Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.05.2015, 14:40   #1
harryS
 
bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



Hallo,
bitdefender Internet Security 2015 meldet inzwischen 38 Probleme.
Es wurden Phishing Versuche erkannt und infizierte Websites erkannt. Liefert mir aber keine weitere Hilfe. Ich habe auch Antimalware ohne Fund durchlaufen lassen.
Ich hoffe es kann mir jemand von Euch behilflich sein, da ich mich nicht mehr traue irgendwo einzuloggen.
Vielen Dank im vorraus
Harry

hier eine der vielen bitdefender Meldungen:
Code:
ATTFilter
Die Webseite https://6b7f46ad5bc91a240a3d-1d8fbdf7ecdc2b67730d7c561f0d1dfd.ssl.cf2.rackcdn.com/il.html?origin=httP://www.ebay.xx wurde als Phishing-Webseite identifiziert, die ein Risiko für Ihre persönlichen und finanziellen Daten darstellen könnte. Die Webseite wurde durch den Phishing Filter blockiert und Ihr PC ist wieder sicher.
         
für mehr infos müsste ich screenshots einfügen, da ich die Funde nicht als Text kopieren kann.


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:16 on 22/05/2015 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01
Ran by ***** (ATTENTION: The logged in user is not administrator) on ASUS on 22-05-2015 23:19:03
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** & Administrator (Available Profiles: ***** & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> vsserv.exe
Failed to access process -> winlogon.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> spoolsv.exe
Failed to access process -> conhost.exe
Failed to access process -> armsvc.exe
Failed to access process -> SAWCtrlSer.EXE
Failed to access process -> AsusService.exe
Failed to access process -> btwdins.exe
Failed to access process -> nvSCPAPISvr.exe
Failed to access process -> svchost.exe
Failed to access process -> TeamViewer_Service.exe
Failed to access process -> TomTomHOMEService.exe
Failed to access process -> updatesrv.exe
Failed to access process -> IAANTmon.exe
Failed to access process -> svchost.exe
Failed to access process -> HotKeyMon.exe
Failed to access process -> HotkeyService.exe
Failed to access process -> LiveUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
Failed to access process -> CapsHook.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> SuperHybridEngine.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
Failed to access process -> WmiPrvSE.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-07-13] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-28] (ASUS)
HKLM-x32\...\Run: [GraphicsSwitch] => C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe [205304 2010-08-18] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [141848 2010-10-25] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [173592 2010-10-25] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [150552 2010-10-25] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-12] (Bitdefender)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfeb88-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfebba-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {8b6f5a82-17de-11e3-b07b-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2013-08-27]
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2015-03-11]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-206298077-3871948171-1831049974-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Toolbar: HKU\S-1-5-21-206298077-3871948171-1831049974-1000 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\2lgl1wvi.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: www.google.de
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Extension: Disconnect - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\2lgl1wvi.default\Extensions\2.0@disconnect.me.xpi [2014-05-29]
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-05-02]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1 [2014-05-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-05-02]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-206298077-3871948171-1831049974-1000) OperaMail - "C:\Program Files\Opera Mail safe\OperaMail.exe"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 apmSAWCtrl; C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe [470120 2012-11-19] ()
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () []
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-16] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2011-02-09] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1083448 2015-01-14] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [243456 2015-01-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [548336 2015-01-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [93648 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2015-01-09] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2015-03-10] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-04-02] (Emsisoft GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [172936 2015-02-24] (BitDefender LLC)
S3 Hantek6022BE1; C:\Windows\System32\Drivers\Hantek6022BEX861.sys [21056 2012-03-18] () []
S2 Hantek6022BE2; C:\Windows\System32\Drivers\Hantek6022BEX862.SYS [19008 2012-03-18] () []
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2013-08-12] ( )
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2013-08-12] (NVIDIA Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-26] (Prolific Technology Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 23:19 - 2015-05-22 23:19 - 00017399 _____ () C:\Users\*****\Desktop\FRST.txt
2015-05-22 23:16 - 2015-05-22 23:17 - 00000488 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-05-22 23:13 - 2015-05-22 23:13 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-05-22 23:12 - 2015-05-22 23:12 - 01147392 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-05-22 23:09 - 2015-05-22 23:09 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-05-20 21:49 - 2015-05-20 21:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-16 14:26 - 2015-05-22 22:52 - 00001776 _____ () C:\Windows\setupact.log
2015-05-16 14:26 - 2015-05-16 14:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 14:25 - 2015-05-16 14:25 - 00000848 _____ () C:\Windows\PFRO.log
2015-05-16 11:34 - 2015-05-16 11:34 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 14:30 - 2015-05-02 14:30 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-05-02 14:27 - 2015-05-02 14:27 - 00926023 _____ () C:\ProgramData\1430568571.bdinstall.bin
2015-05-02 14:27 - 2015-05-02 14:27 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-05-02 14:26 - 2015-05-22 20:04 - 00000309 ____H () C:\bdr-cf03
2015-05-02 14:25 - 2015-05-02 14:25 - 00002082 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
2015-05-02 14:25 - 2015-05-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-05-02 14:25 - 2015-01-23 16:28 - 00243456 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-05-02 14:25 - 2015-01-14 18:10 - 01083448 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-05-02 14:25 - 2015-01-14 13:13 - 00548336 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-05-02 14:25 - 2015-01-09 11:58 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-05-02 14:25 - 2014-12-15 17:56 - 00077632 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-05-02 14:13 - 2015-05-02 14:26 - 00253404 ____H () C:\bdr-ld03
2015-05-02 14:13 - 2015-05-02 14:26 - 00009216 ____H () C:\bdr-ld03.mbr
2015-05-02 14:13 - 2015-05-02 14:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bitdefender
2015-05-02 14:13 - 2014-07-04 17:47 - 39361413 ____H () C:\bdr-im03.gz
2015-05-02 14:13 - 2012-08-15 15:28 - 02294848 ____H () C:\bdr-bz03
2015-05-02 14:11 - 2015-05-02 14:26 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-05-02 14:11 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Bitdefender
2015-05-02 14:11 - 2015-02-24 17:52 - 00172936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-05-02 14:11 - 2014-10-15 17:14 - 00408280 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-05-02 14:08 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-05-01 14:18 - 2015-05-01 14:18 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-01 13:10 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 13:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-25 22:43 - 2015-04-25 22:43 - 00000000 ____D () C:\ProgramData\bdch
2015-04-25 20:47 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-25 20:47 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-04-25 20:47 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-04-25 20:42 - 2015-04-25 20:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 23:19 - 2015-04-07 08:28 - 00000000 ____D () C:\FRST
2015-05-22 23:01 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 23:01 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 22:57 - 2010-11-20 23:01 - 01647544 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 22:56 - 2013-08-11 13:43 - 02076803 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 22:53 - 2013-08-12 08:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-22 22:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 21:49 - 2015-01-11 12:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-22 20:16 - 2013-08-11 15:38 - 00000000 ____D () C:\Program Files\Opera
2015-05-22 19:31 - 2013-11-20 08:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-20 19:11 - 2013-08-27 22:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\HpUpdate
2015-05-18 20:50 - 2013-11-16 20:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 22:40 - 2015-01-11 12:59 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-16 14:40 - 2013-09-04 23:54 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-05-16 11:44 - 2013-11-19 14:26 - 00000000 ____D () C:\Windows\Minidump
2015-05-16 11:44 - 2013-08-11 23:39 - 00000000 ____D () C:\Windows\Panther
2015-05-15 16:06 - 2015-03-30 16:06 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0736f84a-a7b7-4990-8777-17c3cd8bf973.job
2015-05-15 12:11 - 2015-03-30 16:06 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7ba9165e-35bf-42ab-bcbd-9df146fe9e88.job
2015-05-07 06:32 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-03 09:33 - 2013-08-30 12:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2015-05-02 14:31 - 2013-08-11 15:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Bitdefender
2015-05-02 13:15 - 2014-12-09 00:08 - 00000000 ____D () C:\Users\*****\Downloads\Bitdefender Safepay
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Amazon
2015-05-01 14:18 - 2013-09-28 14:43 - 00000000 ____D () C:\Users\Administrator
2015-04-25 20:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-04-23 08:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-22 23:26 - 2013-08-11 15:39 - 00000000 ____D () C:\download

==================== Files in the root of some directories =======

2015-02-22 21:48 - 2015-02-22 21:48 - 0000040 _____ () C:\Users\*****\AppData\Roaming\cdr.ini
2014-07-17 23:05 - 2015-03-14 14:09 - 0007680 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-10 14:55 - 2015-04-10 14:55 - 0003384 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2015-05-02 14:27 - 2015-05-02 14:27 - 0926023 _____ () C:\ProgramData\1430568571.bdinstall.bin
2013-08-27 22:10 - 2013-08-27 22:10 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================
         

Gmer (bitdef lässt sich nicht deaktivieren)

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-23 00:44:15
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldrpoc.sys


---- System - GMER 2.1 ----

SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwAllocateVirtualMemory [0x8C4CA0BE]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwAlpcConnectPort [0x8C4CD566]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwAlpcSendWaitReceivePort [0x8C4CD09C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwAssignProcessToJobObject [0x8C4CAC88]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwClose [0x8C4CDB8C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwConnectPort [0x8C4CC418]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateFile [0x8C4CB95C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateKey [0x8C4CCB10]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateProcess [0x8C4CAEDE]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateProcessEx [0x8C4CAF94]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateSection [0x8C4CB27E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateThread [0x8C4C9A2E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateThreadEx [0x8C4CDDA8]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwDeviceIoControlFile [0x8C4CCC80]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwDuplicateObject [0x8C4D111A]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwFsControlFile [0x8C4CCF38]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwLoadDriver [0x8C4CA594]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwMakeTemporaryObject [0x8C4CD934]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwOpenFile [0x8C4CB74E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwOpenProcess [0x8C4D0B72]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwOpenSection [0x8C4CB04E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwOpenThread [0x8C4D0E22]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwProtectVirtualMemory [0x8C4C9F42]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwQueueApcThread [0x8C4CADB0]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwReplaceKey [0x8C4CD782]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwRequestPort [0x8C4CC586]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwRequestWaitReplyPort [0x8C4CBF1A]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwRestoreKey [0x8C4CD80C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSecureConnectPort [0x8C4CC9A0]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSetContextThread [0x8C4C9B9E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSetSecurityObject [0x8C4CD6DC]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSetSystemInformation [0x8C4CA78E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwShutdownSystem [0x8C4CD89E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSuspendProcess [0x8C4C9E1A]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSuspendThread [0x8C4C9CF4]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSystemDebugControl [0x8C4CABBA]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwTerminateProcess [0x8C4D0A6A]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwTerminateThread [0x8C4D130C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwUnloadDriver [0x8C4CD9CA]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwWriteVirtualMemory [0x8C4C98B2]

SYSENTER  \SystemRoot\system32\DRIVERS\avc3.sys                                                                        888D4000

---- Kernel code sections - GMER 2.1 ----

.text     ntkrnlpa.exe!ZwRequestWaitReplyPort + 1499                                                                   820449F5 1 Byte  [06]
.text     ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                       8207E992 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text     ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                          82085BD8 4 Bytes  [BE, A0, 4C, 8C]
.text     ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                          82085BE4 4 Bytes  [66, D5, 4C, 8C]
.text     ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                          82085C28 4 Bytes  [9C, D0, 4C, 8C]
.text     ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                          82085C38 4 Bytes  [88, AC, 4C, 8C]
.text     ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                          82085C54 4 Bytes  [8C, DB, 4C, 8C]
.text     ...                                                                                                          

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[336] WS2_32.dll!connect                               77556BDD 1 Byte  [E9]
.text     C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[504] ntdll.dll!NtLoadDriver + 8                       773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe[644] ADVAPI32.dll!RegOpenKeyExA + DE                       75C14965 1 Byte  [E9]
.text     C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe[644] WS2_32.dll!connect                                    77556BDD 1 Byte  [E9]
.text     C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[812] ntdll.dll!NtTerminateProcess                   773F68B8 5 Bytes  JMP 015007D0 
.text     C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[812] kernel32.dll!UnhandledExceptionFilter          75FF0709 5 Bytes  JMP 019707D0 
.text     C:\Windows\System32\svchost.exe[884] ntdll.dll!NtLoadDriver + 8                                              773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\System32\AsusService.exe[1220] ntdll.dll!NtLoadDriver + 8                                         773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[1480] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1600] WS2_32.dll!connect                             77556BDD 1 Byte  [E9]
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1600] ADVAPI32.dll!RegOpenKeyExA + DE                75C14965 1 Byte  [E9]
.text     C:\Windows\system32\nvvsvc.exe[1632] ntdll.dll!NtLoadDriver + 8                                              773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[1660] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[1660] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\svchost.exe[1760] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[1760] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\WLANExt.exe[1816] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\WLANExt.exe[1816] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\System32\spoolsv.exe[1868] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\System32\spoolsv.exe[1868] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2120] ntdll.dll!NtLoadDriver + 8               773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[2156] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[2156] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Program Files\TeamViewer\TeamViewer_Service.exe[2188] ntdll.dll!NtLoadDriver + 8                          773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\TeamViewer\TeamViewer_Service.exe[2188] WS2_32.dll!connect                                  77556BDD 1 Byte  [E9]
.text     C:\Users\lemi\Desktop\Gmer-19357.exe[2240] ntdll.dll!NtLoadDriver + 8                                        773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2332] ntdll.dll!NtTerminateProcess               773F68B8 5 Bytes  JMP 00EB07D0 
.text     C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2332] kernel32.dll!UnhandledExceptionFilter      75FF0709 5 Bytes  JMP 010907D0 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2384] WS2_32.dll!connect                    77556BDD 1 Byte  [E9]
.text     C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2476] ntdll.dll!NtLoadDriver + 8                        773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[2724] ntdll.dll!NtTerminateProcess                 773F68B8 5 Bytes  JMP 00EE07D0 
.text     C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[2724] kernel32.dll!UnhandledExceptionFilter        75FF0709 5 Bytes  JMP 010C07D0 
.text     C:\Windows\system32\SearchIndexer.exe[2916] ntdll.dll!NtLoadDriver + 8                                       773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\RunDll32.exe[2944] ntdll.dll!NtLoadDriver + 8                                            773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2988] ntdll.dll!NtTerminateProcess                 773F68B8 5 Bytes  JMP 00B207D0 
.text     C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2988] kernel32.dll!UnhandledExceptionFilter        75FF0709 5 Bytes  JMP 006607D0 
.text     C:\Windows\system32\svchost.exe[3120] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[3120] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\RunDll32.exe[3516] ntdll.dll!NtLoadDriver + 8                                            773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\taskhost.exe[3552] ntdll.dll!NtLoadDriver + 8                                            773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3776] ntdll.dll!NtLoadDriver + 8                          773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3776] WS2_32.dll!connect                                  77556BDD 1 Byte  [E9]
.text     C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3800] ntdll.dll!NtLoadDriver + 8                      773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3800] WS2_32.dll!connect                              77556BDD 1 Byte  [E9]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[3816] ntdll.dll!NtLoadDriver + 8                          773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[3816] WS2_32.dll!connect                                  77556BDD 1 Byte  [E9]
.text     C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3844] ntdll.dll!NtLoadDriver + 8                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3844] WS2_32.dll!connect                                     77556BDD 1 Byte  [E9]
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3896] WS2_32.dll!connect                    77556BDD 1 Byte  [E9]
.text     C:\Program Files\EeePC\CapsHook\CapsHook.exe[3904] ntdll.dll!NtLoadDriver + 8                                773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[3996] ntdll.dll!NtLoadDriver + 8  773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[3996] WS2_32.dll!connect          77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\wbem\wmiprvse.exe[4076] ntdll.dll!NtLoadDriver + 8                                       773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\wbem\wmiprvse.exe[4076] WS2_32.dll!connect                                               77556BDD 1 Byte  [E9]
.text     C:\Program Files\ASUS\SHE\SuperHybridEngine.exe[4092] ntdll.dll!NtLoadDriver + 8                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\ASUS\SHE\SuperHybridEngine.exe[4092] WS2_32.dll!connect                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\svchost.exe[4160] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[4160] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\System32\svchost.exe[4392] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\System32\svchost.exe[4392] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06de5d66e                                  
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06de5d66e@18e2c2dc1032                     0x86 0x26 0xF9 0x44 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06de5d66e@b84fd5b09535                     0x29 0x83 0xBA 0xA0 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06de5d66e (not active ControlSet)              
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06de5d66e@18e2c2dc1032                         0x86 0x26 0xF9 0x44 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06de5d66e@b84fd5b09535                         0x29 0x83 0xBA 0xA0 ...
Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                           
Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@C837EEC4                  1209

---- EOF - GMER 2.1 ----
         


Maleware logtext
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.05.2015
Suchlauf-Zeit: 12:12:32
Logdatei: maleware_scan.txt
Administrator: Nein

Version: 2.01.6.1022
Malware Datenbank: v2015.05.23.01
Rootkit Datenbank: v2015.05.16.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: xxxxx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 256856
Verstrichene Zeit: 20 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

Alt 24.05.2015, 16:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



Hi,

Frst bitte nochmal. Unsere Tools brauchen immer adminrechte.
__________________

__________________

Alt 24.05.2015, 16:40   #3
harryS
 
bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



hi, danke für die Kontaktaufnahme. Hier der erneute Durchlauf mit Adminrechten:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015
Ran by Administrator (administrator) on ASUS on 24-05-2015 16:29:42
Running from C:\Users\xxxxx\Desktop
Loaded Profiles: xxxxx & Administrator (Available Profiles: xxxxx & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.EXE
() C:\Windows\System32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek Computer Inc.) C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-07-13] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-28] (ASUS)
HKLM\...\Run: [GraphicsSwitch] => C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe [205304 2010-08-18] (AsusTek Computer Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-12] (Bitdefender)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfeb88-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfebba-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {8b6f5a82-17de-11e3-b07b-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2013-08-27]
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2015-03-11]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-206298077-3871948171-1831049974-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Toolbar: HKU\S-1-5-21-206298077-3871948171-1831049974-1000 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m3i8k6rm.default
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-05-02]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1 [2014-05-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-05-02]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-206298077-3871948171-1831049974-1000) OperaMail - "C:\Program Files\Opera Mail safe\OperaMail.exe"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 apmSAWCtrl; C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe [470120 2012-11-19] ()
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () []
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-16] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2011-02-09] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1083448 2015-01-14] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [243456 2015-01-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [548336 2015-01-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [93648 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2015-01-09] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2015-03-10] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-04-02] (Emsisoft GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [172936 2015-02-24] (BitDefender LLC)
S3 Hantek6022BE1; C:\Windows\System32\Drivers\Hantek6022BEX861.sys [21056 2012-03-18] () []
S2 Hantek6022BE2; C:\Windows\System32\Drivers\Hantek6022BEX862.SYS [19008 2012-03-18] () []
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2013-08-12] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2013-08-12] (NVIDIA Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-26] (Prolific Technology Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 16:28 - 2015-05-24 16:28 - 00000000 ____D () C:\Users\xxxxx\Desktop\FRST-OlderVersion
2015-05-23 12:53 - 2015-05-23 12:53 - 00001213 _____ () C:\Users\xxxxx\Desktop\maleware_scan.txt
2015-05-23 11:24 - 2015-05-23 11:24 - 00000263 _____ () C:\Users\xxxxx\Desktop\trojanerboard.txt
2015-05-23 11:20 - 2015-05-23 11:20 - 00001219 _____ () C:\Users\Administrator\Desktop\Anti-Maleware.txt
2015-05-23 10:17 - 2015-05-23 10:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 10:16 - 2015-05-23 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-23 10:16 - 2015-05-23 10:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-23 10:16 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 10:16 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 10:16 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-23 09:28 - 2015-05-23 09:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-23 00:44 - 2015-05-23 00:44 - 00018159 _____ () C:\Users\xxxxx\Desktop\Gmer.txt
2015-05-23 00:43 - 2015-05-23 00:43 - 00018159 _____ () C:\Users\xxxxx\Desktop\Gmer.log
2015-05-22 23:57 - 2015-05-22 23:57 - 00000044 _____ () C:\Users\xxxxx\Desktop\Gmer_bit.txt
2015-05-22 23:24 - 2015-05-22 23:36 - 00030530 _____ () C:\Users\xxxxx\Desktop\Addition.txt
2015-05-22 23:19 - 2015-05-24 16:29 - 00017420 _____ () C:\Users\xxxxx\Desktop\FRST.txt
2015-05-22 23:16 - 2015-05-22 23:17 - 00000488 _____ () C:\Users\xxxxx\Desktop\defogger_disable.log
2015-05-22 23:13 - 2015-05-22 23:13 - 00380416 _____ () C:\Users\xxxxx\Desktop\Gmer-19357.exe
2015-05-22 23:12 - 2015-05-24 16:28 - 01146880 _____ (Farbar) C:\Users\xxxxx\Desktop\FRST.exe
2015-05-22 23:09 - 2015-05-22 23:09 - 00050477 _____ () C:\Users\xxxxx\Desktop\Defogger.exe
2015-05-20 21:49 - 2015-05-20 21:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-16 14:26 - 2015-05-24 11:29 - 00001944 _____ () C:\Windows\setupact.log
2015-05-16 14:26 - 2015-05-16 14:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 14:25 - 2015-05-24 11:28 - 00001208 _____ () C:\Windows\PFRO.log
2015-05-16 11:34 - 2015-05-16 11:34 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 14:30 - 2015-05-02 14:30 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-05-02 14:27 - 2015-05-02 14:27 - 00926023 _____ () C:\ProgramData\1430568571.bdinstall.bin
2015-05-02 14:27 - 2015-05-02 14:27 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-05-02 14:26 - 2015-05-22 20:04 - 00000309 ____H () C:\bdr-cf03
2015-05-02 14:25 - 2015-05-02 14:25 - 00002082 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
2015-05-02 14:25 - 2015-05-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-05-02 14:25 - 2015-01-23 16:28 - 00243456 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-05-02 14:25 - 2015-01-14 18:10 - 01083448 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-05-02 14:25 - 2015-01-14 13:13 - 00548336 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-05-02 14:25 - 2015-01-09 11:58 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-05-02 14:25 - 2014-12-15 17:56 - 00077632 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-05-02 14:13 - 2015-05-02 14:26 - 00253404 ____H () C:\bdr-ld03
2015-05-02 14:13 - 2015-05-02 14:26 - 00009216 ____H () C:\bdr-ld03.mbr
2015-05-02 14:13 - 2015-05-02 14:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bitdefender
2015-05-02 14:13 - 2014-07-04 17:47 - 39361413 ____H () C:\bdr-im03.gz
2015-05-02 14:13 - 2012-08-15 15:28 - 02294848 ____H () C:\bdr-bz03
2015-05-02 14:11 - 2015-05-02 14:26 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-05-02 14:11 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Bitdefender
2015-05-02 14:11 - 2015-02-24 17:52 - 00172936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-05-02 14:11 - 2014-10-15 17:14 - 00408280 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-05-02 14:08 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-05-01 14:18 - 2015-05-01 14:18 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-01 13:10 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 13:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-25 22:43 - 2015-04-25 22:43 - 00000000 ____D () C:\ProgramData\bdch
2015-04-25 20:47 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-25 20:47 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-04-25 20:47 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 16:29 - 2015-04-07 08:28 - 00000000 ____D () C:\FRST
2015-05-24 16:06 - 2015-03-30 16:06 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0736f84a-a7b7-4990-8777-17c3cd8bf973.job
2015-05-24 12:28 - 2013-08-11 13:43 - 01072334 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 11:40 - 2013-08-11 15:38 - 00000000 ____D () C:\Program Files\Opera
2015-05-24 11:38 - 2009-07-14 06:34 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 11:38 - 2009-07-14 06:34 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 11:33 - 2010-11-20 23:01 - 01647544 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 11:29 - 2013-08-12 08:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 11:29 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 12:40 - 2015-01-11 12:59 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-23 11:40 - 2013-10-27 10:47 - 00000000 ____D () C:\Users\xxxxx\AppData\Local\Adobe
2015-05-23 11:39 - 2015-01-11 12:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-23 11:39 - 2015-01-11 12:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-23 11:38 - 2014-10-26 18:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-23 09:54 - 2013-11-20 08:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-20 19:11 - 2013-08-27 22:13 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\HpUpdate
2015-05-18 20:50 - 2013-11-16 20:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 14:40 - 2013-09-04 23:54 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Skype
2015-05-16 11:44 - 2013-11-19 14:26 - 00000000 ____D () C:\Windows\Minidump
2015-05-16 11:44 - 2013-08-11 23:39 - 00000000 ____D () C:\Windows\Panther
2015-05-15 12:11 - 2015-03-30 16:06 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7ba9165e-35bf-42ab-bcbd-9df146fe9e88.job
2015-05-07 06:32 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-03 09:33 - 2013-08-30 12:24 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\vlc
2015-05-02 14:31 - 2013-08-11 15:40 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Bitdefender
2015-05-02 13:15 - 2014-12-09 00:08 - 00000000 ____D () C:\Users\xxxxx\Downloads\Bitdefender Safepay
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Amazon
2015-05-01 14:18 - 2013-09-28 14:43 - 00000000 ____D () C:\Users\Administrator
2015-04-25 20:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2015-03-30 15:43 - 2015-04-18 09:43 - 0007601 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2015-05-02 14:27 - 2015-05-02 14:27 - 0926023 _____ () C:\ProgramData\1430568571.bdinstall.bin
2013-08-27 22:10 - 2013-08-27 22:10 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 12:21

==================== End of log ============================
         
__________________

Alt 25.05.2015, 11:59   #4
schrauber
/// the machine
/// TB-Ausbilder
 

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



Zitat:
C:\Users\xxxxx\Desktop\Addition.txt
Dieses Log bitte auch noch posten
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.05.2015, 12:19   #5
harryS
 
bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



ooops...peinlich.. sorry

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015
Ran by Administrator at 2015-05-25 12:07:34
Running from C:\Users\xxxxx\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-206298077-3871948171-1831049974-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-206298077-3871948171-1831049974-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-206298077-3871948171-1831049974-1003 - Limited - Enabled)
xxxxx (S-1-5-21-206298077-3871948171-1831049974-1000 - Limited - Enabled) => C:\Users\xxxxx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abylon SHREDDER 10.00.2 (HKLM\...\abylonprotectionmanagerschredder_is1) (Version: 10.00.2 - abylonsoft)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.22.0.1521 - Bitdefender)
BleachBit (HKLM\...\BleachBit) (Version:  - BleachBit)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.5 - AsusTek Computer)
CBL Daten-Shredder (HKLM\...\{560E96B3-356D-4572-9FE3-B44F9AB92622}) (Version: 1.0.0 - CBL Datenrettung GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Exifer (HKLM\...\Exifer_is1) (Version:  - Friedemann Schmidt)
FileZilla Client 3.9.0.6 (HKLM\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version:  - Eusing Software)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GraphicsSwitch (HKLM\...\{0BC8B21E-EB38-4174-827B-89A5F80E8DDA}) (Version: 1.4 - AsusTek Computer Inc.)
GTText (HKLM\...\{C8187D08-DC8E-4382-9AEB-00F311C119F9}) (Version: 1.4.5 - SoftOCR)
Hantek6022BE Ver1.0.3 (HKLM\...\Hantek6022BE Ver1.0.3) (Version: 1.0.3 - ODM)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.32 - AsusTek Computer Inc.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{E5F9BFAF-2FD9-4637-BA4E-5C2BC3A0763D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IMAPSize 0.3.7 (HKLM\...\IMAPSize_is1) (Version:  - Broobles)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.29 - AsusTek Computer Inc.)
MailStore Home 8.2.1.10082 (HKLM\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Master (Version: 8.9.4 - Jumping Bytes) Hidden
Mobile Master 8.9.4 (HKLM\...\Mobile Master) (Version: 8.9.4 - Jumping Bytes)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\MyFreeCodec) (Version:  - )
NetObjects Fusion 12.0 (HKLM\...\{8862CF22-E7DC-4828-A6F3-6CFD45D3DA01}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (Version: 12.00.5000.5041 - NetObjects) Hidden
NetObjects Fusion 2013 (HKLM\...\{ACA28148-D6FB-4910-9597-81A8F2FB0499}) (Version: 13.0 - NetObjects)
NetObjects Fusion 2013 (Version: 13.00.0000.5529 - NetObjects) Hidden
NetObjects Fusion 2015 (HKLM\...\{A1BF217F-776E-4A3D-B614-E2DCA0E177BB}) (Version: 15.0 - NetObjects)
NetObjects Fusion 2015 (Version: 15.00.0000.1035 - NetObjects) Hidden
NTRIP (HKLM\...\{4AAD21AD-EE06-46C9-8B57-28D53DF9FB06}_is1) (Version:  - NTRIP)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.17.12.5912 - NVIDIA Corporation)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Opera Mail 1.0 (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
Opera Mail 1.0 (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Opera 1.0.1040_1) (Version: 1.0.1040 - Opera Software ASA)
Opera Stable 16.0.1196.80 (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Opera 16.0.1196.80) (Version: 16.0.1196.80 - Opera Software ASA)
Opera Stable 29.0.1795.60 (HKLM\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.7.0 - Prolific Technology INC)
PL-2303 USB-to-Serial (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.7.0 - Prolific Technology INC)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.18 - AsusTek Computer)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update miniHomer 2.8 Version 2.8 (HKLM\...\{A2A1ACE9-AD11-4026-B970-DCE8B33DCC44}_is1) (Version: 2.8 - ZNEX)
Vivaldi (HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Vivaldi) (Version: 1.0.118.19 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5500 - Broadcom Corporation)
Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Wondershare PDF to Word (Build 4.0.1) (HKLM\...\{90599D63-1879-4B90-BE4F-051CE70FA576}_is1) (Version: 4.0.1 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-206298077-3871948171-1831049974-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-206298077-3871948171-1831049974-500_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-206298077-3871948171-1831049974-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Administrator\AppData\Local\Vivaldi\Application\1.0.118.19\delegate_execute.exe (Vivaldi Technologies AS)

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {473AC837-F783-42CA-825D-EBA894199286} - System32\Tasks\{9674201D-B3B5-4C7E-8EBB-171AC4AE91B2} => C:\Program Files\Opera\Opera.exe [2013-09-27] (Opera Software)
Task: {4B416B89-6862-443B-85AF-B4EACDC9953C} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7ba9165e-35bf-42ab-bcbd-9df146fe9e88 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {7389D224-1340-44B6-9219-4409A43A413E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {A0E102C7-FECF-4265-B086-CEE1DD933161} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A7471998-D03F-4494-A08B-0D46DEE76C68} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {A99E25B7-182B-4D1E-B13F-D3EA516274B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B0112A1F-C848-4F97-B01B-A91E88F9EE72} - System32\Tasks\{924A3E18-76BE-4F54-89AE-05BDDBB0D12E} => C:\Program Files\Opera\Opera.exe [2013-09-27] (Opera Software)
Task: {B19145B5-5220-411E-A06A-0E363E3193E6} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0736f84a-a7b7-4990-8777-17c3cd8bf973 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {D21728B9-58CF-417C-9803-1F1061E8FFA1} - System32\Tasks\Opera scheduled Autoupdate 1376228301 => C:\Program Files\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {D68AACAC-9170-4611-A77A-4BD564F6E255} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D7F31F2A-B930-4F88-A09D-B0BB38EFF30F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe [2015-05-23] (Adobe Systems Incorporated)
Task: {F4214E2A-AC8C-4147-98EA-38EBE7A931EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0736f84a-a7b7-4990-8777-17c3cd8bf973.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7ba9165e-35bf-42ab-bcbd-9df146fe9e88.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-02 14:25 - 2014-08-27 16:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-05-02 14:25 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-05-02 14:25 - 2015-04-01 18:03 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-05-02 14:25 - 2012-10-29 14:22 - 00130656 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-05-07 22:11 - 2015-05-07 22:11 - 00682736 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttpbr.mdl
2015-05-07 22:11 - 2015-05-07 22:11 - 00603432 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttpdsp.mdl
2015-05-07 22:11 - 2015-05-07 22:11 - 02207112 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttpph.mdl
2015-05-07 22:11 - 2015-05-07 22:11 - 01131304 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttprbl.mdl
2013-12-23 14:07 - 2012-11-19 16:21 - 00470120 _____ () C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe
2013-12-23 14:07 - 2012-11-19 16:21 - 02495592 _____ () C:\Program Files\abylonsoft\SAWipe\SAWCmn32X86.dll
2013-12-23 14:07 - 2012-11-19 16:21 - 00568424 _____ () C:\Program Files\abylonsoft\SAWipe\SAWLangX86.dll
2013-12-23 14:07 - 2012-11-19 16:22 - 02079848 _____ () C:\Program Files\abylonsoft\SAWipe\SAWToolsx86.dll
2013-08-12 23:28 - 2009-08-18 17:35 - 00219136 _____ () C:\Windows\System32\AsusService.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2010-05-21 13:42 - 2010-05-21 13:42 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-12-23 14:07 - 2012-11-19 16:21 - 00393320 _____ () C:\Program Files\abylonsoft\SAWipe\SAWNTSec.DLL
2013-12-23 14:07 - 2012-11-19 16:21 - 00260712 _____ () C:\Program Files\abylonsoft\SAWipe\SAWOle.dll
2011-07-13 09:38 - 2011-07-13 09:38 - 00181664 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2015-05-20 21:49 - 2015-05-20 21:49 - 03350640 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-05-20 21:49 - 2015-05-20 21:49 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-20 21:49 - 2015-05-20 21:49 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Administrator\Downloads\FWUpdateEDO2_305748.exe:BDU
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\xxxxx\Desktop\Defogger.exe:BDU
AlternateDataStreams: C:\Users\xxxxx\Desktop\Gmer-19357.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\100sexlinks.com -> 100sexlinks.com

There are 6046 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-206298077-3871948171-1831049974-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-206298077-3871948171-1831049974-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => 
MSCONFIG\startupreg: KiesPreload => 
MSCONFIG\startupreg: KiesTrayAgent => 

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{37B7B9D2-3416-4790-A9D4-6A01C597D2D9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{412AB60C-C8F8-4A40-9B5C-DC77F185B2F1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{1EBCF635-8C2C-4FF6-90A8-3987AB7D57D6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{A9D4D405-A4D9-4003-9D5C-3A75DABFD02E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{C095AA04-B1E2-4BED-A294-3976DB7E3871}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{995A8215-454B-4F2C-BBD6-DD8DE339D866}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D340A456-C30E-46A1-9014-DAC07F6AA5FA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CC0B7014-49EB-432D-BAF6-D57131743366}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{5372BA9F-1153-48B2-8896-5EB7B389280C}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{2A8A92BC-72D0-4C42-9DFC-7CDC25B0CD07}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{58E7CB00-FBD8-4643-A45B-DCFF435960D8}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{F0466FFB-B756-4866-9474-D54A28D9FC14}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{6F218F7F-F244-451F-88DB-A2E1F5B6BB74}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A0BD8D53-113C-47EC-B71F-26F5145E44AB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{6D0DFEE5-B772-4A9B-938C-637054D7D257}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F2FCB908-0D8D-470A-874C-2C3A3701E9F8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{78C553E3-5BD3-4296-A484-84CFCE199347}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BAEF5889-C926-4D39-8439-814894586B27}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7A70B78D-EC06-408F-AE40-BC59A87E0BBE}] => (Allow) C:\Users\Administrator\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{5C1912E2-8D88-4757-932A-4844A9A077F7}C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [UDP Query User{5396E197-A033-4960-B857-9A685CC47757}C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [{375A207E-D433-4607-BCA5-9D8D3DDE0E53}] => (Block) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [{30B85B8E-C31D-4E18-9096-59F9E6F11E50}] => (Block) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe

==================== Faulty Device Manager Devices =============

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth module
Description: Bluetooth module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 00:07:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/25/2015 00:07:43 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/25/2015 07:11:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 04:58:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0x130c
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3


System errors:
=============
Error: (05/25/2015 11:05:58 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (05/25/2015 11:05:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (05/25/2015 10:38:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioEndpointBuilder erreicht.

Error: (05/25/2015 07:21:28 AM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (05/25/2015 07:21:28 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (05/25/2015 07:20:04 AM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (05/25/2015 07:20:04 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (05/25/2015 07:18:44 AM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (05/25/2015 07:18:44 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (05/25/2015 07:17:25 AM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.


Microsoft Office:
=========================
Error: (05/25/2015 00:07:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/25/2015 00:07:43 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/25/2015 07:11:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 06:02:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/24/2015 04:58:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500012298130c01d09631c25661ffC:\Users\xxxxx\Desktop\Gmer-19357.exeC:\Users\xxxxx\Desktop\Gmer-19357.exe4ed2fc72-0225-11e5-a1ce-14dae9075c7b


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU N570 @ 1.66GHz
Percentage of memory in use: 50%
Total physical RAM: 2038.05 MB
Available physical RAM: 1017.17 MB
Total Pagefile: 8038.05 MB
Available Pagefile: 6411.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:134.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9949D096)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of log ============================
         


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015
Ran by Administrator (administrator) on ASUS on 25-05-2015 12:05:06
Running from C:\Users\xxxxx\Desktop
Loaded Profiles: xxxxx & Administrator (Available Profiles: xxxxx & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.EXE
() C:\Windows\System32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek Computer Inc.) C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-07-13] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-28] (ASUS)
HKLM\...\Run: [GraphicsSwitch] => C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe [205304 2010-08-18] (AsusTek Computer Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-12] (Bitdefender)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfeb88-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfebba-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {8b6f5a82-17de-11e3-b07b-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2013-08-27]
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2015-03-11]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-206298077-3871948171-1831049974-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Toolbar: HKU\S-1-5-21-206298077-3871948171-1831049974-1000 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m3i8k6rm.default
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-05-02]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1 [2014-05-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-05-02]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-206298077-3871948171-1831049974-1000) OperaMail - "C:\Program Files\Opera Mail safe\OperaMail.exe"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 apmSAWCtrl; C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe [470120 2012-11-19] ()
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () []
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-16] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2011-02-09] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1083448 2015-01-14] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [243456 2015-01-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [548336 2015-01-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [93648 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2015-01-09] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2015-03-10] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-04-02] (Emsisoft GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [172936 2015-02-24] (BitDefender LLC)
S3 Hantek6022BE1; C:\Windows\System32\Drivers\Hantek6022BEX861.sys [21056 2012-03-18] () []
S2 Hantek6022BE2; C:\Windows\System32\Drivers\Hantek6022BEX862.SYS [19008 2012-03-18] () []
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2013-08-12] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2013-08-12] (NVIDIA Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-26] (Prolific Technology Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 12:05 - 2015-05-25 12:06 - 00018235 _____ () C:\Users\xxxxx\Desktop\FRST.txt
2015-05-24 17:27 - 2015-05-24 17:27 - 00018839 _____ () C:\Users\Administrator\Desktop\Gmer_2.log
2015-05-24 16:52 - 2015-05-24 16:52 - 213813178 _____ () C:\Windows\MEMORY.DMP
2015-05-24 16:52 - 2015-05-24 16:52 - 00155112 _____ () C:\Windows\Minidump\052415-25880-01.dmp
2015-05-24 16:42 - 2015-05-24 16:43 - 00000000 ____D () C:\Users\xxxxx\Desktop\1durchlauf
2015-05-24 16:36 - 2015-05-24 16:36 - 00027657 _____ () C:\Users\Administrator\Desktop\FRST2.txt
2015-05-24 16:34 - 2015-05-24 16:35 - 00027657 _____ () C:\Users\Administrator\Desktop\FRST_2.txt
2015-05-24 16:28 - 2015-05-24 16:28 - 00000000 ____D () C:\Users\xxxxx\Desktop\FRST-OlderVersion
2015-05-23 11:24 - 2015-05-23 11:24 - 00000263 _____ () C:\Users\xxxxx\Desktop\trojanerboard.txt
2015-05-23 11:20 - 2015-05-23 11:20 - 00001219 _____ () C:\Users\Administrator\Desktop\Anti-Maleware.txt
2015-05-23 10:17 - 2015-05-24 16:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 10:16 - 2015-05-23 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-23 10:16 - 2015-05-23 10:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-23 10:16 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 10:16 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 10:16 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-23 09:28 - 2015-05-23 09:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-22 23:13 - 2015-05-22 23:13 - 00380416 _____ () C:\Users\xxxxx\Desktop\Gmer-19357.exe
2015-05-22 23:12 - 2015-05-24 16:28 - 01146880 _____ (Farbar) C:\Users\xxxxx\Desktop\FRST.exe
2015-05-22 23:09 - 2015-05-22 23:09 - 00050477 _____ () C:\Users\xxxxx\Desktop\Defogger.exe
2015-05-20 21:49 - 2015-05-20 21:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-16 14:26 - 2015-05-25 07:11 - 00002056 _____ () C:\Windows\setupact.log
2015-05-16 14:26 - 2015-05-16 14:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 14:25 - 2015-05-24 11:28 - 00001208 _____ () C:\Windows\PFRO.log
2015-05-16 11:34 - 2015-05-16 11:34 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 14:30 - 2015-05-02 14:30 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-05-02 14:27 - 2015-05-02 14:27 - 00926023 _____ () C:\ProgramData\1430568571.bdinstall.bin
2015-05-02 14:27 - 2015-05-02 14:27 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-05-02 14:26 - 2015-05-22 20:04 - 00000309 ____H () C:\bdr-cf03
2015-05-02 14:25 - 2015-05-02 14:25 - 00002082 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
2015-05-02 14:25 - 2015-05-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-05-02 14:25 - 2015-01-23 16:28 - 00243456 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-05-02 14:25 - 2015-01-14 18:10 - 01083448 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-05-02 14:25 - 2015-01-14 13:13 - 00548336 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-05-02 14:25 - 2015-01-09 11:58 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-05-02 14:25 - 2014-12-15 17:56 - 00077632 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-05-02 14:13 - 2015-05-24 17:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bitdefender
2015-05-02 14:13 - 2015-05-02 14:26 - 00253404 ____H () C:\bdr-ld03
2015-05-02 14:13 - 2015-05-02 14:26 - 00009216 ____H () C:\bdr-ld03.mbr
2015-05-02 14:13 - 2014-07-04 17:47 - 39361413 ____H () C:\bdr-im03.gz
2015-05-02 14:13 - 2012-08-15 15:28 - 02294848 ____H () C:\bdr-bz03
2015-05-02 14:11 - 2015-05-02 14:26 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-05-02 14:11 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Bitdefender
2015-05-02 14:11 - 2015-02-24 17:52 - 00172936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-05-02 14:11 - 2014-10-15 17:14 - 00408280 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-05-02 14:08 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-05-01 14:18 - 2015-05-01 14:18 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-01 13:10 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 13:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-25 22:43 - 2015-04-25 22:43 - 00000000 ____D () C:\ProgramData\bdch
2015-04-25 20:47 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-25 20:47 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-04-25 20:47 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 12:05 - 2015-04-07 08:28 - 00000000 ____D () C:\FRST
2015-05-25 11:33 - 2013-08-11 13:43 - 01079490 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 11:05 - 2010-11-20 23:01 - 01647544 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 08:06 - 2015-03-30 16:06 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0736f84a-a7b7-4990-8777-17c3cd8bf973.job
2015-05-25 07:21 - 2013-08-11 15:38 - 00000000 ____D () C:\Program Files\Opera
2015-05-25 07:19 - 2009-07-14 06:34 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 07:19 - 2009-07-14 06:34 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 07:11 - 2013-08-12 08:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-25 07:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 16:52 - 2013-11-19 14:26 - 00000000 ____D () C:\Windows\Minidump
2015-05-23 12:40 - 2015-01-11 12:59 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-23 11:40 - 2013-10-27 10:47 - 00000000 ____D () C:\Users\xxxxx\AppData\Local\Adobe
2015-05-23 11:39 - 2015-01-11 12:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-23 11:39 - 2015-01-11 12:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-23 11:38 - 2014-10-26 18:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-23 09:54 - 2013-11-20 08:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-20 19:11 - 2013-08-27 22:13 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\HpUpdate
2015-05-18 20:50 - 2013-11-16 20:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 14:40 - 2013-09-04 23:54 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Skype
2015-05-16 11:44 - 2013-08-11 23:39 - 00000000 ____D () C:\Windows\Panther
2015-05-15 12:11 - 2015-03-30 16:06 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7ba9165e-35bf-42ab-bcbd-9df146fe9e88.job
2015-05-07 06:32 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-03 09:33 - 2013-08-30 12:24 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\vlc
2015-05-02 14:31 - 2013-08-11 15:40 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Bitdefender
2015-05-02 13:15 - 2014-12-09 00:08 - 00000000 ____D () C:\Users\xxxxx\Downloads\Bitdefender Safepay
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Amazon
2015-05-01 14:18 - 2013-09-28 14:43 - 00000000 ____D () C:\Users\Administrator
2015-04-25 20:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2015-03-30 15:43 - 2015-04-18 09:43 - 0007601 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2015-05-02 14:27 - 2015-05-02 14:27 - 0926023 _____ () C:\ProgramData\1430568571.bdinstall.bin
2013-08-27 22:10 - 2013-08-27 22:10 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 12:21

==================== End of log ============================
         

Danke für Feiertagsarbeit ;-)


Alt 25.05.2015, 20:32   #6
schrauber
/// the machine
/// TB-Ausbilder
 

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe

Alt 25.05.2015, 20:47   #7
harryS
 
bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



Ich finde leider keine Möglichkeit bitdefender zu beenden. Auch per Taskmanager lässt es sich nicht beenden. Trotzdem mit Combofix fortfahren?

Alt 26.05.2015, 18:35   #8
schrauber
/// the machine
/// TB-Ausbilder
 

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



schau mal hier:
Bitdefender Ausschalten - Bitdefender Forum
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2015, 00:32   #9
harryS
 
bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



ich habe schon sämtliche bitdefender Seitenfunde und Foren durchsucht und schaffe es trotzdem nicht bei mir bitdefender komplett zu beenden. Auch das hier:
hxxp://forum.bitdefender.com/index.php?showtopic=22031
Ich dachte ich hätte es geschafft, aber beim combofix-scan kam dann die Meldung dass er nicht beendet ist. Auf die Warnung hin habe ich trotzdem den Lauf fortgesetzt, da ich im schlimmsten Fall das System halt neu aufgesetzt hätte. Mich interessiert einfach was da in meinem System vor sich geht.
Sonst bleibt nur noch die Deinstallation vn bitdefender, wenn der scan mit aktivem bitdefender nichts bringen sollte ?
Danke für die weitere Hilfe. Hier der scan:

Code:
ATTFilter
ComboFix 15-05-25.01 - Administrator 26.05.2015  21:42:13.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2038.926 [GMT 2:00]
ausgeführt von:: c:\users\xxxxx\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Spyware-Schutz *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1430568571.bdinstall.bin
c:\users\xxxxx\AppData\Local\Microsoft\AddIns\MMOutlookAddIn.dll
c:\users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-26 bis 2015-05-26  ))))))))))))))))))))))))))))))
.
.
2015-05-26 20:10 . 2015-05-26 21:41	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2015-05-26 20:10 . 2015-05-26 20:24	--------	d-----w-	c:\users\xxxxx\AppData\Local\temp
2015-05-23 08:17 . 2015-05-26 21:39	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-23 08:16 . 2015-04-14 07:37	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-05-23 08:16 . 2015-04-14 07:37	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-23 08:16 . 2015-04-14 07:37	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-05-23 08:16 . 2015-05-23 08:16	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-05-20 19:49 . 2015-05-20 19:50	--------	d-----w-	c:\program files\Mozilla Thunderbird
2015-05-16 09:39 . 2015-04-04 06:39	9201616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A405B0-13AB-4DE7-BF23-0FB8AF42F4FF}\mpengine.dll
2015-05-16 09:34 . 2015-05-16 09:34	--------	d-----w-	c:\program files\CCleaner
2015-05-02 12:30 . 2015-05-02 12:30	72704	----a-w-	c:\windows\system32\drivers\bdvedisk.sys
2015-05-02 12:25 . 2015-01-09 09:58	66832	----a-w-	c:\windows\system32\drivers\bdsandbox.sys
2015-05-02 12:25 . 2014-12-15 15:56	77632	----a-w-	c:\windows\system32\drivers\BdfNdisf6.sys
2015-05-02 12:25 . 2015-01-23 14:28	243456	----a-w-	c:\windows\system32\drivers\avchv.sys
2015-05-02 12:25 . 2015-01-14 16:10	1083448	----a-w-	c:\windows\system32\drivers\avc3.sys
2015-05-02 12:25 . 2015-01-14 11:13	548336	----a-w-	c:\windows\system32\drivers\avckf.sys
2015-05-02 12:13 . 2015-05-24 15:00	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Bitdefender
2015-05-02 12:11 . 2015-05-02 12:26	--------	d-----w-	c:\programdata\Bitdefender
2015-05-02 12:11 . 2015-02-24 15:52	172936	----a-w-	c:\windows\system32\drivers\gzflt.sys
2015-05-02 12:11 . 2015-05-02 12:11	--------	d-----w-	c:\program files\Bitdefender
2015-05-02 12:11 . 2014-10-15 15:14	408280	----a-w-	c:\windows\system32\drivers\trufos.sys
2015-05-02 12:08 . 2015-05-02 12:11	--------	d-----w-	c:\program files\Common Files\Bitdefender
2015-05-01 11:10 . 2015-03-04 04:11	5120	----a-w-	c:\windows\system32\shimeng.dll
2015-05-01 11:10 . 2015-03-04 04:10	295936	----a-w-	c:\windows\system32\apphelp.dll
2015-05-01 11:10 . 2015-03-04 04:10	62464	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-01 11:10 . 2015-03-04 04:10	20992	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-01 11:09 . 2015-02-18 07:06	123904	----a-w-	c:\windows\system32\poqexec.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-23 09:39 . 2015-01-11 10:29	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-05-23 09:39 . 2015-01-11 10:29	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-30 19:37 . 2015-01-11 11:47	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-03-25 03:00 . 2015-04-20 20:42	35328	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-20 20:42	3088384	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-20 20:42	92672	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-20 20:42	566784	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-20 20:42	29696	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-20 20:42	2020864	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-20 20:42	173056	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-20 20:42	50176	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-20 20:42	11776	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-20 20:42	33792	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-20 20:42	131584	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-23 03:06 . 2015-04-20 20:42	576000	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-20 20:42	630784	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-20 20:42	331264	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-20 20:42	860160	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-20 20:42	26112	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-20 20:42	159744	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:06 . 2015-04-20 20:42	202752	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 02:59 . 2015-04-20 20:42	896000	----a-w-	c:\windows\system32\aeinv.dll
2015-03-17 05:01 . 2015-04-20 20:44	3920824	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-03-17 05:01 . 2015-04-20 20:44	3976632	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-03-17 05:01 . 2015-04-20 20:44	137656	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 05:01 . 2015-04-20 20:44	67512	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-03-17 04:59 . 2015-04-20 20:44	1306112	----a-w-	c:\windows\system32\ntdll.dll
2015-03-17 04:57 . 2015-04-20 20:44	172032	----a-w-	c:\windows\system32\wdigest.dll
2015-03-17 04:57 . 2015-04-20 20:44	65536	----a-w-	c:\windows\system32\TSpkg.dll
2015-03-17 04:57 . 2015-04-20 20:44	400896	----a-w-	c:\windows\system32\srcore.dll
2015-03-17 04:57 . 2015-04-20 20:44	43008	----a-w-	c:\windows\system32\srclient.dll
2015-03-17 04:57 . 2015-04-20 20:44	15872	----a-w-	c:\windows\system32\sspisrv.dll
2015-03-17 04:57 . 2015-04-20 20:44	100352	----a-w-	c:\windows\system32\sspicli.dll
2015-03-17 04:57 . 2015-04-20 20:44	248832	----a-w-	c:\windows\system32\schannel.dll
2015-03-17 04:57 . 2015-04-20 20:44	22016	----a-w-	c:\windows\system32\secur32.dll
2015-03-17 04:57 . 2015-04-20 20:44	221184	----a-w-	c:\windows\system32\ncrypt.dll
2015-03-17 04:57 . 2015-04-20 20:44	259584	----a-w-	c:\windows\system32\msv1_0.dll
2015-03-17 04:57 . 2015-04-20 20:44	550912	----a-w-	c:\windows\system32\kerberos.dll
2015-03-17 04:57 . 2015-04-20 20:44	1061376	----a-w-	c:\windows\system32\lsasrv.dll
2015-03-17 04:56 . 2015-04-20 20:44	38912	----a-w-	c:\windows\system32\csrsrv.dll
2015-03-17 04:56 . 2015-04-20 20:44	17408	----a-w-	c:\windows\system32\credssp.dll
2015-03-17 04:56 . 2015-04-20 20:44	69632	----a-w-	c:\windows\system32\smss.exe
2015-03-17 04:56 . 2015-04-20 20:44	262656	----a-w-	c:\windows\system32\rstrui.exe
2015-03-17 04:56 . 2015-04-20 20:44	22528	----a-w-	c:\windows\system32\lsass.exe
2015-03-17 04:56 . 2015-04-20 20:44	50176	----a-w-	c:\windows\system32\auditpol.exe
2015-03-17 04:53 . 2015-04-20 20:44	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-03-17 04:53 . 2015-04-20 20:44	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-03-17 04:50 . 2015-04-20 20:44	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-03-17 04:50 . 2015-04-20 20:44	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-03-14 03:04 . 2015-04-25 18:47	67584	----a-w-	c:\windows\system32\dwmapi.dll
2015-03-14 03:04 . 2015-04-25 18:47	1372160	----a-w-	c:\windows\system32\dwmcore.dll
2015-03-13 03:42 . 2015-04-20 20:48	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-03-13 03:42 . 2015-04-20 20:48	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-03-13 03:28 . 2015-04-20 20:48	503296	----a-w-	c:\windows\system32\vbscript.dll
2015-03-13 03:28 . 2015-04-20 20:48	62464	----a-w-	c:\windows\system32\iesetup.dll
2015-03-13 03:27 . 2015-04-20 20:48	47616	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-03-13 03:27 . 2015-04-20 20:48	340992	----a-w-	c:\windows\system32\html.iec
2015-03-13 03:26 . 2015-04-20 20:48	64000	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-03-13 03:16 . 2015-04-20 20:48	115712	----a-w-	c:\windows\system32\ieUnatt.exe
2015-03-13 03:16 . 2015-04-20 20:48	102912	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-03-13 03:15 . 2015-04-20 20:48	620032	----a-w-	c:\windows\system32\jscript9diag.dll
2015-03-13 03:09 . 2015-04-20 20:48	667648	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-13 03:01 . 2015-04-20 20:48	60416	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 02:49 . 2015-04-20 20:48	4305408	----a-w-	c:\windows\system32\jscript9.dll
2015-03-13 02:43 . 2015-04-20 20:48	2052608	----a-w-	c:\windows\system32\inetcpl.cpl
2015-03-13 02:42 . 2015-04-20 20:48	1155072	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-03-13 02:20 . 2015-04-20 20:48	1888256	----a-w-	c:\windows\system32\wininet.dll
2015-03-10 12:10 . 2015-03-31 11:45	18728	----a-w-	c:\windows\system32\drivers\btwrchid.sys
2015-03-10 12:10 . 2015-03-31 11:45	33320	----a-w-	c:\windows\system32\drivers\btwl2cap.sys
2015-03-10 12:10 . 2015-03-31 11:45	293928	----a-w-	c:\windows\system32\drivers\btwampfl.sys
2015-03-10 12:10 . 2015-03-31 11:45	111144	----a-w-	c:\windows\system32\drivers\btwavdt.sys
2015-03-10 12:10 . 2015-03-31 11:45	88104	----a-w-	c:\windows\system32\drivers\btwaudio.sys
2015-03-10 03:08 . 2015-04-20 20:45	1237504	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:05 . 2015-04-20 20:45	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-05 04:06 . 2015-04-20 20:43	305152	----a-w-	c:\windows\system32\gdi32.dll
2015-03-04 04:16 . 2015-04-20 20:45	249784	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:10 . 2015-04-20 20:45	58880	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:10 . 2015-05-01 11:10	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-01 11:10	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-01 11:10	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-02-26 03:11 . 2015-03-13 16:59	2381312	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"Bitdefender-Geldbörse-Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-01-15 671400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyMon"="AsusSender.exe" [2011-07-13 34728]
"HotkeyService"="AsusSender.exe" [2011-07-13 34728]
"LiveUpdate"="AsusSender.exe" [2011-07-13 34728]
"CapsHook"="AsusSender.exe" [2011-07-13 34728]
"GraphicsSwitch"="AsusSender.exe" [2011-07-13 34728]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SuperHybridEngine"="AsusSender.exe" [2011-07-13 34728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN33OBVJVH05KC;CONNECTION=NW;MONITOR=1; [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bdagent]
2015-03-12 16:15	1862056	----a-w-	c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bitdefender-Geldbörse-Agent]
2015-01-15 15:29	671400	----a-w-	c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-04-23 14:56	6278424	----a-w-	c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-22 06:13	980920	----a-w-	c:\progra~1\Eraser\Eraser.exe
.
R2 Hantek6022BE2;Hantek6022BE DRIVER 2;c:\windows\system32\Drivers\Hantek6022BEX862.SYS [2012-03-18 19008]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488]
R3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [2014-12-09 69880]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-07-02 108008]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2015-01-09 66832]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2015-03-10 293928]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2015-03-10 33320]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp32.sys [2015-04-01 50200]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 Hantek6022BE1;Hantek6022BE DRIVER 1;c:\windows\system32\Drivers\Hantek6022BEX861.sys [2012-03-18 21056]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2010-10-01 52096]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [2012-07-26 132608]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2015-01-14 1083448]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2015-02-24 172936]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-08-12 19656]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2011-02-09 11832]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2014-12-15 77632]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-10-29 93648]
S2 apmSAWCtrl;apm - SAW control service;c:\program files\abylonsoft\SAWipe\SAWCtrlSer.exe [2012-11-19 470120]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2015-04-14 1871160]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-04-14 1080120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-26 235624]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-07-02 93072]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [2014-10-27 54424]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2015-01-23 243456]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2015-01-14 548336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2013-08-16 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-05-26 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-23 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe [2015-05-23 09:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m3i8k6rm.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
MSConfigStartUp-ETDCtrl - c:\program files\Elantech\ETDCtrl.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-206298077-3871948171-1831049974-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,06,
   69,c5,8c,4b,0b,ad,e7,8b,84,f9,9d,69,56
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,da,
   c4,70,fe,3c,0e,a7,78,c3,7b,c9,81,cc,bc
.
[HKEY_USERS\S-1-5-21-206298077-3871948171-1831049974-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,60,ac,3e,86,aa,65,4a,a1,e0,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,60,ac,3e,86,aa,65,4a,a1,e0,02,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(7912)
c:\windows\system32\DUser.dll
c:\windows\system32\DUI70.dll
c:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
c:\windows\system32\PROPSYS.dll
c:\windows\system32\IconCodecService.dll
c:\windows\system32\SndVolSSO.DLL
c:\windows\system32\HID.DLL
c:\windows\System32\MMDevApi.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\windows\system32\actxprxy.dll
c:\windows\System32\shdocvw.dll
c:\windows\system32\LINKINFO.dll
c:\windows\System32\shacct.dll
c:\windows\system32\SAMLIB.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\msls31.dll
c:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\System32\UIAnimation.dll
c:\windows\system32\Syncreg.dll
c:\windows\ehome\ehSSO.dll
c:\windows\System32\nlaapi.dll
c:\windows\System32\AltTab.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwapi.dll
c:\windows\System32\wscinterop.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Bitdefender\Bitdefender 2015\vsserv.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\ Malwarebytes Anti-Malware \mbam.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\CapsHook\CapsHook.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\ASUS\SHE\SuperHybridEngine.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-26  23:52:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-26 21:52
.
Vor Suchlauf: 18 Verzeichnis(se), 144.209.125.376 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 144.241.876.992 Bytes frei
.
- - End Of File - - 5E2DC5D2FE23B5CE736FBF21E9BA03CA
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 27.05.2015, 19:15   #10
schrauber
/// the machine
/// TB-Ausbilder
 

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



Ist ja gelaufen


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.05.2015, 07:24   #11
harryS
 
bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



ich habe Anti-Malware als Admin laufen lassen, sogar direkt im Adminkonto, trotzdem steht im mbam.txt dass es ohne Adminrechten gelaufen wäre? Verstehe ich nicht...

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 27.05.2015
Suchlauf-Zeit: 21:49:42
Logdatei: mbam.txt
Administrator: Nein

Version: 2.01.6.1022
Malware Datenbank: v2015.05.27.04
Rootkit Datenbank: v2015.05.24.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: xxxxx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 270181
Verstrichene Zeit: 13 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         


AdwareCleaner
Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 28/05/2015 um 06:03:22
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Administrator - ASUS
# Gestarted von : C:\Users\lemi\Desktop\AdwCleaner_4.205.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 de)


*************************

AdwCleaner[R4].txt - [866 Bytes] - [02/04/2015 12:41:23]
AdwCleaner[R5].txt - [916 Bytes] - [21/04/2015 23:18:20]
AdwCleaner[R6].txt - [775 Bytes] - [28/05/2015 06:03:22]
AdwCleaner[S3].txt - [924 Bytes] - [02/04/2015 12:48:46]

########## EOF - \AdwCleaner\AdwCleaner[R6].txt - [891 Bytes] ##########
         


JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.1 (05.27.2015:1)
OS: Windows 7 Professional x86
Ran by Administrator on 28.05.2015 at  6:18:03,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2015 at  6:28:33,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         



FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
Ran by Administrator (administrator) on ASUS on 28-05-2015 07:05:50
Running from C:\Users\xxxxx\Desktop
Loaded Profiles: xxxxx & Administrator (Available Profiles: xxxxx & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
() C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-07-13] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-28] (ASUS)
HKLM\...\Run: [GraphicsSwitch] => C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe [205304 2010-08-18] (AsusTek Computer Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-12] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfeb88-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfebba-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {8b6f5a82-17de-11e3-b07b-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2015-03-11]
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-206298077-3871948171-1831049974-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-206298077-3871948171-1831049974-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-206298077-3871948171-1831049974-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Toolbar: HKU\S-1-5-21-206298077-3871948171-1831049974-1000 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m3i8k6rm.default
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-05-02]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1 [2014-05-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-05-02]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-206298077-3871948171-1831049974-1000) OperaMail - "C:\Program Files\Opera Mail safe\OperaMail.exe"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 apmSAWCtrl; C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe [470120 2012-11-19] ()
S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () []
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-16] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2011-02-09] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1083448 2015-01-14] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [243456 2015-01-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [548336 2015-01-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [93648 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2015-01-09] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2015-03-10] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-04-02] (Emsisoft GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [172936 2015-02-24] (BitDefender LLC)
S3 Hantek6022BE1; C:\Windows\System32\Drivers\Hantek6022BEX861.sys [21056 2012-03-18] () []
S2 Hantek6022BE2; C:\Windows\System32\Drivers\Hantek6022BEX862.SYS [19008 2012-03-18] () []
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2013-08-12] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2013-08-12] (NVIDIA Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-26] (Prolific Technology Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 07:05 - 2015-05-28 07:06 - 00014582 _____ () C:\Users\xxxxx\Desktop\FRST.txt
2015-05-28 07:04 - 2015-05-28 07:04 - 00000608 _____ () C:\Users\xxxxx\Desktop\JRT.txt
2015-05-28 06:28 - 2015-05-28 06:28 - 00000608 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-05-28 06:18 - 2015-05-28 06:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASUS-Windows-7-Professional-(32-bit).dat
2015-05-28 06:18 - 2015-05-28 06:18 - 00000000 ____D () C:\RegBackup
2015-05-28 06:15 - 2015-05-28 06:15 - 00000968 _____ () C:\Users\Administrator\Desktop\AdwCleaner[R6].txt
2015-05-28 06:03 - 2015-05-28 06:07 - 00000967 _____ () C:\Users\xxxxx\Desktop\AdwCleaner[R6].txt
2015-05-27 22:05 - 2015-05-27 22:05 - 00001205 _____ () C:\Users\xxxxx\Desktop\mbam.txt
2015-05-27 21:49 - 2015-05-27 21:50 - 00000000 ____D () C:\Users\xxxxx\Desktop\mbam1
2015-05-27 21:19 - 2015-05-27 21:19 - 00000000 ____D () C:\Users\xxxxx\Desktop\FRST 2Lauf
2015-05-27 20:48 - 2015-05-27 20:50 - 02946603 _____ (Thisisu) C:\Users\xxxxx\Desktop\JRT.exe
2015-05-27 20:47 - 2015-05-27 20:48 - 02222592 _____ () C:\Users\xxxxx\Desktop\AdwCleaner_4.205.exe
2015-05-27 02:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-27 01:21 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-27 01:21 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-27 01:21 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-27 01:21 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-27 01:21 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-27 01:21 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-27 01:21 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-27 01:21 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-27 01:21 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-27 01:21 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-27 01:21 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-27 01:21 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-27 01:21 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-27 01:21 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-27 01:21 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-27 01:21 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-27 01:21 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-27 01:21 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-27 01:21 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-27 01:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-27 01:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-27 01:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-27 01:21 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-27 01:21 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-27 01:21 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-27 01:21 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-27 01:21 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-27 01:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-27 01:21 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-27 01:20 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-27 01:20 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-27 01:20 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-27 01:20 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-27 01:20 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-27 01:20 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-27 01:20 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-27 01:20 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-27 01:20 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-27 01:20 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-27 01:20 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-27 01:20 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-27 01:20 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-27 01:20 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-27 01:20 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-27 01:20 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-27 01:20 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-27 01:20 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-27 01:20 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-27 01:20 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-27 01:20 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-27 01:20 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-27 01:16 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-27 01:16 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-26 23:52 - 2015-05-26 23:52 - 00024003 _____ () C:\ComboFix.txt
2015-05-26 21:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-26 21:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-26 21:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-26 20:48 - 2015-05-26 23:52 - 00000000 ____D () C:\Qoobox
2015-05-26 20:47 - 2015-05-26 23:45 - 00000000 ____D () C:\Windows\erdnt
2015-05-25 20:40 - 2015-05-25 20:40 - 05628291 ____R (Swearware) C:\Users\xxxxx\Desktop\ComboFix.exe
2015-05-25 12:41 - 2015-05-25 12:41 - 00154728 _____ () C:\Windows\Minidump\052515-26910-01.dmp
2015-05-25 12:32 - 2015-05-25 12:32 - 00155016 _____ () C:\Windows\Minidump\052515-26020-01.dmp
2015-05-24 17:27 - 2015-05-24 17:27 - 00018839 _____ () C:\Users\Administrator\Desktop\Gmer_2.log
2015-05-24 16:52 - 2015-05-25 12:41 - 272795322 _____ () C:\Windows\MEMORY.DMP
2015-05-24 16:52 - 2015-05-24 16:52 - 00155112 _____ () C:\Windows\Minidump\052415-25880-01.dmp
2015-05-24 16:42 - 2015-05-24 16:43 - 00000000 ____D () C:\Users\xxxxx\Desktop\1durchlauf
2015-05-24 16:36 - 2015-05-24 16:36 - 00027657 _____ () C:\Users\Administrator\Desktop\FRST2.txt
2015-05-24 16:34 - 2015-05-24 16:35 - 00027657 _____ () C:\Users\Administrator\Desktop\FRST_2.txt
2015-05-24 16:28 - 2015-05-25 20:13 - 00000000 ____D () C:\Users\xxxxx\Desktop\FRST-OlderVersion
2015-05-23 11:24 - 2015-05-23 11:24 - 00000263 _____ () C:\Users\xxxxx\Desktop\trojanerboard.txt
2015-05-23 11:20 - 2015-05-23 11:20 - 00001219 _____ () C:\Users\Administrator\Desktop\Anti-Maleware.txt
2015-05-23 10:17 - 2015-05-28 00:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 10:16 - 2015-05-27 22:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-23 10:16 - 2015-05-23 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-23 10:16 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 10:16 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 10:16 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-23 09:28 - 2015-05-23 09:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-22 23:13 - 2015-05-22 23:13 - 00380416 _____ () C:\Users\xxxxx\Desktop\Gmer-19357.exe
2015-05-22 23:12 - 2015-05-25 20:13 - 01147392 _____ (Farbar) C:\Users\xxxxx\Desktop\FRST.exe
2015-05-22 23:09 - 2015-05-22 23:09 - 00050477 _____ () C:\Users\xxxxx\Desktop\Defogger.exe
2015-05-20 21:49 - 2015-05-20 21:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-16 14:26 - 2015-05-28 05:59 - 00003523 _____ () C:\Windows\setupact.log
2015-05-16 14:26 - 2015-05-16 14:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 14:25 - 2015-05-26 22:11 - 00001760 _____ () C:\Windows\PFRO.log
2015-05-16 11:34 - 2015-05-16 11:34 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 14:30 - 2015-05-02 14:30 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-05-02 14:27 - 2015-05-02 14:27 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-05-02 14:26 - 2015-05-22 20:04 - 00000309 ____H () C:\bdr-cf03
2015-05-02 14:25 - 2015-05-02 14:25 - 00002082 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
2015-05-02 14:25 - 2015-05-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-05-02 14:25 - 2015-01-23 16:28 - 00243456 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-05-02 14:25 - 2015-01-14 18:10 - 01083448 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-05-02 14:25 - 2015-01-14 13:13 - 00548336 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-05-02 14:25 - 2015-01-09 11:58 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-05-02 14:25 - 2014-12-15 17:56 - 00077632 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-05-02 14:13 - 2015-05-24 17:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bitdefender
2015-05-02 14:13 - 2015-05-02 14:26 - 00253404 ____H () C:\bdr-ld03
2015-05-02 14:13 - 2015-05-02 14:26 - 00009216 ____H () C:\bdr-ld03.mbr
2015-05-02 14:13 - 2014-07-04 17:47 - 39361413 ____H () C:\bdr-im03.gz
2015-05-02 14:13 - 2012-08-15 15:28 - 02294848 ____H () C:\bdr-bz03
2015-05-02 14:11 - 2015-05-02 14:26 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-05-02 14:11 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Bitdefender
2015-05-02 14:11 - 2015-02-24 17:52 - 00172936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-05-02 14:11 - 2014-10-15 17:14 - 00408280 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-05-02 14:08 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-05-01 14:18 - 2015-05-01 14:18 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-01 13:10 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 13:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 07:05 - 2015-04-07 08:28 - 00000000 ____D () C:\FRST
2015-05-28 06:16 - 2015-04-02 12:40 - 00000000 ____D () C:\AdwCleaner
2015-05-28 06:08 - 2009-07-14 06:34 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 06:08 - 2009-07-14 06:34 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 06:07 - 2013-08-11 15:38 - 00000000 ____D () C:\Program Files\Opera
2015-05-28 06:04 - 2010-11-20 23:01 - 01647544 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 06:03 - 2013-08-11 13:43 - 01422256 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 06:00 - 2013-08-12 08:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-28 05:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 23:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-05-27 21:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-27 20:00 - 2009-07-14 06:33 - 00409768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-27 19:59 - 2015-04-06 20:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-27 02:16 - 2015-04-06 20:43 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-27 02:16 - 2010-11-21 02:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-27 02:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-27 02:03 - 2013-10-05 15:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-27 01:55 - 2013-08-12 08:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-27 01:41 - 2013-08-11 22:33 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-27 01:29 - 2015-04-06 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-26 23:52 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-26 23:52 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-26 23:41 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-26 21:57 - 2013-11-16 20:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-25 13:38 - 2013-08-11 15:39 - 00000000 ____D () C:\download
2015-05-25 12:41 - 2013-11-19 14:26 - 00000000 ____D () C:\Windows\Minidump
2015-05-23 12:40 - 2015-01-11 12:59 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-23 11:40 - 2013-10-27 10:47 - 00000000 ____D () C:\Users\xxxxx\AppData\Local\Adobe
2015-05-23 11:39 - 2015-01-11 12:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-23 11:39 - 2015-01-11 12:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-23 11:38 - 2014-10-26 18:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-23 09:54 - 2013-11-20 08:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-20 19:11 - 2013-08-27 22:13 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\HpUpdate
2015-05-18 20:50 - 2013-11-16 20:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 14:40 - 2013-09-04 23:54 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Skype
2015-05-16 11:44 - 2013-08-11 23:39 - 00000000 ____D () C:\Windows\Panther
2015-05-07 06:32 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-03 09:33 - 2013-08-30 12:24 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\vlc
2015-05-02 14:31 - 2013-08-11 15:40 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Bitdefender
2015-05-02 13:15 - 2014-12-09 00:08 - 00000000 ____D () C:\Users\xxxxx\Downloads\Bitdefender Safepay
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Amazon
2015-05-01 14:18 - 2013-09-28 14:43 - 00000000 ____D () C:\Users\Administrator

==================== Files in the root of some directories =======

2015-03-30 15:43 - 2015-04-18 09:43 - 0007601 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2013-08-27 22:10 - 2013-08-27 22:10 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 12:21

==================== End of log ============================
         


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by Administrator at 2015-05-28 07:07:29
Running from C:\Users\xxxxx\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-206298077-3871948171-1831049974-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-206298077-3871948171-1831049974-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-206298077-3871948171-1831049974-1003 - Limited - Enabled)
xxxxx (S-1-5-21-206298077-3871948171-1831049974-1000 - Limited - Enabled) => C:\Users\xxxxx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abylon SHREDDER 10.00.2 (HKLM\...\abylonprotectionmanagerschredder_is1) (Version: 10.00.2 - abylonsoft)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.22.0.1521 - Bitdefender)
BleachBit (HKLM\...\BleachBit) (Version:  - BleachBit)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.5 - AsusTek Computer)
CBL Daten-Shredder (HKLM\...\{560E96B3-356D-4572-9FE3-B44F9AB92622}) (Version: 1.0.0 - CBL Datenrettung GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Exifer (HKLM\...\Exifer_is1) (Version:  - Friedemann Schmidt)
FileZilla Client 3.9.0.6 (HKLM\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version:  - Eusing Software)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GraphicsSwitch (HKLM\...\{0BC8B21E-EB38-4174-827B-89A5F80E8DDA}) (Version: 1.4 - AsusTek Computer Inc.)
GTText (HKLM\...\{C8187D08-DC8E-4382-9AEB-00F311C119F9}) (Version: 1.4.5 - SoftOCR)
Hantek6022BE Ver1.0.3 (HKLM\...\Hantek6022BE Ver1.0.3) (Version: 1.0.3 - ODM)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.32 - AsusTek Computer Inc.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{E5F9BFAF-2FD9-4637-BA4E-5C2BC3A0763D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IMAPSize 0.3.7 (HKLM\...\IMAPSize_is1) (Version:  - Broobles)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.29 - AsusTek Computer Inc.)
MailStore Home 8.2.1.10082 (HKLM\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Master (Version: 8.9.4 - Jumping Bytes) Hidden
Mobile Master 8.9.4 (HKLM\...\Mobile Master) (Version: 8.9.4 - Jumping Bytes)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
NetObjects Fusion 12.0 (HKLM\...\{8862CF22-E7DC-4828-A6F3-6CFD45D3DA01}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (Version: 12.00.5000.5041 - NetObjects) Hidden
NetObjects Fusion 2013 (HKLM\...\{ACA28148-D6FB-4910-9597-81A8F2FB0499}) (Version: 13.0 - NetObjects)
NetObjects Fusion 2013 (Version: 13.00.0000.5529 - NetObjects) Hidden
NetObjects Fusion 2015 (HKLM\...\{A1BF217F-776E-4A3D-B614-E2DCA0E177BB}) (Version: 15.0 - NetObjects)
NetObjects Fusion 2015 (Version: 15.00.0000.1035 - NetObjects) Hidden
NTRIP (HKLM\...\{4AAD21AD-EE06-46C9-8B57-28D53DF9FB06}_is1) (Version:  - NTRIP)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.17.12.5912 - NVIDIA Corporation)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Opera Mail 1.0 (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
Opera Mail 1.0 (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Opera 1.0.1040_1) (Version: 1.0.1040 - Opera Software ASA)
Opera Stable 16.0.1196.80 (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Opera 16.0.1196.80) (Version: 16.0.1196.80 - Opera Software ASA)
Opera Stable 29.0.1795.60 (HKLM\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.7.0 - Prolific Technology INC)
PL-2303 USB-to-Serial (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.7.0 - Prolific Technology INC)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.18 - AsusTek Computer)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update miniHomer 2.8 Version 2.8 (HKLM\...\{A2A1ACE9-AD11-4026-B970-DCE8B33DCC44}_is1) (Version: 2.8 - ZNEX)
Vivaldi (HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Vivaldi) (Version: 1.0.118.19 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5500 - Broadcom Corporation)
Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Wondershare PDF to Word (Build 4.0.1) (HKLM\...\{90599D63-1879-4B90-BE4F-051CE70FA576}_is1) (Version: 4.0.1 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-206298077-3871948171-1831049974-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-206298077-3871948171-1831049974-500_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-206298077-3871948171-1831049974-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Administrator\AppData\Local\Vivaldi\Application\1.0.118.19\delegate_execute.exe (Vivaldi Technologies AS)

==================== Restore Points =========================

27-05-2015 01:23:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-05-26 23:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C1BD5DE-2241-465B-9D5C-F59AAB8284B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {473AC837-F783-42CA-825D-EBA894199286} - System32\Tasks\{9674201D-B3B5-4C7E-8EBB-171AC4AE91B2} => C:\Program Files\Opera\Opera.exe [2013-09-27] (Opera Software)
Task: {7389D224-1340-44B6-9219-4409A43A413E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {A0E102C7-FECF-4265-B086-CEE1DD933161} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B0112A1F-C848-4F97-B01B-A91E88F9EE72} - System32\Tasks\{924A3E18-76BE-4F54-89AE-05BDDBB0D12E} => C:\Program Files\Opera\Opera.exe [2013-09-27] (Opera Software)
Task: {BD689AEF-CC81-4D7C-9DBD-0241AD27FC45} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {D21728B9-58CF-417C-9803-1F1061E8FFA1} - System32\Tasks\Opera scheduled Autoupdate 1376228301 => C:\Program Files\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {D7F31F2A-B930-4F88-A09D-B0BB38EFF30F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe [2015-05-23] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-02 14:25 - 2014-08-27 16:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-05-02 14:25 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-05-02 14:25 - 2015-04-01 18:03 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-05-02 14:25 - 2012-10-29 14:22 - 00130656 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-05-07 22:11 - 2015-05-07 22:11 - 00682736 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttpbr.mdl
2015-05-07 22:11 - 2015-05-07 22:11 - 00603432 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttpdsp.mdl
2015-05-07 22:11 - 2015-05-07 22:11 - 02207112 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttpph.mdl
2015-05-07 22:11 - 2015-05-07 22:11 - 01131304 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttprbl.mdl
2013-12-23 14:07 - 2012-11-19 16:21 - 00470120 _____ () C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe
2013-12-23 14:07 - 2012-11-19 16:21 - 02495592 _____ () C:\Program Files\abylonsoft\SAWipe\SAWCmn32X86.dll
2013-12-23 14:07 - 2012-11-19 16:21 - 00568424 _____ () C:\Program Files\abylonsoft\SAWipe\SAWLangX86.dll
2013-12-23 14:07 - 2012-11-19 16:22 - 02079848 _____ () C:\Program Files\abylonsoft\SAWipe\SAWToolsx86.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2013-12-23 14:07 - 2012-11-19 16:21 - 00260712 _____ () C:\Program Files\abylonsoft\SAWipe\SAWOle.dll
2013-12-23 14:07 - 2012-11-19 16:21 - 00393320 _____ () C:\Program Files\abylonsoft\SAWipe\SAWNTSec.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Administrator\Downloads\FWUpdateEDO2_305748.exe:BDU
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\xxxxx\Desktop\AdwCleaner_4.205.exe:BDU
AlternateDataStreams: C:\Users\xxxxx\Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\xxxxx\Desktop\Defogger.exe:BDU
AlternateDataStreams: C:\Users\xxxxx\Desktop\Gmer-19357.exe:BDU
AlternateDataStreams: C:\Users\xxxxx\Desktop\JRT.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\100sexlinks.com -> 100sexlinks.com

There are 6046 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-206298077-3871948171-1831049974-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-206298077-3871948171-1831049974-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{37B7B9D2-3416-4790-A9D4-6A01C597D2D9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{412AB60C-C8F8-4A40-9B5C-DC77F185B2F1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{1EBCF635-8C2C-4FF6-90A8-3987AB7D57D6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{A9D4D405-A4D9-4003-9D5C-3A75DABFD02E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{C095AA04-B1E2-4BED-A294-3976DB7E3871}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{995A8215-454B-4F2C-BBD6-DD8DE339D866}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D340A456-C30E-46A1-9014-DAC07F6AA5FA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CC0B7014-49EB-432D-BAF6-D57131743366}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{5372BA9F-1153-48B2-8896-5EB7B389280C}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{2A8A92BC-72D0-4C42-9DFC-7CDC25B0CD07}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{58E7CB00-FBD8-4643-A45B-DCFF435960D8}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{F0466FFB-B756-4866-9474-D54A28D9FC14}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{6F218F7F-F244-451F-88DB-A2E1F5B6BB74}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A0BD8D53-113C-47EC-B71F-26F5145E44AB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{6D0DFEE5-B772-4A9B-938C-637054D7D257}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F2FCB908-0D8D-470A-874C-2C3A3701E9F8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{78C553E3-5BD3-4296-A484-84CFCE199347}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BAEF5889-C926-4D39-8439-814894586B27}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7A70B78D-EC06-408F-AE40-BC59A87E0BBE}] => (Allow) C:\Users\Administrator\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{5C1912E2-8D88-4757-932A-4844A9A077F7}C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [UDP Query User{5396E197-A033-4960-B857-9A685CC47757}C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [{375A207E-D433-4607-BCA5-9D8D3DDE0E53}] => (Block) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [{30B85B8E-C31D-4E18-9096-59F9E6F11E50}] => (Block) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe

==================== Faulty Device Manager Devices =============

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 06:00:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 00:36:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/27/2015 10:54:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/27/2015 10:54:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/27/2015 10:54:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/27/2015 10:54:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/27/2015 08:01:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/28/2015 06:20:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/28/2015 06:20:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Matrix Storage Event Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 06:20:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 06:20:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 06:19:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 06:19:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 06:19:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/28/2015 06:19:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Asus Launcher Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 06:19:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 06:19:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (05/28/2015 06:00:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 00:36:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8600\DriverStore\Pipeline\amd64\hpinkins5912.exe

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\SAWSetupX64.EXE

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\SAWipeX64.EXE

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\AdminCallX64.EXE

Error: (05/27/2015 10:54:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8600\DriverStore\Pipeline\amd64\hpinkins5912.exe

Error: (05/27/2015 10:54:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\SAWSetupX64.EXE

Error: (05/27/2015 10:54:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\SAWipeX64.EXE

Error: (05/27/2015 10:54:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\AdminCallX64.EXE

Error: (05/27/2015 08:01:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU N570 @ 1.66GHz
Percentage of memory in use: 53%
Total physical RAM: 2038.05 MB
Available physical RAM: 942.33 MB
Total Pagefile: 8038.05 MB
Available Pagefile: 6573.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:150.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9949D096)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of log ============================
         

wünsche einen genehmen Tag
Gruß & Danke
Harry

Alt 28.05.2015, 21:01   #12
schrauber
/// the machine
/// TB-Ausbilder
 

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.05.2015, 23:49   #13
harryS
 
bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



hi,
es zieht sich leider in die Länge, da ich viel unterwegs bin.
Ich werde mich morgen wieder melden... aber wie schon vorher bekomme ich den .... bitdefender nicht beendet.... ist ESET eine ...für mich...vielleicht bessere Alternative?
Wieder a rießen vergeltz gott für Deine Geduld
gruß
Harry

Alt 29.05.2015, 18:57   #14
schrauber
/// the machine
/// TB-Ausbilder
 

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2015, 09:23   #15
harryS
 
bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Standard

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe



moinmoin,

eset ist jetzt ca 11Stunden durchgelaufen


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=efd26ce4d3d38348a8a94721d515e5b1
# engine=24089
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-30 06:06:01
# local_time=2015-05-30 08:06:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2066 16777213 85 100 42224 136814939 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 283199 184597152 0 0
# scanned=224270
# found=3
# cleaned=0
# scan_time=39588
sh=FA893286DAC982183E0C395487E86CF3542AD2B5 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY Trojaner" ac=I fn="C:\Daten\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\DigitalSites\UpdateProc\bkup.dat.vir"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\download\PDFCreator-1_7_1_setup.exe"
sh=563E1B707747F87BD96829B81E92CA1EE04E83FD ft=1 fh=421b349ff9c9cc9b vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\download\freeOCR\freeocr.exe"
         

jetzt ist noch SecurityCheck dran.

Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 8 Update 40  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Mozilla Firefox (38.0.1) 
 Mozilla Thunderbird (31.7.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender 2015 vsserv.exe  
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
Ran by Administrator (administrator) on ASUS on 30-05-2015 08:46:54
Running from C:\Users\xxxxx\Desktop
Loaded Profiles: xxxxx & Administrator (Available Profiles: xxxxx & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.EXE
() C:\Windows\System32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(AsusTek Computer Inc.) C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-07-13] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-28] (ASUS)
HKLM\...\Run: [GraphicsSwitch] => C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe [205304 2010-08-18] (AsusTek Computer Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-12] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfeb88-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfebba-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {8b6f5a82-17de-11e3-b07b-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2015-03-11]
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2015-05-28]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-206298077-3871948171-1831049974-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-206298077-3871948171-1831049974-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-206298077-3871948171-1831049974-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Toolbar: HKU\S-1-5-21-206298077-3871948171-1831049974-1000 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m3i8k6rm.default
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\xxxxx\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-05-02]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1 [2014-05-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-05-02]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-206298077-3871948171-1831049974-1000) OperaMail - "C:\Program Files\Opera Mail safe\OperaMail.exe"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 apmSAWCtrl; C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe [470120 2012-11-19] ()
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () []
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-16] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2011-02-09] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1083448 2015-01-14] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [243456 2015-01-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [548336 2015-01-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [93648 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2015-01-09] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2015-03-10] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-04-02] (Emsisoft GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [172936 2015-02-24] (BitDefender LLC)
S3 Hantek6022BE1; C:\Windows\System32\Drivers\Hantek6022BEX861.sys [21056 2012-03-18] () []
S2 Hantek6022BE2; C:\Windows\System32\Drivers\Hantek6022BEX862.SYS [19008 2012-03-18] () []
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2013-08-12] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2013-08-12] (NVIDIA Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-26] (Prolific Technology Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 08:46 - 2015-05-30 08:47 - 00017034 _____ () C:\Users\xxxxx\Desktop\FRST.txt
2015-05-30 08:44 - 2015-05-30 08:45 - 00000000 ____D () C:\Users\xxxxx\Desktop\scan3
2015-05-29 20:47 - 2015-05-29 20:47 - 00001270 _____ () C:\Users\xxxxx\Desktop\ESET Online Scanner - Verknüpfung.lnk
2015-05-29 20:31 - 2015-05-29 20:31 - 00000000 ____D () C:\Program Files\ESET
2015-05-28 06:28 - 2015-05-28 06:28 - 00000608 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-05-28 06:18 - 2015-05-28 06:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASUS-Windows-7-Professional-(32-bit).dat
2015-05-28 06:18 - 2015-05-28 06:18 - 00000000 ____D () C:\RegBackup
2015-05-28 06:15 - 2015-05-28 06:15 - 00000968 _____ () C:\Users\Administrator\Desktop\AdwCleaner[R6].txt
2015-05-27 21:49 - 2015-05-27 21:50 - 00000000 ____D () C:\Users\xxxxx\Desktop\mbam1
2015-05-27 21:19 - 2015-05-27 21:19 - 00000000 ____D () C:\Users\xxxxx\Desktop\FRST 2Lauf
2015-05-27 02:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-27 01:21 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-27 01:21 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-27 01:21 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-27 01:21 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-27 01:21 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-27 01:21 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-27 01:21 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-27 01:21 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-27 01:21 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-27 01:21 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-27 01:21 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-27 01:21 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-27 01:21 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-27 01:21 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-27 01:21 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-27 01:21 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-27 01:21 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-27 01:21 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-27 01:21 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-27 01:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-27 01:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-27 01:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-27 01:21 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-27 01:21 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-27 01:21 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-27 01:21 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-27 01:21 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-27 01:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-27 01:21 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-27 01:20 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-27 01:20 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-27 01:20 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-27 01:20 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-27 01:20 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-27 01:20 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-27 01:20 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-27 01:20 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-27 01:20 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-27 01:20 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-27 01:20 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-27 01:20 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-27 01:20 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-27 01:20 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-27 01:20 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-27 01:20 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-27 01:20 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-27 01:20 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-27 01:20 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-27 01:20 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-27 01:20 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-27 01:20 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-27 01:20 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-27 01:20 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-27 01:20 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-27 01:16 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-27 01:16 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-26 23:52 - 2015-05-26 23:52 - 00024003 _____ () C:\ComboFix.txt
2015-05-26 21:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-26 21:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-26 21:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-26 21:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-26 20:48 - 2015-05-26 23:52 - 00000000 ____D () C:\Qoobox
2015-05-26 20:47 - 2015-05-26 23:45 - 00000000 ____D () C:\Windows\erdnt
2015-05-25 20:40 - 2015-05-25 20:40 - 05628291 ____R (Swearware) C:\Users\xxxxx\Desktop\ComboFix.exe
2015-05-25 12:41 - 2015-05-25 12:41 - 00154728 _____ () C:\Windows\Minidump\052515-26910-01.dmp
2015-05-25 12:32 - 2015-05-25 12:32 - 00155016 _____ () C:\Windows\Minidump\052515-26020-01.dmp
2015-05-24 17:27 - 2015-05-24 17:27 - 00018839 _____ () C:\Users\Administrator\Desktop\Gmer_2.log
2015-05-24 16:52 - 2015-05-25 12:41 - 272795322 _____ () C:\Windows\MEMORY.DMP
2015-05-24 16:52 - 2015-05-24 16:52 - 00155112 _____ () C:\Windows\Minidump\052415-25880-01.dmp
2015-05-24 16:42 - 2015-05-24 16:43 - 00000000 ____D () C:\Users\xxxxx\Desktop\1durchlauf
2015-05-24 16:36 - 2015-05-24 16:36 - 00027657 _____ () C:\Users\Administrator\Desktop\FRST2.txt
2015-05-24 16:34 - 2015-05-24 16:35 - 00027657 _____ () C:\Users\Administrator\Desktop\FRST_2.txt
2015-05-24 16:28 - 2015-05-25 20:13 - 00000000 ____D () C:\Users\xxxxx\Desktop\FRST-OlderVersion
2015-05-23 11:24 - 2015-05-23 11:24 - 00000263 _____ () C:\Users\xxxxx\Desktop\trojanerboard.txt
2015-05-23 11:20 - 2015-05-23 11:20 - 00001219 _____ () C:\Users\Administrator\Desktop\Anti-Maleware.txt
2015-05-23 10:17 - 2015-05-28 00:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 10:16 - 2015-05-27 22:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-23 10:16 - 2015-05-23 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-23 10:16 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 10:16 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 10:16 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-23 09:28 - 2015-05-23 09:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-22 23:13 - 2015-05-22 23:13 - 00380416 _____ () C:\Users\xxxxx\Desktop\Gmer-19357.exe
2015-05-22 23:12 - 2015-05-25 20:13 - 01147392 _____ (Farbar) C:\Users\xxxxx\Desktop\FRST.exe
2015-05-22 23:09 - 2015-05-22 23:09 - 00050477 _____ () C:\Users\xxxxx\Desktop\Defogger.exe
2015-05-20 21:49 - 2015-05-20 21:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-16 14:26 - 2015-05-29 20:22 - 00003691 _____ () C:\Windows\setupact.log
2015-05-16 14:26 - 2015-05-16 14:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 14:25 - 2015-05-26 22:11 - 00001760 _____ () C:\Windows\PFRO.log
2015-05-16 11:34 - 2015-05-16 11:34 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 14:30 - 2015-05-02 14:30 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-05-02 14:27 - 2015-05-02 14:27 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-05-02 14:26 - 2015-05-22 20:04 - 00000309 ____H () C:\bdr-cf03
2015-05-02 14:25 - 2015-05-02 14:25 - 00002082 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
2015-05-02 14:25 - 2015-05-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-05-02 14:25 - 2015-01-23 16:28 - 00243456 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-05-02 14:25 - 2015-01-14 18:10 - 01083448 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-05-02 14:25 - 2015-01-14 13:13 - 00548336 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-05-02 14:25 - 2015-01-09 11:58 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-05-02 14:25 - 2014-12-15 17:56 - 00077632 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-05-02 14:13 - 2015-05-24 17:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bitdefender
2015-05-02 14:13 - 2015-05-02 14:26 - 00253404 ____H () C:\bdr-ld03
2015-05-02 14:13 - 2015-05-02 14:26 - 00009216 ____H () C:\bdr-ld03.mbr
2015-05-02 14:13 - 2014-07-04 17:47 - 39361413 ____H () C:\bdr-im03.gz
2015-05-02 14:13 - 2012-08-15 15:28 - 02294848 ____H () C:\bdr-bz03
2015-05-02 14:11 - 2015-05-02 14:26 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-05-02 14:11 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Bitdefender
2015-05-02 14:11 - 2015-02-24 17:52 - 00172936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-05-02 14:11 - 2014-10-15 17:14 - 00408280 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-05-02 14:08 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-05-01 14:18 - 2015-05-01 14:18 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-01 13:10 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 13:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 08:47 - 2015-04-07 08:28 - 00000000 ____D () C:\FRST
2015-05-30 08:40 - 2015-01-11 12:59 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-30 02:37 - 2013-08-11 13:43 - 01439728 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 20:30 - 2009-07-14 06:34 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 20:30 - 2009-07-14 06:34 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 20:26 - 2010-11-20 23:01 - 01647544 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-29 20:22 - 2013-08-12 08:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-29 20:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 23:39 - 2013-08-11 15:38 - 00000000 ____D () C:\Program Files\Opera
2015-05-28 06:16 - 2015-04-02 12:40 - 00000000 ____D () C:\AdwCleaner
2015-05-27 23:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-05-27 21:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-27 20:00 - 2009-07-14 06:33 - 00409768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-27 19:59 - 2015-04-06 20:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-27 02:16 - 2015-04-06 20:43 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-27 02:16 - 2010-11-21 02:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-27 02:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-27 02:03 - 2013-10-05 15:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-27 01:55 - 2013-08-12 08:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-27 01:41 - 2013-08-11 22:33 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-27 01:29 - 2015-04-06 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-26 23:52 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-26 23:52 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-26 23:41 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-26 21:57 - 2013-11-16 20:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-25 13:38 - 2013-08-11 15:39 - 00000000 ____D () C:\download
2015-05-25 12:41 - 2013-11-19 14:26 - 00000000 ____D () C:\Windows\Minidump
2015-05-23 11:40 - 2013-10-27 10:47 - 00000000 ____D () C:\Users\xxxxx\AppData\Local\Adobe
2015-05-23 11:39 - 2015-01-11 12:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-23 11:39 - 2015-01-11 12:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-23 11:38 - 2014-10-26 18:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-23 09:54 - 2013-11-20 08:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-20 19:11 - 2013-08-27 22:13 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\HpUpdate
2015-05-18 20:50 - 2013-11-16 20:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 14:40 - 2013-09-04 23:54 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Skype
2015-05-16 11:44 - 2013-08-11 23:39 - 00000000 ____D () C:\Windows\Panther
2015-05-07 06:32 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-03 09:33 - 2013-08-30 12:24 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\vlc
2015-05-02 14:31 - 2013-08-11 15:40 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Bitdefender
2015-05-02 13:15 - 2014-12-09 00:08 - 00000000 ____D () C:\Users\xxxxx\Downloads\Bitdefender Safepay
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\xxxxx\AppData\Roaming\Amazon
2015-05-01 14:18 - 2013-09-28 14:43 - 00000000 ____D () C:\Users\Administrator

==================== Files in the root of some directories =======

2015-03-30 15:43 - 2015-04-18 09:43 - 0007601 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2013-08-27 22:10 - 2013-08-27 22:10 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 12:21

==================== End of log ============================
         


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by Administrator at 2015-05-30 08:48:50
Running from C:\Users\xxxxx\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-206298077-3871948171-1831049974-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-206298077-3871948171-1831049974-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-206298077-3871948171-1831049974-1003 - Limited - Enabled)
xxxxx (S-1-5-21-206298077-3871948171-1831049974-1000 - Limited - Enabled) => C:\Users\ xxxxx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abylon SHREDDER 10.00.2 (HKLM\...\abylonprotectionmanagerschredder_is1) (Version: 10.00.2 - abylonsoft)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.22.0.1521 - Bitdefender)
BleachBit (HKLM\...\BleachBit) (Version:  - BleachBit)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.5 - AsusTek Computer)
CBL Daten-Shredder (HKLM\...\{560E96B3-356D-4572-9FE3-B44F9AB92622}) (Version: 1.0.0 - CBL Datenrettung GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Exifer (HKLM\...\Exifer_is1) (Version:  - Friedemann Schmidt)
FileZilla Client 3.9.0.6 (HKLM\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version:  - Eusing Software)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GraphicsSwitch (HKLM\...\{0BC8B21E-EB38-4174-827B-89A5F80E8DDA}) (Version: 1.4 - AsusTek Computer Inc.)
GTText (HKLM\...\{C8187D08-DC8E-4382-9AEB-00F311C119F9}) (Version: 1.4.5 - SoftOCR)
Hantek6022BE Ver1.0.3 (HKLM\...\Hantek6022BE Ver1.0.3) (Version: 1.0.3 - ODM)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.32 - AsusTek Computer Inc.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{E5F9BFAF-2FD9-4637-BA4E-5C2BC3A0763D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IMAPSize 0.3.7 (HKLM\...\IMAPSize_is1) (Version:  - Broobles)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.29 - AsusTek Computer Inc.)
MailStore Home 8.2.1.10082 (HKLM\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Master (Version: 8.9.4 - Jumping Bytes) Hidden
Mobile Master 8.9.4 (HKLM\...\Mobile Master) (Version: 8.9.4 - Jumping Bytes)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
NetObjects Fusion 12.0 (HKLM\...\{8862CF22-E7DC-4828-A6F3-6CFD45D3DA01}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (Version: 12.00.5000.5041 - NetObjects) Hidden
NetObjects Fusion 2013 (HKLM\...\{ACA28148-D6FB-4910-9597-81A8F2FB0499}) (Version: 13.0 - NetObjects)
NetObjects Fusion 2013 (Version: 13.00.0000.5529 - NetObjects) Hidden
NetObjects Fusion 2015 (HKLM\...\{A1BF217F-776E-4A3D-B614-E2DCA0E177BB}) (Version: 15.0 - NetObjects)
NetObjects Fusion 2015 (Version: 15.00.0000.1035 - NetObjects) Hidden
NTRIP (HKLM\...\{4AAD21AD-EE06-46C9-8B57-28D53DF9FB06}_is1) (Version:  - NTRIP)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.17.12.5912 - NVIDIA Corporation)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Opera Mail 1.0 (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
Opera Mail 1.0 (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Opera 1.0.1040_1) (Version: 1.0.1040 - Opera Software ASA)
Opera Stable 16.0.1196.80 (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Opera 16.0.1196.80) (Version: 16.0.1196.80 - Opera Software ASA)
Opera Stable 29.0.1795.60 (HKLM\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.7.0 - Prolific Technology INC)
PL-2303 USB-to-Serial (HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.7.0 - Prolific Technology INC)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.18 - AsusTek Computer)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update miniHomer 2.8 Version 2.8 (HKLM\...\{A2A1ACE9-AD11-4026-B970-DCE8B33DCC44}_is1) (Version: 2.8 - ZNEX)
Vivaldi (HKU\S-1-5-21-206298077-3871948171-1831049974-500\...\Vivaldi) (Version: 1.0.118.19 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5500 - Broadcom Corporation)
Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Wondershare PDF to Word (Build 4.0.1) (HKLM\...\{90599D63-1879-4B90-BE4F-051CE70FA576}_is1) (Version: 4.0.1 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-206298077-3871948171-1831049974-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\ xxxxx \AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-206298077-3871948171-1831049974-500_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-206298077-3871948171-1831049974-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Administrator\AppData\Local\Vivaldi\Application\1.0.118.19\delegate_execute.exe (Vivaldi Technologies AS)

==================== Restore Points =========================

27-05-2015 01:23:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-05-26 23:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C1BD5DE-2241-465B-9D5C-F59AAB8284B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {473AC837-F783-42CA-825D-EBA894199286} - System32\Tasks\{9674201D-B3B5-4C7E-8EBB-171AC4AE91B2} => C:\Program Files\Opera\Opera.exe [2013-09-27] (Opera Software)
Task: {7389D224-1340-44B6-9219-4409A43A413E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {A0E102C7-FECF-4265-B086-CEE1DD933161} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B0112A1F-C848-4F97-B01B-A91E88F9EE72} - System32\Tasks\{924A3E18-76BE-4F54-89AE-05BDDBB0D12E} => C:\Program Files\Opera\Opera.exe [2013-09-27] (Opera Software)
Task: {BD689AEF-CC81-4D7C-9DBD-0241AD27FC45} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {D21728B9-58CF-417C-9803-1F1061E8FFA1} - System32\Tasks\Opera scheduled Autoupdate 1376228301 => C:\Program Files\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {D7F31F2A-B930-4F88-A09D-B0BB38EFF30F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe [2015-05-23] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-02 14:25 - 2014-08-27 16:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-05-02 14:25 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-05-02 14:25 - 2015-04-01 18:03 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-05-02 14:25 - 2012-10-29 14:22 - 00130656 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-05-07 22:11 - 2015-05-07 22:11 - 00682736 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttpbr.mdl
2015-05-07 22:11 - 2015-05-07 22:11 - 00603432 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttpdsp.mdl
2015-05-07 22:11 - 2015-05-07 22:11 - 02207112 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttpph.mdl
2015-05-07 22:11 - 2015-05-07 22:11 - 01131304 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00242_003\ashttprbl.mdl
2013-12-23 14:07 - 2012-11-19 16:21 - 00470120 _____ () C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe
2013-12-23 14:07 - 2012-11-19 16:21 - 02495592 _____ () C:\Program Files\abylonsoft\SAWipe\SAWCmn32X86.dll
2013-12-23 14:07 - 2012-11-19 16:21 - 00568424 _____ () C:\Program Files\abylonsoft\SAWipe\SAWLangX86.dll
2013-12-23 14:07 - 2012-11-19 16:22 - 02079848 _____ () C:\Program Files\abylonsoft\SAWipe\SAWToolsx86.dll
2013-08-12 23:28 - 2009-08-18 17:35 - 00219136 _____ () C:\Windows\System32\AsusService.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2013-12-23 14:07 - 2012-11-19 16:21 - 00393320 _____ () C:\Program Files\abylonsoft\SAWipe\SAWNTSec.DLL
2010-05-21 13:42 - 2010-05-21 13:42 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-12-23 14:07 - 2012-11-19 16:21 - 00260712 _____ () C:\Program Files\abylonsoft\SAWipe\SAWOle.dll
2011-07-13 09:38 - 2011-07-13 09:38 - 00181664 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Administrator\Downloads\FWUpdateEDO2_305748.exe:BDU
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\ xxxxx \Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\ xxxxx \Desktop\Defogger.exe:BDU
AlternateDataStreams: C:\Users\ xxxxx \Desktop\Gmer-19357.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\100sexlinks.com -> 100sexlinks.com

There are 6046 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-206298077-3871948171-1831049974-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ xxxxx \AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-206298077-3871948171-1831049974-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{37B7B9D2-3416-4790-A9D4-6A01C597D2D9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{412AB60C-C8F8-4A40-9B5C-DC77F185B2F1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{1EBCF635-8C2C-4FF6-90A8-3987AB7D57D6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{A9D4D405-A4D9-4003-9D5C-3A75DABFD02E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{C095AA04-B1E2-4BED-A294-3976DB7E3871}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{995A8215-454B-4F2C-BBD6-DD8DE339D866}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D340A456-C30E-46A1-9014-DAC07F6AA5FA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CC0B7014-49EB-432D-BAF6-D57131743366}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{5372BA9F-1153-48B2-8896-5EB7B389280C}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{2A8A92BC-72D0-4C42-9DFC-7CDC25B0CD07}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{58E7CB00-FBD8-4643-A45B-DCFF435960D8}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{F0466FFB-B756-4866-9474-D54A28D9FC14}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{6F218F7F-F244-451F-88DB-A2E1F5B6BB74}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A0BD8D53-113C-47EC-B71F-26F5145E44AB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{6D0DFEE5-B772-4A9B-938C-637054D7D257}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F2FCB908-0D8D-470A-874C-2C3A3701E9F8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{78C553E3-5BD3-4296-A484-84CFCE199347}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BAEF5889-C926-4D39-8439-814894586B27}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7A70B78D-EC06-408F-AE40-BC59A87E0BBE}] => (Allow) C:\Users\Administrator\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{5C1912E2-8D88-4757-932A-4844A9A077F7}C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [UDP Query User{5396E197-A033-4960-B857-9A685CC47757}C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [{375A207E-D433-4607-BCA5-9D8D3DDE0E53}] => (Block) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [{30B85B8E-C31D-4E18-9096-59F9E6F11E50}] => (Block) C:\users\administrator\appdata\local\temp\rarsfx0\x32\pcsftool.exe

==================== Faulty Device Manager Devices =============

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2015 08:22:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 11:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 05:09:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 06:00:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 00:36:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/27/2015 10:54:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/27/2015 10:54:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (05/29/2015 08:22:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (05/29/2015 08:22:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Hantek6022BE DRIVER 2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1058

Error: (05/28/2015 11:35:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/28/2015 11:35:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.

Error: (05/28/2015 11:34:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (05/28/2015 11:33:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Hantek6022BE DRIVER 2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1058

Error: (05/28/2015 05:16:39 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (05/28/2015 05:16:39 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (05/28/2015 05:16:30 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (05/28/2015 05:16:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.


Microsoft Office:
=========================
Error: (05/29/2015 08:22:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 11:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 05:09:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 06:00:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 00:36:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8600\DriverStore\Pipeline\amd64\hpinkins5912.exe

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\SAWSetupX64.EXE

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\SAWipeX64.EXE

Error: (05/28/2015 00:36:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\AdminCallX64.EXE

Error: (05/27/2015 10:54:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8600\DriverStore\Pipeline\amd64\hpinkins5912.exe

Error: (05/27/2015 10:54:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\abylonsoft\SAWipe\SAWSetupX64.EXE


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU N570 @ 1.66GHz
Percentage of memory in use: 70%
Total physical RAM: 2038.05 MB
Available physical RAM: 591.28 MB
Total Pagefile: 8038.05 MB
Available Pagefile: 5682.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:150.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9949D096)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of log ============================
         
ob es noch Probleme gibt, kann ich momentan noch nicht erkennen. Der letzte Phisingversuch war am 25.05.
Ich werde nachher versuchen ebay aufzurufen um zu schauen, ob ich wieder umgeleitet werden soll.
Sind die Funde in Quarantäne oder gelöscht?

klingt komisch...aber ich freue mich über die Funde....
besser als ein ungutes Gefühl ob nicht doch was im Hintergrund werkelt

bin am überlegen ob ich mal eset ausprobiere ? wie ist Deine Meinung dazu?
oder fiele dies unter Werbung ?

Geändert von harryS (30.05.2015 um 09:37 Uhr)

Antwort

Themen zu bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe
adobe, blockiert, blockierte webseitzugänge, browser, computer, defender, eeepc, explorer, flash player, homepage, infizierte, internet, mozilla, netzwerk, nvpciflt.sys, officejet, phishing, port, registry, rundll, scan, schutz, security, software, superantispyware, system, temp, tracker, windows



Ähnliche Themen: bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe


  1. Win 7: Antivir lässt sich nicht mehr öffnen und ich habe "One-Klick-Fishing"-Versuche auf Videos z.B. Facebook
    Log-Analyse und Auswertung - 04.11.2015 (33)
  2. Pishing Versuch von Bitdefender erkannt Teil 1
    Log-Analyse und Auswertung - 06.10.2015 (27)
  3. Pishing Versuch von Bitdefender erkannt Teil 3
    Mülltonne - 30.09.2015 (1)
  4. Bitdefender hat 369 passwortgeschütze Archive gefunden! Nicht scanbar
    Plagegeister aller Art und deren Bekämpfung - 12.07.2015 (41)
  5. Möglicherweiße infizierte Seite aufgerufen (Javascript)
    Diskussionsforum - 26.11.2014 (4)
  6. Bitdefender Internet Security 2015 meldet ständig infizierte Webressource
    Plagegeister aller Art und deren Bekämpfung - 21.10.2014 (17)
  7. BitDefender meldet mir ständig infizierte Webressource
    Log-Analyse und Auswertung - 23.09.2014 (20)
  8. Windows 7: Bitdefender findet infizierte Dateien
    Log-Analyse und Auswertung - 26.08.2014 (7)
  9. Hijack / Trojaner in Firefox - Werbe-Websites werden aufgerufen
    Log-Analyse und Auswertung - 24.04.2014 (9)
  10. Windows 7 64bit - Bitdefender findet bereits 37 infizierte Dateien, Groupon E-Mail geöffnet
    Log-Analyse und Auswertung - 24.09.2013 (11)
  11. PC zeigt Werbung an, wo keine hingehört; öffnet Seiten, ohne das ich sie aufgerufen habe
    Log-Analyse und Auswertung - 04.07.2013 (11)
  12. Ich habe 17 infizierte Objekte mit Malwarebytes' Anti-Malware gefunden
    Log-Analyse und Auswertung - 02.07.2012 (4)
  13. Firefox/IE leiten mich auf Seiten die ich garnicht aufgerufen habe !
    Antiviren-, Firewall- und andere Schutzprogramme - 19.04.2011 (9)
  14. BitDefender deinstalliert - BitDefender evtl. nicht installiert/nicht mehr aktuell
    Antiviren-, Firewall- und andere Schutzprogramme - 07.10.2009 (16)
  15. bitdefender hat viren erkannt, kann aber diese nicht löschen
    Mülltonne - 25.08.2008 (0)
  16. bitdefender hat viren erkannt, kann aber nicht löschen
    Mülltonne - 25.08.2008 (0)
  17. Habe mehrere Trojaner beim durchlaufen von Bitdefender gefunden,brauche Hilfe bitte .
    Plagegeister aller Art und deren Bekämpfung - 03.01.2008 (11)

Zum Thema bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe - Hallo, bitdefender Internet Security 2015 meldet inzwischen 38 Probleme. Es wurden Phishing Versuche erkannt und infizierte Websites erkannt. Liefert mir aber keine weitere Hilfe. Ich habe auch Antimalware ohne Fund - bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe...
Archiv
Du betrachtest: bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.