28
Running from D:\Downloads
Loaded Profiles: Maier & Admin (Available profiles: Maier & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\...\MountPoints2: {35ad355d-61a8-11e2-af73-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [952 2015-02-09] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe ()
Startup: C:\Users\Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1004 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 09 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VLC media player\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VLC media player\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-24] (Avira Operations GmbH & Co. KG)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
S2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-08] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-08] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19000 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [129856 2012-10-20] (Ray Hinchliffe)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
U3 fwryraob; \??\C:\Users\Admin\AppData\Local\Temp\fwryraob.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 00:27 - 2015-02-10 00:27 - 00000000 ____D () C:\FRST
2015-02-10 00:23 - 2015-02-10 00:23 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-02-10 00:10 - 2015-02-10 00:10 - 00000625 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-02-09 23:43 - 2015-02-10 00:02 - 00000000 ____D () C:\Users\Admin\Documents\Log
2015-02-09 22:49 - 2015-02-09 22:51 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-02-09 22:16 - 2015-02-09 23:34 - 00010342 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 22:13 - 2015-02-09 23:35 - 00000168 _____ () C:\Windows\setupact.log
2015-02-09 22:13 - 2015-02-09 22:13 - 00001004 _____ () C:\Windows\PFRO.log
2015-02-09 22:13 - 2015-02-09 22:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-09 22:02 - 2015-02-09 22:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 21:49 - 2015-02-09 21:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-02-09 21:49 - 2015-02-09 21:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-02-09 21:49 - 2015-02-09 21:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-02-09 21:39 - 2015-02-09 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-09 21:39 - 2015-02-09 21:39 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-09 21:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 21:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 21:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 22:53 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-08 22:53 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-08 22:53 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-08 22:53 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-08 22:53 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-08 22:53 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-08 22:53 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-08 22:53 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-08 22:53 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-08 22:53 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-08 22:52 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-02-08 22:52 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-02-08 22:47 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-08 22:47 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-08 22:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-08 22:47 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-08 22:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-08 22:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-08 22:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-08 22:47 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-08 22:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-08 22:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-08 22:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-08 22:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-08 22:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-08 22:47 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-02-08 22:47 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-02-08 22:47 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-08 22:47 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-08 22:47 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-02-08 22:47 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-02-08 22:47 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-02-08 22:47 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-08 22:47 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-08 22:47 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-08 22:47 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-08 22:47 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-29 19:13 - 2015-01-29 19:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 11:07 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:07 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:07 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:07 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 11:07 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 11:07 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 11:07 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:07 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:07 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 11:07 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:07 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:07 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:07 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 00:23 - 2013-01-18 23:57 - 00000000 ____D () C:\Users\Admin
2015-02-09 23:43 - 2010-11-21 07:50 - 00700486 _____ () C:\Windows\system32\perfh007.dat
2015-02-09 23:43 - 2010-11-21 07:50 - 00150124 _____ () C:\Windows\system32\perfc007.dat
2015-02-09 23:43 - 2009-07-14 06:13 - 01624178 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 23:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 23:20 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 23:20 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 23:14 - 2013-01-19 20:40 - 00000000 ____D () C:\Users\Maier\AppData\Roaming\FRITZ!
2015-02-09 22:50 - 2013-01-18 21:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-09 22:50 - 2013-01-18 21:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-09 22:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2015-02-09 21:46 - 2011-04-27 13:00 - 00000000 ____D () C:\Windows\Panther
2015-02-09 21:40 - 2013-02-16 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MedienTeam66
2015-02-09 21:16 - 2013-01-18 23:58 - 00090160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 21:16 - 2013-01-18 23:58 - 00001426 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-09 20:07 - 2013-01-18 20:57 - 00090160 _____ () C:\Users\Maier\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 20:07 - 2009-07-14 05:45 - 00341120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-09 12:01 - 2013-02-16 12:01 - 00000314 _____ () C:\Windows\Tasks\MT66 Software Update.job
2015-02-08 21:26 - 2013-01-19 00:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-08 20:47 - 2013-01-29 22:12 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-07 15:37 - 2013-12-05 21:05 - 00000000 ____D () C:\Users\Maier\AppData\Roaming\vlc
2015-02-05 13:44 - 2013-01-18 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-05 12:35 - 2014-12-11 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-14 13:59 - 2013-08-15 07:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:58 - 2011-04-27 12:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Maier\AppData\Local\Temp\ABCofPics.exe
C:\Users\Maier\AppData\Local\Temp\AskSLib.dll
C:\Users\Maier\AppData\Local\Temp\avgnt.exe
C:\Users\Maier\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Maier\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih(1).exe
C:\Users\Maier\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih(1)_1.exe
C:\Users\Maier\AppData\Local\Temp\tmp3513.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 20:45

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Admin at 2015-02-10 00:27:43
Running from D:\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!DSL (HKLM-x32\...\{2457326B-C110-40C3-89B0-889CC913871A}) (Version: 2.04.02 - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Kreativ Drucken deluxe 2013 (HKLM-x32\...\{60EA34DE-DD75-4453-A892-0BB79F3A7435}_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Photo Retro!It 2.0 Professional (HKLM-x32\...\{8A37DA67-DB39-4e8f-9BC3-448E8637AE5D}_is1) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.012 - MSI)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-11-2014 07:30:44 Windows Update
17-11-2014 07:11:52 Windows-Sicherung
18-11-2014 20:08:36 Windows Update
10-12-2014 22:38:39 Windows Update
11-12-2014 07:35:21 Windows Update
16-12-2014 08:01:42 Windows-Sicherung
17-12-2014 20:05:49 Windows Update
04-01-2015 17:45:59 Geplanter Prüfpunkt
14-01-2015 13:58:28 Windows Update
16-01-2015 17:02:33 Windows-Sicherung
08-02-2015 10:21:06 Geplanter Prüfpunkt
08-02-2015 20:45:55 ***IS_STRING_NOT_DEFINED***
08-02-2015 22:52:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {F24DFF0C-9F5A-41FC-9FB6-7C5BEA135FE7} - System32\Tasks\MT66 Software Update => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe
Task: C:\Windows\Tasks\MT66 Software Update.job => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe

==================== Loaded Modules (whitelisted) ==============


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: {70e83cd8-4bd5-4039-ab5a-6b94a8abb641} => "C:\ProgramData\Package Cache\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}\Avira.OE.Setup.Bundle.exe" /quiet /norestart /burn.log.append "C:\Windows\TEMP\Avira_20141008140939.log" /install /burn.runonce

==================== Accounts: =============================

Admin (S-1-5-21-2110714021-3018614368-4389767-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2110714021-3018614368-4389767-500 - Administrator - Disabled)
Gast (S-1-5-21-2110714021-3018614368-4389767-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2110714021-3018614368-4389767-1003 - Limited - Enabled)
Maier (S-1-5-21-2110714021-3018614368-4389767-1001 - Limited - Enabled) => C:\Users\Maier

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Biometric Coprocessor
Description: Biometric Coprocessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/10/2015 00:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 00:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 00:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 00:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 00:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 00:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 00:24:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 00:24:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 00:24:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 00:22:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 7%
Total physical RAM: 16333.58 MB
Available physical RAM: 15042.43 MB
Total Pagefile: 16331.77 MB
Available Pagefile: 15094.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Win7HPx64) (Fixed) (Total:223.57 GB) (Free:167.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:465.76 GB) (Free:348.73 GB) NTFS
Drive e: (70312-3_KD2013) (CDROM) (Total:1.92 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6990597C)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB92AAB5)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer.txt:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-10 00:37:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 ATA_____ rev.BBF0 223,57GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fwryraob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075261465 2 bytes [26, 75]
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752614bb 2 bytes [26, 75]
.text  ...                                                                                                                       * 2

---- EOF - GMER 2.1 ----

cosinus · 10.02.2015, 01:00

Ok, bitte mach die Logs auch nochmal im normalen Modus

Und:

Zukünftig bitte beachten:

Zitat:

Running from D:\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

mskreativ · 10.02.2015, 01:58

Das "OK" habe ich als ja auf die Frage zum AntiVir-Scan interpretiert, und lasse den jetzt laufen.

Die benannten Tools verschiebe ich gerne. Das könntet ihr aber auch noch in der Checkliste vermerken.

Nach dem AntiVir-Scan versuche ich die Logs noch im Nicht-Abgesicherten-Modus zu erstellen. Einige der Tools liefen so jedoch nicht, weshalb ich den abgesicherten Modus wählte. Ich berichte dann heute abend wieder.

also, der AntiVir-Scan ist durchgelaufen, Log:

Code:

ATTFilter

Avira Free Antivirus
Report file date: Dienstag, 10. Februar 2015  00:49


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 7 Home Premium
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Safe mode with network
Username        : Admin
Computer name   : pc

Version information:
BUILD.DAT       : 14.0.7.468     91859 Bytes  24.11.2014 10:23:00
AVSCAN.EXE      : 14.0.7.462   1015544 Bytes  24.12.2014 10:09:36
AVSCANRC.DLL    : 14.0.7.308     54576 Bytes  24.12.2014 10:09:36
LUKE.DLL        : 14.0.7.462     60664 Bytes  24.12.2014 10:09:36
AVSCPLR.DLL     : 14.0.7.440     93488 Bytes  24.12.2014 10:09:36
REPAIR.DLL      : 14.0.7.412    366328 Bytes  24.12.2014 10:09:36
REPAIR.RDF      : 1.0.4.60      704786 Bytes  08.02.2015 19:13:49
AVREG.DLL       : 14.0.7.310    264952 Bytes  24.12.2014 10:09:36
AVLODE.DLL      : 14.0.7.440    561456 Bytes  24.12.2014 10:09:36
AVLODE.RDF      : 14.0.4.54      78895 Bytes  24.12.2014 10:09:36
XBV00015.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:50:59
XBV00016.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:50:59
XBV00017.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:50:59
XBV00018.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:50:59
XBV00019.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:50:59
XBV00020.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:50:59
XBV00021.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:00
XBV00022.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:00
XBV00023.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:00
XBV00024.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:00
XBV00025.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:00
XBV00026.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:01
XBV00027.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:01
XBV00028.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:01
XBV00029.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:01
XBV00030.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:01
XBV00031.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:01
XBV00032.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:01
XBV00033.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:01
XBV00034.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:01
XBV00035.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:02
XBV00036.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:02
XBV00037.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:02
XBV00038.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:02
XBV00039.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:02
XBV00040.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:02
XBV00041.VDF    : 8.11.165.190     2048 Bytes  07.08.2014 19:51:02
XBV00076.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:27
XBV00077.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:27
XBV00078.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:27
XBV00079.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:27
XBV00080.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00081.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00082.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00083.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00084.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00085.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00086.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00087.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00088.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00089.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00090.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00091.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:28
XBV00092.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00093.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00094.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00095.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00096.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00097.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00098.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00099.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00100.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00101.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00102.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00103.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:29
XBV00104.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00105.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00106.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00107.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00108.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00109.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00110.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00111.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00112.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00113.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00114.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00115.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:30
XBV00116.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00117.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00118.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00119.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00120.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00121.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00122.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00123.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00124.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00125.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00126.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00127.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:31
XBV00128.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00129.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00130.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00131.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00132.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00133.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00134.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00135.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00136.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00137.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00138.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00139.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:32
XBV00140.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00141.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00142.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00143.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00144.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00145.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00146.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00147.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00148.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00149.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00150.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:33
XBV00151.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00152.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00153.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00154.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00155.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00156.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00157.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00158.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00159.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00160.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00161.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00162.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:34
XBV00163.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00164.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00165.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00166.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00167.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00168.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00169.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00170.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00171.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00172.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00173.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00174.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:35
XBV00175.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00176.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00177.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00178.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00179.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00180.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00181.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00182.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00183.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00184.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00185.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00186.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:36
XBV00187.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00188.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00189.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00190.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00191.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00192.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00193.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00194.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00195.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00196.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00197.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00198.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:37
XBV00199.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00200.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00201.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00202.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00203.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00204.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00205.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00206.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00207.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00208.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00209.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00210.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:38
XBV00211.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00212.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00213.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00214.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00215.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00216.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00217.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00218.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00219.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00220.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00221.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:39
XBV00222.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00223.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00224.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00225.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00226.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00227.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00228.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00229.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00230.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00231.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00232.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00233.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:40
XBV00234.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:41
XBV00235.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:41
XBV00236.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:41
XBV00237.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:41
XBV00238.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:41
XBV00239.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:41
XBV00240.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:41
XBV00241.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:41
XBV00242.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:41
XBV00243.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:42
XBV00244.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:42
XBV00245.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:42
XBV00246.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:42
XBV00247.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:43
XBV00248.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:43
XBV00249.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:43
XBV00250.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:43
XBV00251.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:43
XBV00252.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:44
XBV00253.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:44
XBV00254.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:44
XBV00255.VDF    : 8.11.206.252     2048 Bytes  04.02.2015 19:13:44
XBV00000.VDF    : 7.11.70.0   66736640 Bytes  04.04.2013 18:37:26
XBV00001.VDF    : 7.11.74.226  2201600 Bytes  30.04.2013 15:35:33
XBV00002.VDF    : 7.11.80.60   2751488 Bytes  28.05.2013 16:35:23
XBV00003.VDF    : 7.11.85.214  2162688 Bytes  21.06.2013 13:57:23
XBV00004.VDF    : 7.11.91.176  3903488 Bytes  23.07.2013 14:16:27
XBV00005.VDF    : 7.11.98.186  6822912 Bytes  29.08.2013 07:19:09
XBV00006.VDF    : 7.11.139.38 15708672 Bytes  27.03.2014 19:02:50
XBV00007.VDF    : 7.11.152.100  4193792 Bytes  02.06.2014 15:19:34
XBV00008.VDF    : 8.11.165.192  4251136 Bytes  07.08.2014 19:50:58
XBV00009.VDF    : 8.11.172.30  2094080 Bytes  15.09.2014 14:45:42
XBV00010.VDF    : 8.11.178.32  1581056 Bytes  14.10.2014 09:09:36
XBV00011.VDF    : 8.11.184.50  2178560 Bytes  11.11.2014 10:09:48
XBV00012.VDF    : 8.11.190.32  1876992 Bytes  03.12.2014 10:09:58
XBV00013.VDF    : 8.11.201.28  2973696 Bytes  14.01.2015 19:12:58
XBV00014.VDF    : 8.11.206.252  2695680 Bytes  04.02.2015 19:13:21
XBV00042.VDF    : 8.11.207.24    43520 Bytes  04.02.2015 19:13:21
XBV00043.VDF    : 8.11.207.50     2048 Bytes  04.02.2015 19:13:21
XBV00044.VDF    : 8.11.207.52     2048 Bytes  04.02.2015 19:13:22
XBV00045.VDF    : 8.11.207.78    20480 Bytes  04.02.2015 19:13:22
XBV00046.VDF    : 8.11.207.104     5632 Bytes  04.02.2015 19:13:22
XBV00047.VDF    : 8.11.207.106     2048 Bytes  05.02.2015 19:13:22
XBV00048.VDF    : 8.11.207.108    23040 Bytes  05.02.2015 19:13:22
XBV00049.VDF    : 8.11.207.110    34304 Bytes  05.02.2015 19:13:22
XBV00050.VDF    : 8.11.207.112     2048 Bytes  05.02.2015 19:13:22
XBV00051.VDF    : 8.11.207.134    15360 Bytes  05.02.2015 19:13:23
XBV00052.VDF    : 8.11.207.154     9728 Bytes  05.02.2015 19:13:23
XBV00053.VDF    : 8.11.207.178    39936 Bytes  05.02.2015 19:13:23
XBV00054.VDF    : 8.11.207.200    32256 Bytes  05.02.2015 19:13:23
XBV00055.VDF    : 8.11.207.204     2560 Bytes  05.02.2015 19:13:23
XBV00056.VDF    : 8.11.207.208    57856 Bytes  06.02.2015 19:13:24
XBV00057.VDF    : 8.11.207.210     2048 Bytes  06.02.2015 19:13:24
XBV00058.VDF    : 8.11.207.212     5120 Bytes  06.02.2015 19:13:24
XBV00059.VDF    : 8.11.207.232    18944 Bytes  06.02.2015 19:13:24
XBV00060.VDF    : 8.11.207.252    24576 Bytes  06.02.2015 19:13:24
XBV00061.VDF    : 8.11.208.16     9216 Bytes  06.02.2015 19:13:24
XBV00062.VDF    : 8.11.208.18     4096 Bytes  06.02.2015 19:13:25
XBV00063.VDF    : 8.11.208.20     2560 Bytes  06.02.2015 19:13:25
XBV00064.VDF    : 8.11.208.42    54272 Bytes  06.02.2015 19:13:25
XBV00065.VDF    : 8.11.208.62     2048 Bytes  06.02.2015 19:13:25
XBV00066.VDF    : 8.11.208.84    28160 Bytes  06.02.2015 19:13:25
XBV00067.VDF    : 8.11.208.86     2048 Bytes  06.02.2015 19:13:25
XBV00068.VDF    : 8.11.208.88     2048 Bytes  07.02.2015 19:13:25
XBV00069.VDF    : 8.11.208.92    61440 Bytes  07.02.2015 19:13:26
XBV00070.VDF    : 8.11.208.112     2048 Bytes  07.02.2015 19:13:26
XBV00071.VDF    : 8.11.208.130    40448 Bytes  07.02.2015 19:13:26
XBV00072.VDF    : 8.11.208.148     2048 Bytes  07.02.2015 19:13:26
XBV00073.VDF    : 8.11.208.166    62976 Bytes  08.02.2015 19:13:27
XBV00074.VDF    : 8.11.208.184     2048 Bytes  08.02.2015 19:13:27
XBV00075.VDF    : 8.11.208.204    32768 Bytes  08.02.2015 19:13:27
LOCAL000.VDF    : 8.11.208.204 120676864 Bytes  08.02.2015 19:14:02
Engine version  : 8.3.28.16 
AEVDF.DLL       : 8.3.1.6       133992 Bytes  07.10.2014 14:43:30
AESCRIPT.DLL    : 8.2.2.54      550824 Bytes  08.02.2015 19:12:40
AESCN.DLL       : 8.3.2.2       139456 Bytes  07.08.2014 19:47:09
AESBX.DLL       : 8.2.20.24    1409224 Bytes  09.05.2014 11:31:08
AERDL.DLL       : 8.2.1.16      743328 Bytes  08.11.2014 09:07:22
AEPACK.DLL      : 8.4.0.58      789360 Bytes  08.02.2015 19:12:38
AEOFFICE.DLL    : 8.3.1.10      351088 Bytes  08.02.2015 19:12:36
AEMOBILE.DLL    : 8.1.2.0       277360 Bytes  24.12.2014 10:09:36
AEHEUR.DLL      : 8.1.4.1522   8071080 Bytes  08.02.2015 19:12:35
AEHELP.DLL      : 8.3.1.0       278728 Bytes  28.05.2014 15:40:50
AEGEN.DLL       : 8.1.7.40      456608 Bytes  24.12.2014 10:09:35
AEEXP.DLL       : 8.4.2.70      255904 Bytes  08.02.2015 19:12:40
AEEMU.DLL       : 8.1.3.4       399264 Bytes  07.08.2014 19:46:30
AEDROID.DLL     : 8.4.3.6       850800 Bytes  24.12.2014 10:09:36
AECORE.DLL      : 8.3.4.0       243624 Bytes  24.12.2014 10:09:35
AEBB.DLL        : 8.1.2.0        60448 Bytes  07.08.2014 19:46:28
AVWINLL.DLL     : 14.0.7.308     25904 Bytes  24.12.2014 10:09:35
AVPREF.DLL      : 14.0.7.308     52016 Bytes  24.12.2014 10:09:36
AVREP.DLL       : 14.0.7.308    220976 Bytes  24.12.2014 10:09:36
AVARKT.DLL      : 14.0.7.308    227632 Bytes  24.12.2014 10:09:36
AVEVTLOG.DLL    : 14.0.7.440    184112 Bytes  24.12.2014 10:09:36
SQLITE3.DLL     : 14.0.7.308    453936 Bytes  24.12.2014 10:09:36
AVSMTP.DLL      : 14.0.7.308     79096 Bytes  24.12.2014 10:09:36
NETNT.DLL       : 14.0.7.308     15152 Bytes  24.12.2014 10:09:36
RCIMAGE.DLL     : 14.0.7.308   4866808 Bytes  24.12.2014 10:09:35
RCTEXT.DLL      : 14.0.7.318     75568 Bytes  24.12.2014 10:09:35

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, G:, E:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Dienstag, 10. Februar 2015  00:49

Start scanning boot sectors:
Boot sector 'HDD0(C:)'
    [INFO]      No virus was found!
Boot sector 'HDD1(D:)'
    [INFO]      No virus was found!
Boot sector 'HDD2(G:)'
    [INFO]      No virus was found!

The scan of running processes will be started:
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'ctfmon.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'mbam.exe' - '132' Module(s) have been scanned
Scan process 'CCleaner64.exe' - '61' Module(s) have been scanned
Scan process 'explorer.exe' - '154' Module(s) have been scanned
Scan process 'explorer.exe' - '138' Module(s) have been scanned
Scan process 'DllHost.exe' - '39' Module(s) have been scanned
Scan process 'avcenter.exe' - '147' Module(s) have been scanned
Scan process 'avscan.exe' - '113' Module(s) have been scanned
Scan process 'avshadow.exe' - '20' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '25' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '32' Module(s) have been scanned
Scan process 'lsass.exe' - '68' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '23' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1659' files ).


Starting the file scan:

Begin scan in 'C:\' <Win7HPx64>
C:\Users\Maier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSB5J4N5\50f9d6ab96dca[1].exe
    [0] Archive type: 7-Zip SFX (self extracting)
    --> 50f9d6ab81b35.dll
        [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen7
        [WARNING]   Infected files in archives cannot be repaired
    [0] Archive type: Runtime Packed
    --> C:\Users\Maier\AppData\Local\Temp\KBFRepFu.zip.part
        [1] Archive type: ZIP
      --> Patrick Maier BeweisfÃ¼hrung Ihrer Abmahnung der Urheberrechtsverletzung vom 10.12.2013.zip
          [2] Archive type: ZIP
        --> Patrick Maier Beweise Ihrer Abmahnung RechtsanwÃ¤lte Urmann.com
            [DETECTION] Is the TR/Matsnu.A.113 Trojan
            [WARNING]   Infected files in archives cannot be repaired
C:\Users\Maier\AppData\Local\Temp\KBFRepFu.zip.part
  [DETECTION] Is the TR/Matsnu.A.113 Trojan
    --> C:\Windows\SoftwareDistribution\Download\0350e593835125031f36e846ff3b936c09b8d479
        [1] Archive type: 7-Zip SFX (self extracting)
      --> netfx_core_x64.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_core_x86.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_extended_x64.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_extended_x86.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> NetFx451/netfx_Full_GDR_x64.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_Full_GDR_x64.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> NetFx451/netfx_Full_GDR_x86.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_Full_GDR_x86.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> NetFx451/netfx_Full_LDR_x64.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_Full_LDR_x64.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> NetFx451/netfx_Full_LDR_x86.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_Full_LDR_x86.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_Full_x64.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_Full_x86.msi
          [WARNING]   Insufficient memory. The file was not scanned!
      --> header.bmp
          [WARNING]   Insufficient memory. The file was not scanned!
      --> SplashScreen.bmp
          [WARNING]   Insufficient memory. The file was not scanned!
      --> watermark.bmp
          [WARNING]   Insufficient memory. The file was not scanned!
      --> DisplayIcon.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Print.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Rotate1.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Rotate2.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Rotate3.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Rotate4.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Rotate5.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Rotate6.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Rotate7.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Rotate8.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Save.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/Setup.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/stop.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/SysReqMet.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/SysReqNotMet.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Graphics/warn.ico
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1025/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 2052/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1028/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1029/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1030/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1031/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1033/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1032/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1035/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 3082/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1037/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1036/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1040/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1038/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1042/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1041/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1044/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1043/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1045/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1046/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 2070/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1053/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1049/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1055/LocalizedData.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> ParameterInfo.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Strings.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> UiInfo.xml
          [WARNING]   Insufficient memory. The file was not scanned!
      --> SetupUi.xsd
          [WARNING]   Insufficient memory. The file was not scanned!
      --> DHtmlHeader.html
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1025/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1028/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1030/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1029/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1031/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1032/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1033/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1035/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1036/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1037/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1038/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1040/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1041/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1043/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1042/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1044/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1045/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1046/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1049/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1055/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1053/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 2052/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 2070/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 3082/eula.rtf
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Setup.exe
          [WARNING]   Insufficient memory. The file was not scanned!
      --> SetupUtility.exe
          [WARNING]   Insufficient memory. The file was not scanned!
      --> SetupEngine.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 2052/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1028/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1025/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1033/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1030/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1029/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1035/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1031/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 3082/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1036/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1032/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1042/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1041/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1037/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1044/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1053/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1055/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1040/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1045/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1046/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1049/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 2070/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1038/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> 1043/SetupResources.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> SetupUi.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> sqmapi.dll
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Windows6.0-KB956250-v6001-x64.msu
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Windows6.0-KB956250-v6001-x86.msu
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Windows6.1-KB958488-v6001-x64.msu
          [WARNING]   Insufficient memory. The file was not scanned!
      --> Windows6.1-KB958488-v6001-x86.msu
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_Full_GDR.mzz
          [WARNING]   Insufficient memory. The file was not scanned!
      --> netfx_Full_LDR.mzz
          [WARNING]   Insufficient memory. The file was not scanned!
C:\Windows\SoftwareDistribution\Download\0350e593835125031f36e846ff3b936c09b8d479
  [WARNING]   Insufficient memory. The file was not scanned!
Begin scan in 'D:\' <Data>
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Das Gerät ist nicht bereit.
Begin scan in 'E:\' <70312-3_KD2013>

Beginning disinfection:
C:\Users\Maier\AppData\Local\Temp\KBFRepFu.zip.part
  [DETECTION] Is the TR/Matsnu.A.113 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '50eef6ef.qua'!
C:\Users\Maier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSB5J4N5\50f9d6ab96dca[1].exe
  [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen7
  [NOTE]      The file was moved to the quarantine directory under the name '4859d957.qua'!


End of the scan: Dienstag, 10. Februar 2015  01:36
Used time: 41:34 Minute(s)

The scan has been done completely.

  29328 Scanned directories
 1404059 Files were scanned
      3 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      2 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 1404056 Files not concerned
 102021 Archives were scanned
      3 Warnings
      2 Notes

Dann habe ich neugestartet im normalen Windows-Modus.
Defogger, FRST und GMER habe ich auf den Desktop verschoben und ausgeführt.
Gmer läuft jedoch nicht richtig, die GUI wird zwar angezeigt, allerdings ist keine Interaktion möglich, und die ganze Zeit läuft die Eieruhr.

Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:44 on 10/02/2015 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Admin (administrator) on PCROLANDHELGA on 10-02-2015 01:45:39
Running from C:\Users\Maier\Desktop
Loaded Profiles: Maier & Admin (Available profiles: Maier & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\...\MountPoints2: {35ad355d-61a8-11e2-af73-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe ()
Startup: C:\Users\Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1004 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 09 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VLC media player\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VLC media player\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-24] (Avira Operations GmbH & Co. KG)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19000 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [129856 2012-10-20] (Ray Hinchliffe)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 01:45 - 2015-02-10 01:45 - 00012571 _____ () C:\Users\Maier\Desktop\FRST.txt
2015-02-10 01:44 - 2015-02-10 01:44 - 00000472 _____ () C:\Users\Maier\Desktop\defogger_disable.log
2015-02-10 01:42 - 2015-02-10 00:19 - 00380416 _____ () C:\Users\Maier\Desktop\Gmer-19357.exe
2015-02-10 01:42 - 2015-02-10 00:18 - 02132992 _____ (Farbar) C:\Users\Maier\Desktop\FRST64.exe
2015-02-10 01:42 - 2015-02-10 00:18 - 00050477 _____ () C:\Users\Maier\Desktop\Defogger.exe
2015-02-10 00:35 - 2015-02-10 00:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-02-10 00:27 - 2015-02-10 01:45 - 00000000 ____D () C:\FRST
2015-02-10 00:23 - 2015-02-10 00:23 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-02-10 00:10 - 2015-02-10 00:10 - 00000625 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-02-09 23:43 - 2015-02-10 01:39 - 00000000 ____D () C:\Users\Admin\Documents\Log
2015-02-09 22:49 - 2015-02-09 22:51 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-02-09 22:16 - 2015-02-10 01:43 - 00013606 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 22:13 - 2015-02-10 01:40 - 00000224 _____ () C:\Windows\setupact.log
2015-02-09 22:13 - 2015-02-09 22:13 - 00001004 _____ () C:\Windows\PFRO.log
2015-02-09 22:13 - 2015-02-09 22:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-09 22:02 - 2015-02-09 22:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 21:49 - 2015-02-09 21:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-02-09 21:49 - 2015-02-09 21:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-02-09 21:49 - 2015-02-09 21:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-02-09 21:39 - 2015-02-09 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-09 21:39 - 2015-02-09 21:39 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-09 21:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 21:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 21:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 22:53 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-08 22:53 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-08 22:53 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-08 22:53 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-08 22:53 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-08 22:53 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-08 22:53 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-08 22:53 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-08 22:53 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-08 22:53 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-08 22:52 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-02-08 22:52 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-02-08 22:47 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-08 22:47 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-08 22:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-08 22:47 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-08 22:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-08 22:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-08 22:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-08 22:47 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-08 22:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-08 22:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-08 22:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-08 22:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-08 22:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-08 22:47 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-02-08 22:47 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-02-08 22:47 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-08 22:47 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-08 22:47 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-02-08 22:47 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-02-08 22:47 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-02-08 22:47 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-08 22:47 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-08 22:47 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-08 22:47 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-08 22:47 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-29 19:13 - 2015-01-29 19:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 11:07 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:07 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:07 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:07 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 11:07 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 11:07 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 11:07 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:07 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:07 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 11:07 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:07 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:07 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:07 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 01:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 00:23 - 2013-01-18 23:57 - 00000000 ____D () C:\Users\Admin
2015-02-09 23:43 - 2010-11-21 07:50 - 00700486 _____ () C:\Windows\system32\perfh007.dat
2015-02-09 23:43 - 2010-11-21 07:50 - 00150124 _____ () C:\Windows\system32\perfc007.dat
2015-02-09 23:43 - 2009-07-14 06:13 - 01624178 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 23:20 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 23:20 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 23:14 - 2013-01-19 20:40 - 00000000 ____D () C:\Users\Maier\AppData\Roaming\FRITZ!
2015-02-09 22:50 - 2013-01-18 21:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-09 22:50 - 2013-01-18 21:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-09 22:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2015-02-09 21:46 - 2011-04-27 13:00 - 00000000 ____D () C:\Windows\Panther
2015-02-09 21:40 - 2013-02-16 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MedienTeam66
2015-02-09 21:16 - 2013-01-18 23:58 - 00090160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 21:16 - 2013-01-18 23:58 - 00001426 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-09 20:07 - 2013-01-18 20:57 - 00090160 _____ () C:\Users\Maier\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 20:07 - 2009-07-14 05:45 - 00341120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-09 12:01 - 2013-02-16 12:01 - 00000314 _____ () C:\Windows\Tasks\MT66 Software Update.job
2015-02-08 21:26 - 2013-01-19 00:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-08 20:47 - 2013-01-29 22:12 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-07 15:37 - 2013-12-05 21:05 - 00000000 ____D () C:\Users\Maier\AppData\Roaming\vlc
2015-02-05 13:44 - 2013-01-18 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-05 12:35 - 2014-12-11 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-14 13:59 - 2013-08-15 07:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:58 - 2011-04-27 12:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Maier\AppData\Local\Temp\ABCofPics.exe
C:\Users\Maier\AppData\Local\Temp\AskSLib.dll
C:\Users\Maier\AppData\Local\Temp\avgnt.exe
C:\Users\Maier\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Maier\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih(1).exe
C:\Users\Maier\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih(1)_1.exe
C:\Users\Maier\AppData\Local\Temp\tmp3513.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 20:45

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Admin at 2015-02-10 01:45:59
Running from C:\Users\Maier\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!DSL (HKLM-x32\...\{2457326B-C110-40C3-89B0-889CC913871A}) (Version: 2.04.02 - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Kreativ Drucken deluxe 2013 (HKLM-x32\...\{60EA34DE-DD75-4453-A892-0BB79F3A7435}_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Photo Retro!It 2.0 Professional (HKLM-x32\...\{8A37DA67-DB39-4e8f-9BC3-448E8637AE5D}_is1) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.012 - MSI)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-11-2014 07:30:44 Windows Update
17-11-2014 07:11:52 Windows-Sicherung
18-11-2014 20:08:36 Windows Update
10-12-2014 22:38:39 Windows Update
11-12-2014 07:35:21 Windows Update
16-12-2014 08:01:42 Windows-Sicherung
17-12-2014 20:05:49 Windows Update
04-01-2015 17:45:59 Geplanter Prüfpunkt
14-01-2015 13:58:28 Windows Update
16-01-2015 17:02:33 Windows-Sicherung
08-02-2015 10:21:06 Geplanter Prüfpunkt
08-02-2015 20:45:55 ***IS_STRING_NOT_DEFINED***
08-02-2015 22:52:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {F24DFF0C-9F5A-41FC-9FB6-7C5BEA135FE7} - System32\Tasks\MT66 Software Update => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe
Task: C:\Windows\Tasks\MT66 Software Update.job => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-17 07:12 - 2014-10-17 07:12 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\192740d8e29e7df387d0d7686ae2b535\PSIClient.ni.dll
2013-01-16 15:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: {70e83cd8-4bd5-4039-ab5a-6b94a8abb641} => "C:\ProgramData\Package Cache\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}\Avira.OE.Setup.Bundle.exe" /quiet /norestart /burn.log.append "C:\Windows\TEMP\Avira_20141008140939.log" /install /burn.runonce

==================== Accounts: =============================

Admin (S-1-5-21-2110714021-3018614368-4389767-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2110714021-3018614368-4389767-500 - Administrator - Disabled)
Gast (S-1-5-21-2110714021-3018614368-4389767-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2110714021-3018614368-4389767-1003 - Limited - Enabled)
Maier (S-1-5-21-2110714021-3018614368-4389767-1001 - Limited - Enabled) => C:\Users\Maier

==================== Faulty Device Manager Devices =============

Name: Biometric Coprocessor
Description: Biometric Coprocessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 01:42:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 01:41:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 9.27.856.0, Zeitstempel: 0x4fa1f537
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000dacf
ID des fehlerhaften Prozesses: 0x6cc
Startzeit der fehlerhaften Anwendung: 0xHPLaserJetService.exe0
Pfad der fehlerhaften Anwendung: HPLaserJetService.exe1
Pfad des fehlerhaften Moduls: HPLaserJetService.exe2
Berichtskennung: HPLaserJetService.exe3

Error: (02/10/2015 00:35:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ~G!m$e#r+-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: ~G!m$e#r+-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008d900
ID des fehlerhaften Prozesses: 0x7c4
Startzeit der fehlerhaften Anwendung: 0x~G!m$e#r+-19357.exe0
Pfad der fehlerhaften Anwendung: ~G!m$e#r+-19357.exe1
Pfad des fehlerhaften Moduls: ~G!m$e#r+-19357.exe2
Berichtskennung: ~G!m$e#r+-19357.exe3


System errors:
=============
Error: (02/10/2015 01:40:32 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (02/10/2015 01:40:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 01:40:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 01:40:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 01:39:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 01:39:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 01:39:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 01:39:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 01:39:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (02/10/2015 01:39:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (02/10/2015 01:42:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 01:41:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPLaserJetService.exe9.27.856.04fa1f537unknown0.0.0.000000000c00000050000dacf6cc01d044ca34a46641C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeunknown85500c71-b0bd-11e4-89b8-d43d7e35d925

Error: (02/10/2015 00:35:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ~G!m$e#r+-19357.exe2.1.19357.052e7ea83~G!m$e#r+-19357.exe2.1.19357.052e7ea83c00000050008d9007c401d044c0f530497fD:\Downloads\~G!m$e#r+-19357.exeD:\Downloads\~G!m$e#r+-19357.exe4806904f-b0b4-11e4-af3e-d43d7e35d925


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 11%
Total physical RAM: 16333.58 MB
Available physical RAM: 14451.34 MB
Total Pagefile: 16331.77 MB
Available Pagefile: 14365.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Win7HPx64) (Fixed) (Total:223.57 GB) (Free:166.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:465.76 GB) (Free:348.73 GB) NTFS
Drive e: (70312-3_KD2013) (CDROM) (Total:1.92 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6990597C)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB92AAB5)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 10.02.2015, 11:26

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

mskreativ · 10.02.2015, 22:19

Leider lässt sich Combofix nicht im Normalmodus korrekt ausführen.
Die Extraktion der Dateien erfolgt, stoppt aber zum Ende der Extraktion und die letzten Einträge sind:

Code:

ATTFilter

Wird entpackt: streamtools.zip
Zielverzeichnis: C:\32788R22FWJFW\N_
Zielverzeichnis: C:\32788R22FWJFW

Danach tritt auch hier das Phänomen auf, dass das Programm hängt, die Eieruhr zeigt und nach kurzer Zeit "keine Rückmeldung" angezeigt wird.

Entsprechend habe ich Combofix nun im abgesicherten Modus gestartet. Log:

Code:

ATTFilter

ComboFix 15-02-09.01 - Admin 10.02.2015  21:59:36.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16334.15311 [GMT 1:00]
ausgeführt von:: c:\users\Maier\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-10 bis 2015-02-10  ))))))))))))))))))))))))))))))
.
.
2015-02-10 21:01 . 2015-02-10 21:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-10 21:01 . 2015-02-10 21:01	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2015-02-09 23:35 . 2015-02-09 23:35	--------	d-----w-	c:\users\Admin\AppData\Local\CrashDumps
2015-02-09 23:27 . 2015-02-10 00:46	--------	d-----w-	C:\FRST
2015-02-09 21:50 . 2015-02-09 21:50	--------	d-----w-	c:\users\Admin\AppData\Local\ElevatedDiagnostics
2015-02-09 21:49 . 2015-02-09 21:51	--------	d-----w-	c:\users\Admin\AppData\Local\Adobe
2015-02-09 21:02 . 2015-02-09 21:53	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-09 20:49 . 2015-02-09 20:49	--------	d-sh--w-	c:\users\Admin\AppData\Local\EmieUserList
2015-02-09 20:49 . 2015-02-09 20:49	--------	d-sh--w-	c:\users\Admin\AppData\Local\EmieSiteList
2015-02-09 20:49 . 2015-02-09 20:49	--------	d-sh--w-	c:\users\Admin\AppData\Local\EmieBrowserModeList
2015-02-09 20:39 . 2015-02-09 20:39	--------	d-----w-	c:\program files\CCleaner
2015-02-09 20:13 . 2015-02-09 20:13	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-02-09 20:13 . 2015-02-09 20:13	--------	d-----w-	c:\programdata\Malwarebytes
2015-02-09 20:13 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-02-09 20:13 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-02-09 20:13 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-02-09 20:12 . 2015-02-09 20:12	--------	d-----w-	c:\users\Admin\AppData\Local\Programs
2015-02-08 21:53 . 2014-10-18 02:05	4121600	----a-w-	c:\windows\system32\mf.dll
2015-02-08 21:53 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2015-02-08 21:53 . 2014-07-07 02:06	206848	----a-w-	c:\windows\system32\mfps.dll
2015-02-08 21:53 . 2014-07-07 02:06	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2015-02-08 21:53 . 2014-07-07 02:06	24576	----a-w-	c:\windows\system32\mfpmp.exe
2015-02-08 21:53 . 2014-07-07 02:02	2048	----a-w-	c:\windows\system32\mferror.dll
2015-02-08 21:53 . 2014-07-07 01:40	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2015-02-08 21:53 . 2014-07-07 01:39	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
2015-02-08 21:53 . 2014-07-07 01:39	23040	----a-w-	c:\windows\SysWow64\mfpmp.exe
2015-02-08 21:53 . 2014-07-07 01:37	2048	----a-w-	c:\windows\SysWow64\mferror.dll
2015-02-08 21:52 . 2014-06-27 02:08	2777088	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2015-02-08 21:52 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-09 21:50 . 2013-01-18 20:20	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-09 21:50 . 2013-01-18 20:20	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 12:58 . 2011-04-27 11:44	113365784	----a-w-	c:\windows\system32\MRT.exe
2014-12-13 05:09 . 2014-12-17 18:04	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 18:04	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-11-27 01:43 . 2014-12-11 06:17	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 06:16	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 06:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 06:17	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 06:17	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 06:17	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 06:17	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 06:17	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 06:17	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 06:17	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 06:17	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 06:17	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 06:17	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 06:17	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 06:17	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 06:17	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 06:17	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 06:17	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 06:17	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 06:17	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 06:17	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 06:17	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 06:17	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 06:17	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 06:17	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 06:17	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 06:17	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 06:17	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 06:17	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 06:17	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 06:17	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 06:17	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 06:17	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 06:17	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 06:17	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 06:17	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 06:17	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 06:17	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 06:17	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 06:17	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-24 702768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" [2014-11-21 54072]
.
c:\users\Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files (x86)\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files (x86)\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2013-1-19 29184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE;c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SIVDriver;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys;c:\windows\SYSNATIVE\Drivers\SIVX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-10  22:02:30
ComboFix-quarantined-files.txt  2015-02-10 21:02
.
Vor Suchlauf: 9 Verzeichnis(se), 178.746.634.240 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 179.888.553.984 Bytes frei
.
- - End Of File - - 2DDF34D32FE703D78F7FC60D3BC78344

cosinus · 10.02.2015, 23:07

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

mskreativ · 11.02.2015, 00:11

habe versucht mich penibel an die Anweisung im Normal-Modus zu halten, trotzdem lief JRT nur im abgesicherten Modus. Bei derAnzeige von "Checking for updates" blieb auch dieses Programm hängen.

AdwCleaner[S1].txt:

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 10/02/2015 um 23:38:34
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Admin - PCROLANDHELGA
# Gestarted von : C:\Users\Maier\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


*************************

AdwCleaner[R1].txt - [750 Bytes] - [10/02/2015 23:36:56]
AdwCleaner[S1].txt - [675 Bytes] - [10/02/2015 23:38:34]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [733  Bytes] ##########

JRT.txt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 10.02.2015 at 23:59:00,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.02.2015 at 23:59:49,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Admin (administrator) on PCROLANDHELGA on 11-02-2015 00:04:00
Running from C:\Users\Maier\Desktop
Loaded Profiles: Maier & Admin (Available profiles: Maier & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\...\MountPoints2: {35ad355d-61a8-11e2-af73-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe ()
Startup: C:\Users\Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2110714021-3018614368-4389767-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1004 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 09 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\97vbnr01.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VLC media player\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VLC media player\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-24] (Avira Operations GmbH & Co. KG)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19000 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [129856 2012-10-20] (Ray Hinchliffe)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 00:04 - 2015-02-11 00:04 - 00012433 _____ () C:\Users\Maier\Desktop\FRST.txt
2015-02-10 23:59 - 2015-02-10 23:59 - 00000625 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-02-10 23:56 - 2015-02-10 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2015-02-10 23:36 - 2015-02-10 23:38 - 00000000 ____D () C:\AdwCleaner
2015-02-10 23:29 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 23:29 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 23:29 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 23:29 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 23:29 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 23:29 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 23:29 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 23:29 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 23:29 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 23:29 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 23:29 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 23:29 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 23:29 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 23:29 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 23:29 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 23:29 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 23:29 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 23:29 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 23:29 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 23:29 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 23:29 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 23:29 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 23:29 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 23:29 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 23:29 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 23:29 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 23:29 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 23:29 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 23:29 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 23:29 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 23:28 - 2015-02-10 23:24 - 01388274 _____ (Thisisu) C:\Users\Maier\Desktop\JRT.exe
2015-02-10 23:28 - 2015-02-10 22:27 - 02112512 _____ () C:\Users\Maier\Desktop\AdwCleaner_4.110.exe
2015-02-10 22:02 - 2015-02-10 22:02 - 00015698 _____ () C:\ComboFix.txt
2015-02-10 21:58 - 2015-02-10 22:02 - 00000000 ____D () C:\Qoobox
2015-02-10 21:58 - 2015-02-10 22:01 - 00000000 ____D () C:\Windows\erdnt
2015-02-10 21:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-10 21:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-10 21:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-10 21:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-10 21:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-10 21:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-10 21:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-10 21:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-10 21:43 - 2015-02-10 21:36 - 05611930 ____R (Swearware) C:\Users\Maier\Desktop\ComboFix.exe
2015-02-10 01:44 - 2015-02-10 01:44 - 00000472 _____ () C:\Users\Maier\Desktop\defogger_disable.log
2015-02-10 01:42 - 2015-02-10 00:19 - 00380416 _____ () C:\Users\Maier\Desktop\Gmer-19357.exe
2015-02-10 01:42 - 2015-02-10 00:18 - 02132992 _____ (Farbar) C:\Users\Maier\Desktop\FRST64.exe
2015-02-10 01:42 - 2015-02-10 00:18 - 00050477 _____ () C:\Users\Maier\Desktop\Defogger.exe
2015-02-10 00:35 - 2015-02-10 00:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-02-10 00:27 - 2015-02-11 00:04 - 00000000 ____D () C:\FRST
2015-02-10 00:23 - 2015-02-10 00:23 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-02-09 23:43 - 2015-02-10 01:47 - 00000000 ____D () C:\Users\Admin\Documents\Log
2015-02-09 22:49 - 2015-02-09 22:51 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-02-09 22:16 - 2015-02-11 00:03 - 01887322 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 22:13 - 2015-02-11 00:00 - 00000560 _____ () C:\Windows\setupact.log
2015-02-09 22:13 - 2015-02-10 23:58 - 00001904 _____ () C:\Windows\PFRO.log
2015-02-09 22:13 - 2015-02-09 22:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-09 22:02 - 2015-02-09 22:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 21:49 - 2015-02-09 21:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-02-09 21:49 - 2015-02-09 21:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-02-09 21:49 - 2015-02-09 21:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-02-09 21:39 - 2015-02-09 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-09 21:39 - 2015-02-09 21:39 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 21:13 - 2015-02-09 21:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-09 21:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 21:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 21:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 22:53 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-08 22:53 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-08 22:53 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-08 22:53 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-08 22:53 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-08 22:53 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-08 22:53 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-08 22:53 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-08 22:53 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-08 22:53 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-08 22:52 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-02-08 22:52 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-02-08 22:47 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-08 22:47 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-08 22:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-08 22:47 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-08 22:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-08 22:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-08 22:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-08 22:47 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-08 22:47 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-08 22:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-08 22:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-08 22:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-08 22:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-08 22:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-08 22:47 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-02-08 22:47 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-02-08 22:47 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-08 22:47 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-08 22:47 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-02-08 22:47 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-02-08 22:47 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-02-08 22:47 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-02-08 22:47 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-02-08 22:47 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-08 22:47 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-08 22:47 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-08 22:47 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-08 22:47 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-29 19:13 - 2015-01-29 19:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 11:07 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:07 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:07 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:07 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:07 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:07 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 00:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 23:46 - 2010-11-21 07:50 - 00700486 _____ () C:\Windows\system32\perfh007.dat
2015-02-10 23:46 - 2010-11-21 07:50 - 00150124 _____ () C:\Windows\system32\perfc007.dat
2015-02-10 23:46 - 2009-07-14 06:13 - 01624178 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 23:46 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 23:46 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 23:33 - 2009-07-14 05:45 - 00341120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 23:31 - 2013-08-15 07:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 23:30 - 2011-04-27 12:44 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 23:26 - 2013-01-19 21:09 - 00000000 ____D () C:\Users\Maier\AppData\Local\CrashDumps
2015-02-10 22:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-10 22:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-10 00:23 - 2013-01-18 23:57 - 00000000 ____D () C:\Users\Admin
2015-02-09 23:14 - 2013-01-19 20:40 - 00000000 ____D () C:\Users\Maier\AppData\Roaming\FRITZ!
2015-02-09 22:50 - 2013-01-18 21:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-09 22:50 - 2013-01-18 21:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-09 22:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2015-02-09 21:46 - 2011-04-27 13:00 - 00000000 ____D () C:\Windows\Panther
2015-02-09 21:40 - 2013-02-16 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MedienTeam66
2015-02-09 21:16 - 2013-01-18 23:58 - 00090160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 21:16 - 2013-01-18 23:58 - 00001426 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-09 20:07 - 2013-01-18 20:57 - 00090160 _____ () C:\Users\Maier\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-08 21:26 - 2013-01-19 00:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-08 20:47 - 2013-01-29 22:12 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-07 15:37 - 2013-12-05 21:05 - 00000000 ____D () C:\Users\Maier\AppData\Roaming\vlc
2015-02-05 13:44 - 2013-01-18 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-05 12:35 - 2014-12-11 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\Quarantine.exe
C:\Users\Admin\AppData\Local\temp\sqlite3.dll
C:\Users\Maier\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 20:45

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Admin at 2015-02-11 00:04:15
Running from C:\Users\Maier\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!DSL (HKLM-x32\...\{2457326B-C110-40C3-89B0-889CC913871A}) (Version: 2.04.02 - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Kreativ Drucken deluxe 2013 (HKLM-x32\...\{60EA34DE-DD75-4453-A892-0BB79F3A7435}_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Photo Retro!It 2.0 Professional (HKLM-x32\...\{8A37DA67-DB39-4e8f-9BC3-448E8637AE5D}_is1) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.012 - MSI)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

17-11-2014 07:11:52 Windows-Sicherung
18-11-2014 20:08:36 Windows Update
10-12-2014 22:38:39 Windows Update
11-12-2014 07:35:21 Windows Update
16-12-2014 08:01:42 Windows-Sicherung
17-12-2014 20:05:49 Windows Update
04-01-2015 17:45:59 Geplanter Prüfpunkt
14-01-2015 13:58:28 Windows Update
16-01-2015 17:02:33 Windows-Sicherung
08-02-2015 10:21:06 Geplanter Prüfpunkt
08-02-2015 20:45:55 ***IS_STRING_NOT_DEFINED***
08-02-2015 22:52:42 Windows Update
10-02-2015 23:29:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {F24DFF0C-9F5A-41FC-9FB6-7C5BEA135FE7} - System32\Tasks\MT66 Software Update => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-17 07:12 - 2014-10-17 07:12 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\192740d8e29e7df387d0d7686ae2b535\PSIClient.ni.dll
2013-01-16 15:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2110714021-3018614368-4389767-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: {70e83cd8-4bd5-4039-ab5a-6b94a8abb641} => "C:\ProgramData\Package Cache\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}\Avira.OE.Setup.Bundle.exe" /quiet /norestart /burn.log.append "C:\Windows\TEMP\Avira_20141008140939.log" /install /burn.runonce

==================== Accounts: =============================

Admin (S-1-5-21-2110714021-3018614368-4389767-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2110714021-3018614368-4389767-500 - Administrator - Disabled)
Gast (S-1-5-21-2110714021-3018614368-4389767-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2110714021-3018614368-4389767-1003 - Limited - Enabled)
Maier (S-1-5-21-2110714021-3018614368-4389767-1001 - Limited - Enabled) => C:\Users\Maier

==================== Faulty Device Manager Devices =============

Name: Biometric Coprocessor
Description: Biometric Coprocessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2015 00:02:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 00:01:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 9.27.856.0, Zeitstempel: 0x4fa1f537
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000d580
ID des fehlerhaften Prozesses: 0x6c8
Startzeit der fehlerhaften Anwendung: 0xHPLaserJetService.exe0
Pfad der fehlerhaften Anwendung: HPLaserJetService.exe1
Pfad des fehlerhaften Moduls: HPLaserJetService.exe2
Berichtskennung: HPLaserJetService.exe3


System errors:
=============
Error: (02/11/2015 00:00:37 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office Sessions:
=========================
Error: (02/11/2015 00:02:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 00:01:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPLaserJetService.exe9.27.856.04fa1f537unknown0.0.0.000000000c00000050000d5806c801d0458569d98c83C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeunknownbaa42497-b178-11e4-b7fa-d43d7e35d925


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 16%
Total physical RAM: 16333.58 MB
Available physical RAM: 13705.13 MB
Total Pagefile: 16331.77 MB
Available Pagefile: 13692.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Win7HPx64) (Fixed) (Total:223.57 GB) (Free:167.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:465.76 GB) (Free:349.42 GB) NTFS
Drive e: (70312-3_KD2013) (CDROM) (Total:1.92 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6990597C)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB92AAB5)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 11.02.2015, 00:13

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-2110714021-3018614368-4389767-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1004 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

mskreativ · 11.02.2015, 00:34

Fixlog.txt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Admin at 2015-02-11 00:30:35 Run:1
Running from C:\Users\Maier\Desktop
Loaded Profiles: Maier & Admin (Available profiles: Maier & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2110714021-3018614368-4389767-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1001 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
SearchScopes: HKU\S-1-5-21-2110714021-3018614368-4389767-1004 -> {EC9D9AD7-4201-4497-913A-1BB8BDD6717C} URL = 
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

EmptyTemp:
Hosts:
         
*****************

"HKU\S-1-5-21-2110714021-3018614368-4389767-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2110714021-3018614368-4389767-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2110714021-3018614368-4389767-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC9D9AD7-4201-4497-913A-1BB8BDD6717C}" => Key deleted successfully.
HKCR\CLSID\{EC9D9AD7-4201-4497-913A-1BB8BDD6717C} => Key not found. 
"HKU\S-1-5-21-2110714021-3018614368-4389767-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC9D9AD7-4201-4497-913A-1BB8BDD6717C}" => Key deleted successfully.
HKCR\CLSID\{EC9D9AD7-4201-4497-913A-1BB8BDD6717C} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 54.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 00:30:41 ====

cosinus · 11.02.2015, 09:28

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

mskreativ · 12.02.2015, 08:24

Malwarebytes habe ich im abgesicherten Modus gestartet, da die Suche aufs Internet zugreifen will und sich damit aufhängt.

Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.02.2015
Suchlauf-Zeit: 20:46:44
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.02.09.10
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Maier

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 270872
Verstrichene Zeit: 3 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Den ESET Online Scanner habe ich ebenfalls im abgesicherten Modus gestartet, da auch er aufs Internet zugreifen will. Er hat von CLSoft SaveByClick InstallMate Dateien gefunden.

Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6aab675ff517ac478deba113a4ff53d9
# engine=22425
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-11 09:28:28
# local_time=2015-02-11 10:28:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777214 100 100 266634 77614694 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 50081936 175319958 0 0
# scanned=187309
# found=2
# cleaned=0
# scan_time=3152
sh=D3B521D5AFD90ED22756DCECCA63B4EEC63E10A2 ft=1 fh=3fe680fa8fe1ca5e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{FEAF890F-D1DE-4566-A78D-99FC254CABF9}\_Setupx.dll"
sh=D3B521D5AFD90ED22756DCECCA63B4EEC63E10A2 ft=1 fh=3fe680fa8fe1ca5e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{FEAF890F-D1DE-4566-A78D-99FC254CABF9}\_Setupx.dll"

cosinus · 12.02.2015, 10:17

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\InstallMate
C:\Users\All Users\InstallMate
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

mskreativ · 12.02.2015, 21:00

Fixlog.txt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015
Ran by Admin at 2015-02-12 20:56:07 Run:2
Running from C:\Users\Maier\Desktop
Loaded Profiles: Maier & Admin (Available profiles: Maier & Admin)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
C:\ProgramData\InstallMate
C:\Users\All Users\InstallMate
EmptyTemp:
Hosts:
*****************

C:\ProgramData\InstallMate => Moved successfully.
"C:\Users\All Users\InstallMate" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 10.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 20:56:07 ====

Seltsam nur, dass das Verzeichnis "C:\Users\All Users\InstallMate" nicht gefunden wurde. Das war heute morgen noch da... und ich habe es nicht manuell gelöscht, obwohl die Versuchung groß war...