TR/Firehooker.1825 Infektion gefunden von Avira

muffti · 13.12.2015, 22:05

Hallo zusammen,

nach längerer Pause hats mein Tablet jetzt erwischt. Avira meldet trotz Quarantäne und Löschversuchen oben genannten Virus. Ich möchte Euch um Eure Hilfe bitten.

Hier wie in der Anleitung beschrieben die Logs:
Avira:

Avira Professional Security
Report file date: Sonntag, 13. Dezember 2015 19:46

The program is running as an unrestricted full version.
Online services are available.

Licensee :
Serial number :
Platform : Windows 8.1 Enterprise
Windows version : (plain) [6.2.9200]
Boot mode : Normally booted
Username : User
Computer name : ELITEPAD1000

Version information:
BUILD.DAT : 14.0.13.106 91073 Bytes 9/17/2015 15:42:00
AVSCAN.EXE : 14.0.13.104 1110608 Bytes 10/24/2015 10:58:59
AVSCANRC.DLL : 14.0.13.90 57912 Bytes 10/24/2015 10:58:59
LUKE.DLL : 14.0.13.103 66664 Bytes 10/24/2015 10:59:16
AVSCPLR.DLL : 14.0.13.104 100136 Bytes 10/24/2015 10:58:59
REPAIR.DLL : 14.0.13.103 515256 Bytes 10/24/2015 10:58:57
REPAIR.RDF : 1.0.12.98 1395721 Bytes 12/8/2015 19:32:27
AVREG.DLL : 14.0.13.90 287608 Bytes 10/24/2015 10:58:56
AVLODE.DLL : 14.0.13.103 618744 Bytes 10/24/2015 10:58:54
AVLODE.RDF : 14.0.5.18 88653 Bytes 12/9/2015 14:10:46
XBV00030.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:03
XBV00031.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:04
XBV00032.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:06
XBV00033.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:06
XBV00034.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:08
XBV00035.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:16
XBV00036.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:16
XBV00037.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:17
XBV00038.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:18
XBV00039.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:20
XBV00040.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:23
XBV00041.VDF : 8.11.165.190 2048 Bytes 8/7/2014 17:09:54
XBV00094.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00095.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00096.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00097.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00098.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00099.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00100.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00101.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00102.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00103.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:14
XBV00104.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00105.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00106.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00107.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00108.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00109.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00110.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00111.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00112.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00113.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00114.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00115.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00116.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00117.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00118.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00119.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00120.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:15
XBV00121.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00122.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00123.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00124.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00125.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00126.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00127.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00128.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00129.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00130.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00131.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00132.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00133.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00134.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00135.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00136.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00137.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00138.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00139.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00140.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:16
XBV00141.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00142.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00143.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00144.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00145.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00146.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00147.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00148.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00149.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00150.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00151.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00152.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00153.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00154.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00155.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00156.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00157.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:17
XBV00158.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00159.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00160.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00161.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00162.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00163.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00164.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00165.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00166.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00167.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00168.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00169.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00170.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00171.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00172.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00173.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:18
XBV00174.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00175.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00176.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00177.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00178.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00179.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00180.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00181.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00182.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00183.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00184.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00185.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00186.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00187.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00188.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00189.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00190.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00191.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00192.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00193.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00194.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00195.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:19
XBV00196.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00197.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00198.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00199.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00200.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00201.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00202.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00203.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00204.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00205.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00206.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00207.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:20
XBV00208.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00209.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00210.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00211.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00212.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00213.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00214.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00215.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00216.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00217.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00218.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00219.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00220.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00221.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00222.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00223.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00224.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00225.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00226.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00227.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:21
XBV00228.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00229.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00230.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00231.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00232.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00233.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00234.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00235.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00236.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00237.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00238.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00239.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00240.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00241.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00242.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00243.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00244.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00245.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00246.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00247.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00248.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:22
XBV00249.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:23
XBV00250.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:23
XBV00251.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:23
XBV00252.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:23
XBV00253.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:23
XBV00254.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:23
XBV00255.VDF : 8.12.34.234 2048 Bytes 12/8/2015 19:32:23
XBV00000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 11:40:31
XBV00001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 11:40:31
XBV00002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 11:40:31
XBV00003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 11:40:31
XBV00004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 11:40:31
XBV00005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 11:40:31
XBV00006.VDF : 7.11.139.38 15708672 Bytes 3/27/2014 17:07:54
XBV00007.VDF : 7.11.152.100 4193792 Bytes 6/2/2014 17:07:58
XBV00008.VDF : 8.11.165.192 4251136 Bytes 8/7/2014 17:08:03
XBV00009.VDF : 8.11.172.30 2094080 Bytes 9/15/2014 17:08:05
XBV00010.VDF : 8.11.178.32 1581056 Bytes 10/14/2014 17:08:07
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11/11/2014 17:08:10
XBV00012.VDF : 8.11.190.32 1876992 Bytes 12/3/2014 11:50:59
XBV00013.VDF : 8.11.201.28 2973696 Bytes 1/14/2015 11:50:59
XBV00014.VDF : 8.11.206.252 2695680 Bytes 2/4/2015 11:50:59
XBV00015.VDF : 8.11.213.84 3175936 Bytes 3/3/2015 11:50:59
XBV00016.VDF : 8.11.213.176 212480 Bytes 3/5/2015 11:50:59
XBV00017.VDF : 8.11.219.166 2033664 Bytes 3/25/2015 11:50:59
XBV00018.VDF : 8.11.225.88 2367488 Bytes 4/22/2015 11:50:59
XBV00019.VDF : 8.11.230.186 1674752 Bytes 5/13/2015 11:50:59
XBV00020.VDF : 8.11.237.30 4711936 Bytes 6/2/2015 22:08:52
XBV00021.VDF : 8.11.243.12 2747904 Bytes 6/26/2015 22:08:53
XBV00022.VDF : 8.11.248.172 2350592 Bytes 7/17/2015 18:57:35
XBV00023.VDF : 8.11.254.112 2570752 Bytes 8/7/2015 18:57:39
XBV00024.VDF : 8.12.3.6 2196480 Bytes 8/27/2015 18:57:42
XBV00025.VDF : 8.12.8.238 1951232 Bytes 9/16/2015 18:57:45
XBV00026.VDF : 8.12.16.180 2211328 Bytes 10/7/2015 11:31:17
XBV00027.VDF : 8.12.21.126 2252288 Bytes 10/27/2015 06:48:31
XBV00028.VDF : 8.12.28.114 2935296 Bytes 11/17/2015 14:28:54
XBV00029.VDF : 8.12.34.234 2203648 Bytes 12/8/2015 19:32:11
XBV00042.VDF : 8.12.34.242 3584 Bytes 12/8/2015 19:32:11
XBV00043.VDF : 8.12.34.244 2048 Bytes 12/8/2015 19:32:11
XBV00044.VDF : 8.12.34.248 3584 Bytes 12/8/2015 19:32:11
XBV00045.VDF : 8.12.34.252 6656 Bytes 12/8/2015 19:32:11
XBV00046.VDF : 8.12.34.254 12800 Bytes 12/8/2015 19:32:11
XBV00047.VDF : 8.12.35.0 2048 Bytes 12/8/2015 19:32:11
XBV00048.VDF : 8.12.35.2 2048 Bytes 12/8/2015 19:32:11
XBV00049.VDF : 8.12.35.6 10752 Bytes 12/8/2015 19:32:11
XBV00050.VDF : 8.12.35.8 7680 Bytes 12/8/2015 19:32:11
XBV00051.VDF : 8.12.35.10 4608 Bytes 12/8/2015 19:32:11
XBV00052.VDF : 8.12.35.12 4608 Bytes 12/8/2015 06:25:07
XBV00053.VDF : 8.12.35.14 7680 Bytes 12/8/2015 06:25:07
XBV00054.VDF : 8.12.35.20 35328 Bytes 12/9/2015 06:25:07
XBV00055.VDF : 8.12.35.22 2048 Bytes 12/9/2015 06:25:07
XBV00056.VDF : 8.12.35.24 7680 Bytes 12/9/2015 08:10:43
XBV00057.VDF : 8.12.35.26 8192 Bytes 12/9/2015 10:10:44
XBV00058.VDF : 8.12.35.28 3584 Bytes 12/9/2015 10:10:44
XBV00059.VDF : 8.12.35.32 97280 Bytes 12/9/2015 11:20:38
XBV00060.VDF : 8.12.35.40 6656 Bytes 12/9/2015 11:20:38
XBV00061.VDF : 8.12.35.46 5120 Bytes 12/9/2015 11:20:38
XBV00062.VDF : 8.12.35.52 4608 Bytes 12/9/2015 11:20:38
XBV00063.VDF : 8.12.35.58 3072 Bytes 12/9/2015 11:20:38
XBV00064.VDF : 8.12.35.60 3072 Bytes 12/9/2015 11:20:38
XBV00065.VDF : 8.12.35.62 3072 Bytes 12/9/2015 11:20:38
XBV00066.VDF : 8.12.35.64 9216 Bytes 12/10/2015 11:20:38
XBV00067.VDF : 8.12.35.66 2048 Bytes 12/10/2015 11:20:38
XBV00068.VDF : 8.12.35.68 2048 Bytes 12/10/2015 11:20:38
XBV00069.VDF : 8.12.35.70 2048 Bytes 12/10/2015 11:20:38
XBV00070.VDF : 8.12.35.72 7168 Bytes 12/10/2015 11:20:38
XBV00071.VDF : 8.12.35.74 7168 Bytes 12/10/2015 11:20:38
XBV00072.VDF : 8.12.35.76 7680 Bytes 12/10/2015 11:20:38
XBV00073.VDF : 8.12.35.92 59392 Bytes 12/10/2015 22:01:40
XBV00074.VDF : 8.12.35.94 2048 Bytes 12/10/2015 22:01:40
XBV00075.VDF : 8.12.35.104 13312 Bytes 12/10/2015 22:01:40
XBV00076.VDF : 8.12.35.114 6144 Bytes 12/10/2015 22:01:40
XBV00077.VDF : 8.12.35.124 10240 Bytes 12/10/2015 23:02:49
XBV00078.VDF : 8.12.35.136 40960 Bytes 12/11/2015 13:59:55
XBV00079.VDF : 8.12.35.146 2048 Bytes 12/11/2015 13:59:55
XBV00080.VDF : 8.12.35.156 9216 Bytes 12/11/2015 13:59:55
XBV00081.VDF : 8.12.35.166 28672 Bytes 12/11/2015 13:59:55
XBV00082.VDF : 8.12.35.176 2048 Bytes 12/11/2015 13:59:55
XBV00083.VDF : 8.12.35.188 8192 Bytes 12/11/2015 13:59:55
XBV00084.VDF : 8.12.35.198 2048 Bytes 12/11/2015 13:59:55
XBV00085.VDF : 8.12.35.200 2048 Bytes 12/11/2015 13:59:55
XBV00086.VDF : 8.12.35.210 27136 Bytes 12/11/2015 18:05:13
XBV00087.VDF : 8.12.35.220 7168 Bytes 12/11/2015 18:05:13
XBV00088.VDF : 8.12.35.224 84992 Bytes 12/12/2015 18:05:13
XBV00089.VDF : 8.12.35.242 37888 Bytes 12/12/2015 18:05:13
XBV00090.VDF : 8.12.35.250 51712 Bytes 12/13/2015 18:05:13
XBV00091.VDF : 8.12.36.2 2048 Bytes 12/13/2015 18:05:13
XBV00092.VDF : 8.12.36.12 20992 Bytes 12/13/2015 18:05:13
XBV00093.VDF : 8.12.36.26 8192 Bytes 12/13/2015 18:05:13
LOCAL000.VDF : 8.12.36.26 147118592 Bytes 12/13/2015 18:05:51
Engine version : 8.3.34.88
AEBB.DLL : 8.1.3.0 59296 Bytes 11/26/2015 14:28:47
AECORE.DLL : 8.3.9.0 249920 Bytes 11/15/2015 18:21:08
AEDROID.DLL : 8.4.3.348 1800104 Bytes 11/6/2015 13:10:36
AEEMU.DLL : 8.1.3.6 404328 Bytes 11/26/2015 14:28:47
AEEXP.DLL : 8.4.2.136 289920 Bytes 12/4/2015 13:33:51
AEGEN.DLL : 8.1.8.10 491576 Bytes 12/4/2015 13:33:49
AEHELP.DLL : 8.3.2.6 284584 Bytes 11/26/2015 14:28:48
AEHEUR.DLL : 8.1.4.2078 9939824 Bytes 12/4/2015 13:33:51
AEMOBILE.DLL : 8.1.8.10 301936 Bytes 11/26/2015 14:28:52
AEOFFICE.DLL : 8.3.1.56 408432 Bytes 10/24/2015 10:58:48
AEPACK.DLL : 8.4.1.20 801920 Bytes 12/4/2015 13:33:51
AERDL.DLL : 8.2.1.38 813928 Bytes 11/6/2015 13:10:32
AESBX.DLL : 8.2.21.2 1629032 Bytes 11/6/2015 13:10:34
AESCN.DLL : 8.3.4.0 141216 Bytes 11/15/2015 18:21:10
AESCRIPT.DLL : 8.3.0.6 542632 Bytes 12/4/2015 13:33:51
AEVDF.DLL : 8.3.2.4 141216 Bytes 11/26/2015 14:28:52
AVWINLL.DLL : 14.0.13.90 29600 Bytes 10/24/2015 10:58:41
AVPREF.DLL : 14.0.13.90 55864 Bytes 10/24/2015 10:58:56
AVREP.DLL : 14.0.13.90 225320 Bytes 10/24/2015 10:58:56
AVARKT.DLL : 14.0.13.90 232000 Bytes 10/24/2015 10:58:50
AVEVTLOG.DLL : 14.0.13.103 189752 Bytes 10/24/2015 10:58:52
SQLITE3.DLL : 14.0.13.90 461672 Bytes 10/24/2015 10:59:21
AVSMTP.DLL : 14.0.13.90 82120 Bytes 10/24/2015 10:58:59
NETNT.DLL : 14.0.13.90 18792 Bytes 10/24/2015 10:59:16
rcimage.dll : 14.0.13.103 5101304 Bytes 10/24/2015 10:58:41
rctext.dll : 14.0.13.90 78000 Bytes 10/24/2015 10:58:41

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Sonntag, 13. Dezember 2015 19:46

Start scanning boot sectors:
Boot sector 'HDD0(C:, D

'
[INFO] No virus was found!

Starting search for hidden objects.
Error in ARK library

The scan of running processes will be started:
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'dwm.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '106' Module(s) have been scanned
Scan process 'svchost.exe' - '183' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '111' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'WLANExt.exe' - '36' Module(s) have been scanned
Scan process 'conhost.exe' - '12' Module(s) have been scanned
Scan process 'spoolsv.exe' - '93' Module(s) have been scanned
Scan process 'sched.exe' - '82' Module(s) have been scanned
Scan process 'avguard.exe' - '118' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'dashost.exe' - '43' Module(s) have been scanned
Scan process 'DnsBlockUpdateSvc.exe' - '71' Module(s) have been scanned
Scan process 'DptfParticipantProcessorService.exe' - '17' Module(s) have been scanned
Scan process 'DptfPolicyCriticalService.exe' - '17' Module(s) have been scanned
Scan process 'DptfPolicyLpmService.exe' - '16' Module(s) have been scanned
Scan process 'ihpmServer.exe' - '54' Module(s) have been scanned
Scan process 'HeciServer.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'avmailc7.exe' - '44' Module(s) have been scanned
Scan process 'avwebg7.exe' - '63' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'taskhostex.exe' - '49' Module(s) have been scanned
Scan process 'Explorer.EXE' - '198' Module(s) have been scanned
Scan process 'TabTip.exe' - '45' Module(s) have been scanned
Scan process 'TabTip32.exe' - '21' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'DptfPolicyLpmServiceHelper.exe' - '13' Module(s) have been scanned
Scan process 'RtkNGUI64.exe' - '43' Module(s) have been scanned
Scan process 'igfxtray.exe' - '33' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '34' Module(s) have been scanned
Scan process 'hkcmd.exe' - '31' Module(s) have been scanned
Scan process 'igfxpers.exe' - '34' Module(s) have been scanned
Scan process 'InputPersonalization.exe' - '50' Module(s) have been scanned
Scan process 'avgnt.exe' - '125' Module(s) have been scanned
Scan process 'RuntimeBroker.exe' - '28' Module(s) have been scanned
Scan process 'jusched.exe' - '47' Module(s) have been scanned
Scan process 'DnsBlockTray.exe' - '32' Module(s) have been scanned
Scan process 'firefox.exe' - '160' Module(s) have been scanned
Scan process 'plugin-container.exe' - '79' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_20_0_0_235.exe' - '50' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_20_0_0_235.exe' - '69' Module(s) have been scanned
Scan process 'jhi_service.exe' - '35' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '28' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'avcenter.exe' - '133' Module(s) have been scanned
Scan process 'avscan.exe' - '114' Module(s) have been scanned
Scan process 'vssvc.exe' - '39' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '26' Module(s) have been scanned
Scan process 'wininit.exe' - '15' Module(s) have been scanned
Scan process 'winlogon.exe' - '28' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1230' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\swapfile.sys
[WARNING] The file could not be opened!
C:\Windows\SysWOW64\MQG4DECD.DLL
[DETECTION] Is the TR/FireHooker.1825 Trojan
Begin scan in 'D:\'
Search path D:\ could not be opened!
Unknown error <-2144272384>

Beginning disinfection:
C:\Windows\SysWOW64\MQG4DECD.DLL
[DETECTION] Is the TR/FireHooker.1825 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b9d4108.qua'!

End of the scan: Sonntag, 13. Dezember 2015 20:14
Used time: 27:34 Minute(s)

The scan has been done completely.

35168 Scanned directories
475120 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
475118 Files not concerned
6666 Archives were scanned
1 Warnings
1 Notes
919 Objects were scanned with rootkit scan
0 Hidden objects were found

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by User (administrator) on ELITEPAD1000 (13-12-2015 19:41:36)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 Enterprise (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\DnsBlockUpdateSvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
() C:\Program Files (x86)\RayDld\ihpmServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpdfe] => C:\Program Files\Hewlett-Packard\Shared\hpdfe.exe [325816 2014-01-03] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-01-20] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe [3318488 2014-01-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [738224 2015-10-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [DnsBlock] => C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe [826912 2015-11-15] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Winsock: Catalog5 05 C:\Windows\SysWOW64\DnsBlockA.dll [343584 2015-11-15] (DnsBlock)
Winsock: Catalog5 09 C:\Windows\SysWOW64\DnsBlockB.dll [343584 2015-11-15] (DnsBlock)
Winsock: Catalog5-x64 05 C:\Windows\system32\DnsBlockA.dll [434208 2015-11-15] (DnsBlock)
Winsock: Catalog5-x64 09 C:\Windows\system32\DnsBlockB.dll [433696 2015-11-15] (DnsBlock)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{956F45A2-A224-4257-9411-009FC141564F}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2038875719-2975076231-4046231055-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartpageing.com/?type=hp&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartpageing.com/?type=hp&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartpageing.com/?type=hp&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartpageing.com/?type=hp&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1&q={searchTerms}
HKU\S-1-5-21-2038875719-2975076231-4046231055-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartpageing.com/?type=hp&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1
HKU\S-1-5-21-2038875719-2975076231-4046231055-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartpageing.com/?type=hp&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {6374D37B-8A33-4EFF-A0E8-6B989841AAEB} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1447612330&z=2230cbfe353bc0d263ccc07g9zdz3m4qbg9oac0c9e&from=cvs2&uid=3219913727_198264_5cc4e3a1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2038875719-2975076231-4046231055-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2038875719-2975076231-4046231055-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2038875719-2975076231-4046231055-1001 -> {6374D37B-8A33-4EFF-A0E8-6B989841AAEB} URL = hxxp://www.startseite24.net/?q={searchTerms}
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{4DDEF163-FE2A-4ACF-A182-B88A178C8B95}\{D82673AE-001A-4382-A7EE-672D11F49BD6}.bin [2015-12-13] (Download Protect)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-28] (Oracle Corporation)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{C94231EC-66A5-4320-B097-484B32511BAD}\{43BCE9FD-310B-48A4-8BE8-70E7EC3EECCE}.bin [2015-12-13] (Download Protect)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-28] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zhkchf5r.default-1447613874437
FF DefaultSearchEngine: google
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF SelectedSearchEngine: google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zhkchf5r.default-1447613874437\user.js [2015-12-13]
FF HKLM-x32\...\Firefox\Extensions: [{08B7BA11-BBB8-4481-949B-4C83D76A431A}] - C:\Windows\Installer\{69F373F3-5013-4B60-913E-15559F252C35}\{08B7BA11-BBB8-4481-949B-4C83D76A431A}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{69F373F3-5013-4B60-913E-15559F252C35}\{08B7BA11-BBB8-4481-949B-4C83D76A431A}.xpi [2015-12-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [835616 2015-10-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [456528 2015-10-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [456528 2015-10-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1014288 2015-10-24] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 DnsBlockUpdateSvc; C:\Windows\system32\DnsBlockUpdateSvc.exe [151072 2015-11-15] ()
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [80384 2014-01-20] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-01-20] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-01-20] (Intel Corporation)
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [271464 2015-11-10] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 hpqwmiex; "C:\Users\User\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-10-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-09-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-05-29] (Avira Operations GmbH & Co. KG)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [366808 2013-10-16] (Broadcom Corp)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [31744 2014-10-29] (Microsoft Corporation)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [150744 2013-09-10] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [479232 2014-01-20] (Intel Corporation)
R3 DASL; C:\Windows\system32\DRIVERS\DASL64.sys [86200 2014-01-03] (Hewlett-Packard)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [29424 2014-01-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-01-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [94960 2014-01-20] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-01-20] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-01-20] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [21504 2014-01-20] (Intel Corporation)
S3 gwiopm; C:\Program Files (x86)\Slotman\gwiopm.sys [3904 1998-06-03] () [File not signed]
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-01-20] (Intel Corporation)
R3 iaiospi; C:\Windows\System32\drivers\iaiospi.sys [65024 2014-01-20] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [101376 2014-01-20] (Intel Corporation)
R3 imx175; C:\Windows\system32\DRIVERS\imx175.sys [73728 2014-01-20] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [312320 2014-01-20] (Intel(R) Corporation)
S3 LAN9500; C:\Windows\system32\DRIVERS\lan9500-x64-n630f.sys [83968 2014-08-19] (SMSC)
R3 Lm3554; C:\Windows\System32\drivers\lm3554.sys [31232 2014-01-20] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [27600 2014-01-20] (Intel Corporation)
R3 ov2722; C:\Windows\System32\drivers\ov2722.sys [53760 2014-01-20] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [57344 2014-01-20] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [192216 2014-01-13] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88080 2014-01-20] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 19:41 - 2015-12-13 19:41 - 00018051 _____ C:\Users\User\Downloads\FRST.txt
2015-12-13 19:41 - 2015-12-13 19:41 - 00000000 ____D C:\FRST
2015-12-13 19:40 - 2015-12-13 19:41 - 02369536 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-12-13 19:39 - 2015-12-13 19:39 - 01720320 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-12-13 19:37 - 2015-12-13 19:37 - 00000000 ____D C:\Program Files\{4DDEF163-FE2A-4ACF-A182-B88A178C8B95}
2015-12-13 19:37 - 2015-12-13 19:37 - 00000000 ____D C:\Program Files (x86)\{C94231EC-66A5-4320-B097-484B32511BAD}
2015-12-11 15:00 - 2015-12-11 15:00 - 00005120 _____ C:\Windows\SysWOW64\RotMgr32.dll
2015-12-08 21:25 - 2015-12-08 21:26 - 00608470 _____ C:\Users\User\Downloads\Slotman_1131a_Help_e.zip
2015-12-08 20:58 - 2015-12-08 21:00 - 00000000 ____D C:\Program Files (x86)\Slotman
2015-12-08 20:58 - 2015-12-08 20:58 - 02063652 _____ C:\Users\User\Downloads\Slotman_1131a_e.exe
2015-12-08 20:58 - 2015-12-08 20:58 - 00001007 _____ C:\Users\User\Desktop\Slotman.lnk
2015-12-08 20:58 - 2015-12-08 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slotman
2015-12-08 20:37 - 2015-12-08 20:37 - 00499994 _____ C:\Users\User\Downloads\Slotman608_Doku.zip
2015-12-08 20:37 - 2015-12-08 20:37 - 00000000 ____D C:\Users\User\Downloads\Slotman608_Doku
2015-12-08 20:37 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 20:36 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 20:36 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 20:36 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 20:36 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 20:36 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 20:36 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 20:36 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 20:36 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 20:36 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 20:36 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 20:36 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 20:36 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 20:36 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 20:36 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 20:36 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 20:36 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 20:36 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 20:36 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 20:36 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 20:36 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 20:36 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 20:36 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 20:36 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 20:36 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 20:36 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 20:36 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 20:36 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 20:36 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 20:36 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 20:36 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 20:36 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 20:36 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 20:36 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 20:36 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 20:36 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 20:36 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 20:36 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 20:36 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 20:36 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 20:35 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 20:35 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 20:35 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 20:35 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 20:35 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 20:35 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 20:35 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 20:35 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 20:35 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 20:35 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 20:35 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 20:35 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 20:35 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 20:35 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 20:35 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 20:35 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 20:35 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 20:35 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 20:35 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 20:35 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 20:35 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 20:35 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 20:35 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 20:35 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 20:35 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 20:35 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 20:35 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 20:35 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 20:35 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 20:35 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 20:35 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 20:35 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 20:35 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 20:35 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 20:35 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 20:35 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 20:35 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 20:35 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-08 20:35 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 20:35 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-08 20:35 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 20:35 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-08 20:35 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 20:35 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-08 20:35 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-08 20:35 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-08 20:35 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-08 20:35 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-08 20:35 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-08 20:35 - 2015-10-10 19:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-08 20:35 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-08 20:35 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-08 20:35 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-08 20:35 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-08 20:35 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 20:34 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-08 20:34 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-08 20:30 - 2015-12-08 20:38 - 00000000 ____D C:\Users\User\Documents\Slotman608
2015-12-05 14:14 - 2015-12-05 14:27 - 00044544 _____ C:\Users\User\Desktop\Mitgliederliste f Startliste.xls
2015-12-02 09:12 - 2015-12-02 09:12 - 02298424 ____T C:\Users\User\Documents\Weihnachtsfeier 2015.oxps
2015-12-02 09:12 - 2015-12-02 09:12 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp
2015-11-29 13:41 - 2015-11-29 13:42 - 00061440 _____ C:\Users\User\Desktop\Mitgliederliste master.xls
2015-11-29 08:41 - 2015-11-29 08:41 - 05626824 _____ C:\Users\User\Downloads\Update SEPA Account Converter.exe
2015-11-29 08:41 - 2015-11-29 08:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2015-11-29 08:41 - 2015-11-29 08:41 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2015-11-29 08:40 - 2015-11-29 08:41 - 00002429 _____ C:\Users\User\Desktop\SEPA Account Converter.lnk
2015-11-29 08:40 - 2015-11-29 08:40 - 00000000 ____D C:\Program Files (x86)\BIVG Hannover
2015-11-29 08:39 - 2015-11-29 08:39 - 01734144 _____ C:\Users\User\Downloads\sepa_account_converter.msi
2015-11-15 20:07 - 2015-11-15 20:07 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2015-11-15 20:06 - 2015-12-13 19:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-15 20:06 - 2015-12-08 21:01 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-15 20:05 - 2015-11-23 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-15 19:57 - 2015-11-15 19:57 - 00000000 ____D C:\Users\User\Desktop\Alte Firefox-Daten
2015-11-15 19:37 - 2015-11-15 19:37 - 00005120 _____ C:\Windows\SysWOW64\MQG4DECD.DLL
2015-11-15 19:35 - 2015-11-15 20:07 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-11-15 19:35 - 2015-11-15 19:35 - 00000000 ____D C:\Users\User\AppData\Roaming\dlg
2015-11-15 19:34 - 2015-12-13 19:37 - 00000680 __RSH C:\ProgramData\ntuser.pol
2015-11-15 19:34 - 2015-12-06 14:57 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG
2015-11-15 19:34 - 2015-12-06 14:57 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-15 19:33 - 2015-12-06 14:57 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2015-11-15 19:33 - 2015-12-06 14:57 - 00000000 ____D C:\ProgramData\AVG
2015-11-15 19:32 - 2015-11-15 20:00 - 00000000 ____D C:\Users\User\AppData\Roaming\istartpageing
2015-11-15 19:32 - 2015-11-15 19:34 - 00151072 _____ C:\Windows\system32\DnsBlockUpdateSvc.exe
2015-11-15 19:32 - 2015-11-15 19:32 - 00471968 _____ C:\Windows\SysWOW64\dns.block
2015-11-15 19:32 - 2015-11-15 19:32 - 00471968 _____ C:\Windows\system32\dns.block
2015-11-15 19:32 - 2015-11-15 19:32 - 00434208 _____ (DnsBlock) C:\Windows\system32\DnsBlockA.dll
2015-11-15 19:32 - 2015-11-15 19:32 - 00433696 _____ (DnsBlock) C:\Windows\system32\DnsBlockB.dll
2015-11-15 19:32 - 2015-11-15 19:32 - 00343584 _____ (DnsBlock) C:\Windows\SysWOW64\DnsBlockB.dll
2015-11-15 19:32 - 2015-11-15 19:32 - 00343584 _____ (DnsBlock) C:\Windows\SysWOW64\DnsBlockA.dll
2015-11-15 19:32 - 2015-11-15 19:32 - 00000000 ____D C:\Users\User\AppData\Local\DnsBlock
2015-11-15 19:32 - 2015-11-15 19:32 - 00000000 ____D C:\Program Files (x86)\RayDld
2015-11-15 19:32 - 2015-11-15 19:32 - 00000000 ____D C:\Program Files (x86)\DnsBlock
2015-11-15 19:30 - 2015-11-15 19:30 - 00569488 _____ C:\Users\User\Downloads\Adobe-Flash-Player_091.exe
2015-11-15 19:25 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-15 19:25 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-15 19:25 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-15 19:25 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-15 19:25 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-15 19:25 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-15 19:25 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 19:41 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-13 19:40 - 2015-09-28 21:49 - 00764970 _____ C:\Windows\system32\perfh007.dat
2015-12-13 19:40 - 2015-09-28 21:49 - 00159884 _____ C:\Windows\system32\perfc007.dat
2015-12-13 19:40 - 2014-03-18 11:01 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-13 19:40 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2015-12-13 19:35 - 2014-11-12 21:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-13 19:35 - 2014-11-12 21:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-13 19:35 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-13 19:35 - 2013-08-22 15:44 - 00362544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-13 19:26 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-13 19:05 - 2014-03-18 12:24 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C6306504-C39E-4BE8-AF4F-BCBF392B09A0}
2015-12-10 12:20 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-08 21:52 - 2014-03-18 12:15 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2038875719-2975076231-4046231055-1001
2015-12-08 21:45 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-08 21:44 - 2014-11-12 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 21:40 - 2014-11-12 20:52 - 00000000 ____D C:\Windows\system32\MRT
2015-12-08 21:37 - 2014-11-12 20:52 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-01 18:22 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-12-01 18:19 - 2014-11-13 02:11 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 18:19 - 2014-11-13 02:11 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-01 17:51 - 2015-09-28 21:03 - 00000000 ____D C:\FCM
2015-11-23 18:05 - 2015-09-28 20:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-15 19:34 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy

==================== Files in the root of some directories =======

2015-07-12 08:29 - 2015-07-12 08:30 - 0000010 _____ () C:\ProgramData\system_image_date.txt

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\User\AppData\Local\Temp\OpenOffice_4.1.1_Win_x86_install_de.exe
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-05 13:41

==================== End of FRST.txt ============================

Addition:FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by User (2015-12-13 19:42:40)
Running from C:\Users\User\Downloads
Windows 8.1 Enterprise (X64) (2014-03-18 11:10:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2038875719-2975076231-4046231055-500 - Administrator - Disabled)
Guest (S-1-5-21-2038875719-2975076231-4046231055-501 - Limited - Disabled)
User (S-1-5-21-2038875719-2975076231-4046231055-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.13.106 - Avira Operations GmbH & Co. KG)
DNSBlock (HKLM\...\{7b5da7f5-de7d-4e00-b330-a2e08e460095}) (Version: 1.0.0 - NETNS GMBH)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{A3876D50-4A88-4A34-92E1-5D7BC8F886E1}) (Version: 1.0.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{29641907-0BBA-4832-B6DE-349DAA655883}) (Version: 2.1.1 - Hewlett-Packard Company)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
istartpageing (HKLM-x32\...\istartpageing) (Version: 1.0.0.1 - ) <==== ATTENTION
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4066 - Realtek Semiconductor Corp.)
SEPA Account Converter (HKLM-x32\...\{BE109F11-6E2C-43F4-B105-AC646809915D}) (Version: 1.31.0 - Star Finanz GmbH)
Slotman (HKLM-x32\...\Slotman_is1) (Version: - Elmar)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Websuche (HKLM-x32\...\Websuche) (Version: - Websuche)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {751C5C75-E89F-4F8D-A7F3-BF1A76F9DF1B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {E17DDF29-C425-42B8-9FB1-E9CF188E06B8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-15 19:32 - 2015-11-15 19:34 - 00151072 _____ () C:\Windows\system32\DnsBlockUpdateSvc.exe
2015-11-10 04:46 - 2015-11-10 04:46 - 00271464 _____ () C:\Program Files (x86)\RayDld\ihpmServer.exe
2015-11-15 19:32 - 2015-11-15 19:32 - 00826912 _____ () C:\Program Files (x86)\DnsBlock\DnsBlockTray.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\DnsBlockUpdateSvc.exe:IID
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaiospi.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2038875719-2975076231-4046231055-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\CUBE_elitePad1000.png
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "hpdfe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{25D66C71-6E14-44FF-B659-1E3FC1720CD7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E3C3848-1675-4F10-BEDF-E13BE570398C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6AA46895-4520-466D-9D74-C58D14F29819}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8570083-8CC7-4127-8223-6C833DF48142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/13/2015 07:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Name des fehlerhaften Moduls: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Ausnahmecode: 0x40000015
Fehleroffset: 0x00052d24
ID des fehlerhaften Prozesses: 0x13b4
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Vollständiger Name des fehlerhaften Pakets: jucheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jucheck.exe5
 
Error: (12/13/2015 07:36:38 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
 
Error: (12/13/2015 07:06:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 42.0.0.5780, Zeitstempel: 0x5632d0a4
Name des fehlerhaften Moduls: mozglue.dll, Version: 42.0.0.5780, Zeitstempel: 0x5632ba58
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ed50
ID des fehlerhaften Prozesses: 0x6d0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
 
Error: (12/10/2015 11:01:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (12/08/2015 10:39:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (12/08/2015 08:51:36 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (12/08/2015 08:29:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SlotMan.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: jnutl.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bc8e
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009d4f2
ID des fehlerhaften Prozesses: 0x548
Startzeit der fehlerhaften Anwendung: 0xSlotMan.exe0
Pfad der fehlerhaften Anwendung: SlotMan.exe1
Pfad des fehlerhaften Moduls: SlotMan.exe2
Berichtskennung: SlotMan.exe3
Vollständiger Name des fehlerhaften Pakets: SlotMan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SlotMan.exe5
 
Error: (12/08/2015 08:27:20 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
 
Error: (12/06/2015 11:52:27 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
 
Error: (12/06/2015 04:00:33 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT AUTHORITY)
Description: The update from ELITEPAD1000 (127.0.0.1) failed.
An error occurred while downloading..
There were no new files loaded.
 
 
System errors:
=============
Error: (12/13/2015 07:24:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error: (12/13/2015 07:12:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CPTMUFFTI",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{956F45A2-A224-4257-9411-009FC141564F}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error: (12/13/2015 07:04:59 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Für den Miniport "HP hs3110 HSPA+ Mobile Broadband Device, {E3DEB043-B5C3-4E3A-9E31-01C40F2A5106}" ist das Ereignis "71" aufgetreten.
 
Error: (12/11/2015 02:59:07 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Für den Miniport "HP hs3110 HSPA+ Mobile Broadband Device, {E3DEB043-B5C3-4E3A-9E31-01C40F2A5106}" ist das Ereignis "71" aufgetreten.
 
Error: (12/11/2015 12:25:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Spooler erreicht.
 
Error: (12/10/2015 11:47:42 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Für den Miniport "HP hs3110 HSPA+ Mobile Broadband Device, {E3DEB043-B5C3-4E3A-9E31-01C40F2A5106}" ist das Ereignis "71" aufgetreten.
 
Error: (12/10/2015 11:01:32 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Für den Miniport "HP hs3110 HSPA+ Mobile Broadband Device, {E3DEB043-B5C3-4E3A-9E31-01C40F2A5106}" ist das Ereignis "71" aufgetreten.
 
Error: (12/10/2015 12:42:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Spooler erreicht.
 
Error: (12/10/2015 12:25:08 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CPTMUFFTI",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{956F45A2-A224-4257-9411-009FC141564F}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error: (12/10/2015 12:20:29 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Für den Miniport "HP hs3110 HSPA+ Mobile Broadband Device, {E3DEB043-B5C3-4E3A-9E31-01C40F2A5106}" ist das Ereignis "71" aufgetreten.
 
 
CodeIntegrity:
===================================
Date: 2015-12-08 21:00:20.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Slotman\gwiopm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2014-11-14 17:15:03.803
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2014-11-14 17:15:03.318
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2014-11-14 17:15:02.600
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2014-11-14 17:15:02.068
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2014-11-14 17:15:01.412
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2014-11-14 17:15:00.943
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2014-11-14 17:04:19.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2014-11-14 17:04:18.672
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2014-11-14 17:04:18.093
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel(R) Atom(TM) CPU Z3795 @ 1.60GHz
Percentage of memory in use: 38%
Total physical RAM: 3988.36 MB
Available physical RAM: 2434.4 MB
Total Virtual: 4692.36 MB
Available Virtual: 2956.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:39.06 GB) (Free:6.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 116.5 GB) (Disk ID: 0B3B70D5)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

--- --- ---

Vielen Dank schon mal.

Gruß M.

Deathkid535 · 14.12.2015, 08:15

Mein Name ist Dennis und ich werde dir bei der Bereinigung helfen.

Bitte beachte, dass es ein paar Regeln gibt:

Bitte lies meine Posts komplett durch bevor du sie abarbeitest
Wenn ein Problem auftauchen sollte, unterbreche deine Arbeit, poste die entstandenen Logs und schildere dieses so genau wie möglich.
Bitte kein Crossposting
Installiere oder Deinstalliere keine Software ohne Aufforderung
Bitte verwende nur die Tools welche hier im Thread erwähnt werden
Antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen

Zukünftig bitte so posten:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Schritt # 1: AttentionUninstaller

Bitte lade dir die passende Version von AttentionUninstaller auf deinen Desktop:

AttentionUninstaller 32-Bit | AttentionUninstaller 64-Bit

Deaktiviere deinen Virenscanner, damit AttentionUninstaller sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

DNSBlock (HKLM\...\{7b5da7f5-de7d-4e00-b330-a2e08e460095}) (Version: 1.0.0 - NETNS GMBH)
istartpageing (HKLM-x32\...\istartpageing) (Version: 1.0.0.1 - )

Speichere diese bitte als UnList.txt auf deinem Desktop.

Starte jetzt AttentionUninstaller
Warte, bis das Tool fertig gearbeitet hat.
Dein Rechner wird gegebenfalls neustarten.
Auf deinem Desktop befindet sich nun eine AttentionUninstallerLog.txt. Poste mir deren Inhalt hier.

Schritt # 2: AdwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt # 3: FRST

Und noch ein frisches FRST Log bitte.

Schritt # 4: Bitte Posten

Das Log vom AttentionUninstaller
Das Log von AdwCleaner
Das frische FRST-Log

muffti · 14.12.2015, 10:53

Hallo Dennis,
vielen Dank für Deine Hilfe.

Hier die Logs:

AU:

Code:

ATTFilter

14.12.2015 09:24:07: Deinstallation gestartet...
14.12.2015 09:24:07: DNSBlock ist nicht installiert.
14.12.2015 09:24:07: istartpageing wird deinstalliert.
14.12.2015 09:24:11: Beliebige Taste für Neustart drücken...

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v5.025 - Logfile created 14/12/2015 at 09:37:57
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8.1 Enterprise  (x64)
# Username : User - ELITEPAD1000
# Running from : C:\Users\User\Desktop\AdwCleaner_5.025.exe
# Option : Cleaning
# Support : hxxp://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : DnsBlockUpdateSvc
[-] Service Deleted : ihpmServer

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\{970381CB-BAAB-485C-97B8-393EDFBC174B}
[-] Folder Deleted : C:\Program Files (x86)\DnsBlock
[-] Folder Deleted : C:\Program Files (x86)\RayDld
[-] Folder Deleted : C:\Program Files (x86)\{44FFB2B7-B0A5-4C76-B671-04ABF62ED745}
[-] Folder Deleted : C:\Users\User\AppData\Local\DnsBlock
[-] Folder Deleted : C:\Windows\Installer\{5CDD3BFE-9046-4D16-BDA9-4A9CABDCA131}
[-] Folder Deleted : C:\Windows\Installer\{A1851BC4-412D-44EC-82B4-BC2C211C1D6D}

***** [ Files ] *****

[-] File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zhkchf5r.default-1447613874437\user.js
[-] File Deleted : C:\Windows\SysNative\DnsBlockUpdateSvc.exe
[-] File Deleted : C:\Windows\SysNative\DnsBlockA.dll
[-] File Deleted : C:\Windows\SysNative\DnsBlockB.dll
[-] File Deleted : C:\Windows\SysNative\dns.block
[-] File Deleted : C:\Windows\SysNative\GroupPolicy\Machine\Registry.pol
[-] File Deleted : C:\Windows\SysNative\GroupPolicy\GPT.ini
[-] File Deleted : C:\Windows\SysWOW64\DnsBlockA.dll
[-] File Deleted : C:\Windows\SysWOW64\DnsBlockB.dll
[-] File Deleted : C:\Windows\SysWOW64\dns.block

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DnsBlock]
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\DPBHO.DLL
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7ABEA3E4-6451-4CE7-9B14-526854D15B85}]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E7BF74EE-9106-4113-B216-2F980BA29141}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
[!] Key Not Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\RayDld
[-] Key Deleted : HKLM\SOFTWARE\ihpmserver
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7b5da7f5-de7d-4e00-b330-a2e08e460095}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Proxy settings cleared
:: Winsock settings cleared
:: IE policies deleted
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5102 bytes] ##########

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by User (administrator) on ELITEPAD1000 (14-12-2015 09:46:20)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 Enterprise (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpdfe] => C:\Program Files\Hewlett-Packard\Shared\hpdfe.exe [325816 2014-01-03] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-01-20] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe [3318488 2014-01-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [738224 2015-10-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Windows\system32\DnsBlockA.dll No File 
Winsock: Catalog5 09 C:\Windows\system32\DnsBlockB.dll No File 
Winsock: Catalog5-x64 05 C:\Windows\system32\DnsBlockA.dll No File 
Winsock: Catalog5-x64 09 C:\Windows\system32\DnsBlockB.dll No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{956F45A2-A224-4257-9411-009FC141564F}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2038875719-2975076231-4046231055-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {6374D37B-8A33-4EFF-A0E8-6B989841AAEB} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2038875719-2975076231-4046231055-1001 -> {6374D37B-8A33-4EFF-A0E8-6B989841AAEB} URL = hxxp://www.startseite24.net/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-28] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zhkchf5r.default-1447613874437
FF DefaultSearchEngine: google
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF SelectedSearchEngine: google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [835616 2015-10-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [456528 2015-10-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [456528 2015-10-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1014288 2015-10-24] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [80384 2014-01-20] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-01-20] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-01-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 hpqwmiex; "C:\Users\User\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-10-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-09-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-05-29] (Avira Operations GmbH & Co. KG)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [366808 2013-10-16] (Broadcom Corp)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [31744 2014-10-29] (Microsoft Corporation)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [150744 2013-09-10] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [479232 2014-01-20] (Intel Corporation)
R3 DASL; C:\Windows\system32\DRIVERS\DASL64.sys [86200 2014-01-03] (Hewlett-Packard)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [29424 2014-01-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-01-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [94960 2014-01-20] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-01-20] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-01-20] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [21504 2014-01-20] (Intel Corporation)
S3 gwiopm; C:\Program Files (x86)\Slotman\gwiopm.sys [3904 1998-06-03] () [File not signed]
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-01-20] (Intel Corporation)
R3 iaiospi; C:\Windows\System32\drivers\iaiospi.sys [65024 2014-01-20] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [101376 2014-01-20] (Intel Corporation)
R3 imx175; C:\Windows\system32\DRIVERS\imx175.sys [73728 2014-01-20] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [312320 2014-01-20] (Intel(R) Corporation)
S3 LAN9500; C:\Windows\system32\DRIVERS\lan9500-x64-n630f.sys [83968 2014-08-19] (SMSC)
R3 Lm3554; C:\Windows\System32\drivers\lm3554.sys [31232 2014-01-20] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [27600 2014-01-20] (Intel Corporation)
R3 ov2722; C:\Windows\System32\drivers\ov2722.sys [53760 2014-01-20] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [57344 2014-01-20] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [192216 2014-01-13] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88080 2014-01-20] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-14 09:35 - 2015-12-14 09:37 - 00000000 ____D C:\AdwCleaner
2015-12-14 09:30 - 2015-12-14 09:30 - 01740288 _____ C:\Users\User\Desktop\AdwCleaner_5.025.exe
2015-12-14 09:24 - 2015-12-14 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Data
2015-12-14 09:22 - 2015-12-14 09:24 - 00002192 _____ C:\Users\User\AppData\Local\settings.ini
2015-12-14 09:21 - 2015-12-14 09:16 - 03443652 _____ (Igor Pavlov) C:\Users\User\Desktop\AttentionUninstaller64.exe
2015-12-14 09:20 - 2015-12-14 09:20 - 00000154 _____ C:\Users\User\Desktop\UnList.txt
2015-12-14 09:18 - 2015-12-14 09:24 - 00000224 _____ C:\Users\User\Desktop\AttentionUninstallerLog.txt
2015-12-14 09:16 - 2015-12-14 09:16 - 03443652 _____ (Igor Pavlov) C:\Users\User\Downloads\AttentionUninstaller64.exe
2015-12-13 21:07 - 2015-12-14 09:33 - 00005120 _____ C:\Windows\SysWOW64\RotMgr32.dll
2015-12-13 19:42 - 2015-12-13 19:43 - 00018269 _____ C:\Users\User\Downloads\Addition.txt
2015-12-13 19:41 - 2015-12-14 09:46 - 00013440 _____ C:\Users\User\Downloads\FRST.txt
2015-12-13 19:41 - 2015-12-14 09:46 - 00000000 ____D C:\FRST
2015-12-13 19:40 - 2015-12-13 19:41 - 02369536 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-12-13 19:39 - 2015-12-13 19:39 - 01720320 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-12-08 21:25 - 2015-12-08 21:26 - 00608470 _____ C:\Users\User\Downloads\Slotman_1131a_Help_e.zip
2015-12-08 20:58 - 2015-12-08 21:00 - 00000000 ____D C:\Program Files (x86)\Slotman
2015-12-08 20:58 - 2015-12-08 20:58 - 02063652 _____ C:\Users\User\Downloads\Slotman_1131a_e.exe
2015-12-08 20:58 - 2015-12-08 20:58 - 00001007 _____ C:\Users\User\Desktop\Slotman.lnk
2015-12-08 20:58 - 2015-12-08 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slotman
2015-12-08 20:37 - 2015-12-08 20:37 - 00499994 _____ C:\Users\User\Downloads\Slotman608_Doku.zip
2015-12-08 20:37 - 2015-12-08 20:37 - 00000000 ____D C:\Users\User\Downloads\Slotman608_Doku
2015-12-08 20:37 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 20:36 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 20:36 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 20:36 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 20:36 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 20:36 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 20:36 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 20:36 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 20:36 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 20:36 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 20:36 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 20:36 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 20:36 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 20:36 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 20:36 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 20:36 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 20:36 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 20:36 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 20:36 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 20:36 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 20:36 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 20:36 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 20:36 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 20:36 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 20:36 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 20:36 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 20:36 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 20:36 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 20:36 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 20:36 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 20:36 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 20:36 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 20:36 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 20:36 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 20:36 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 20:36 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 20:36 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 20:36 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 20:36 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 20:36 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 20:35 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 20:35 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 20:35 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 20:35 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 20:35 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 20:35 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 20:35 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 20:35 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 20:35 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 20:35 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 20:35 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 20:35 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 20:35 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 20:35 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 20:35 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 20:35 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 20:35 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 20:35 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 20:35 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 20:35 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 20:35 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 20:35 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 20:35 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 20:35 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 20:35 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 20:35 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 20:35 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 20:35 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 20:35 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 20:35 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 20:35 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 20:35 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 20:35 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 20:35 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 20:35 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 20:35 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 20:35 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 20:35 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-08 20:35 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 20:35 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-08 20:35 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 20:35 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-08 20:35 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 20:35 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-08 20:35 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-08 20:35 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-08 20:35 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-08 20:35 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-08 20:35 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-08 20:35 - 2015-10-10 19:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-08 20:35 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-08 20:35 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-08 20:35 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-08 20:35 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-08 20:35 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 20:34 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-08 20:34 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-08 20:30 - 2015-12-08 20:38 - 00000000 ____D C:\Users\User\Documents\Slotman608
2015-12-05 14:14 - 2015-12-05 14:27 - 00044544 _____ C:\Users\User\Desktop\Mitgliederliste f Startliste.xls
2015-12-02 09:12 - 2015-12-02 09:12 - 02298424 ____T C:\Users\User\Documents\Weihnachtsfeier 2015.oxps
2015-12-02 09:12 - 2015-12-02 09:12 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp
2015-11-29 13:41 - 2015-11-29 13:42 - 00061440 _____ C:\Users\User\Desktop\Mitgliederliste master.xls
2015-11-29 08:41 - 2015-11-29 08:41 - 05626824 _____ C:\Users\User\Downloads\Update SEPA Account Converter.exe
2015-11-29 08:41 - 2015-11-29 08:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2015-11-29 08:41 - 2015-11-29 08:41 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2015-11-29 08:40 - 2015-11-29 08:41 - 00002429 _____ C:\Users\User\Desktop\SEPA Account Converter.lnk
2015-11-29 08:40 - 2015-11-29 08:40 - 00000000 ____D C:\Program Files (x86)\BIVG Hannover
2015-11-29 08:39 - 2015-11-29 08:39 - 01734144 _____ C:\Users\User\Downloads\sepa_account_converter.msi
2015-11-15 20:07 - 2015-11-15 20:07 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2015-11-15 20:06 - 2015-12-13 21:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-15 20:06 - 2015-12-08 21:01 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-15 20:05 - 2015-11-23 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-15 19:57 - 2015-11-15 19:57 - 00000000 ____D C:\Users\User\Desktop\Alte Firefox-Daten
2015-11-15 19:35 - 2015-11-15 20:07 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-11-15 19:35 - 2015-11-15 19:35 - 00000000 ____D C:\Users\User\AppData\Roaming\dlg
2015-11-15 19:34 - 2015-12-14 09:37 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-11-15 19:34 - 2015-12-06 14:57 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG
2015-11-15 19:34 - 2015-12-06 14:57 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-15 19:33 - 2015-12-06 14:57 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2015-11-15 19:33 - 2015-12-06 14:57 - 00000000 ____D C:\ProgramData\AVG
2015-11-15 19:30 - 2015-11-15 19:30 - 00569488 _____ C:\Users\User\Downloads\Adobe-Flash-Player_091.exe
2015-11-15 19:25 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-15 19:25 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-15 19:25 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-15 19:25 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-15 19:25 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-15 19:25 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-15 19:25 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-14 09:44 - 2015-09-28 21:49 - 00764970 _____ C:\Windows\system32\perfh007.dat
2015-12-14 09:44 - 2015-09-28 21:49 - 00159884 _____ C:\Windows\system32\perfc007.dat
2015-12-14 09:44 - 2014-03-18 11:01 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 09:44 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2015-12-14 09:40 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-14 09:15 - 2014-03-18 12:24 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C6306504-C39E-4BE8-AF4F-BCBF392B09A0}
2015-12-13 21:20 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-13 20:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-12-13 19:42 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-13 19:35 - 2014-11-12 21:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-13 19:35 - 2014-11-12 21:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-13 19:35 - 2013-08-22 15:44 - 00362544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 12:20 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-08 21:52 - 2014-03-18 12:15 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2038875719-2975076231-4046231055-1001
2015-12-08 21:45 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-08 21:44 - 2014-11-12 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 21:40 - 2014-11-12 20:52 - 00000000 ____D C:\Windows\system32\MRT
2015-12-08 21:37 - 2014-11-12 20:52 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-01 18:19 - 2014-11-13 02:11 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 18:19 - 2014-11-13 02:11 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-01 17:51 - 2015-09-28 21:03 - 00000000 ____D C:\FCM
2015-11-23 18:05 - 2015-09-28 20:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-12-14 09:22 - 2015-12-14 09:24 - 0002192 _____ () C:\Users\User\AppData\Local\settings.ini
2015-07-12 08:29 - 2015-07-12 08:30 - 0000010 _____ () C:\ProgramData\system_image_date.txt

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\AttUninst64.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-05 13:41

==================== End of FRST.txt ============================

--- --- ---

Vielen Dank nochmal.

Gruß M.

Deathkid535 · 14.12.2015, 11:13

Hi,

Schritt # 1: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt # 2: Frage

Besteht das Problem immer noch?

Schritt # 3: Bitte Posten

Das Log von ESET
Die Antwort auf meine Frage.

muffti · 14.12.2015, 14:14

Hallo nochmal,

hier das ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=31b82fefd4ab2943be7b47385deed2e0
# end=init
# utc_time=2015-12-14 09:43:05
# local_time=2015-12-14 10:43:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 27185
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=31b82fefd4ab2943be7b47385deed2e0
# end=updated
# utc_time=2015-12-14 09:47:09
# local_time=2015-12-14 10:47:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=31b82fefd4ab2943be7b47385deed2e0
# engine=27185
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-14 11:52:13
# local_time=2015-12-14 12:52:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1813 16777213 100 100 11630 56769116 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4394618 36802357 0 0
# scanned=196477
# found=4
# cleaned=0
# scan_time=7503
sh=A2690E49E815CD7AD56DB4D2FB74EFBE59E49395 ft=1 fh=719d75498d7bf806 vn="Variante von Win32/ELEX.FK evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2038875719-2975076231-4046231055-1001\$REKNOJX.exe"
sh=ADB27ADF286FB5A220C3D9661A6416839E9E05D2 ft=1 fh=7222cc3a8caaa1d5 vn="Variante von Win32/ELEX.FZ evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RayDld\ihpmServer.exe.vir"
sh=ADB27ADF286FB5A220C3D9661A6416839E9E05D2 ft=1 fh=7222cc3a8caaa1d5 vn="Variante von Win32/ELEX.FZ evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RayDld\ihpmServer.ini.vir"
sh=7B99329BBE4FA792DC940D7565A16F90F8DF15FC ft=1 fh=ebcb581bd656ea55 vn="Variante von Win32/DownloadGuide.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\User\Downloads\Adobe-Flash-Player_091.exe"

ja das Problem besteht leider immer noch. Avira hat den Trojaner während des ESET-Scans wieder gemeldet.

gruß M.

Hier der Report von Avira:

Virus or unwanted program 'TR/FireHooker.1825 [trojan]'
detected in file 'C:\Windows\SysWOW64\RotMgr32.dll.
Action performed: Deny access

Deathkid535 · 14.12.2015, 14:20

Hi,

Schritt # 1: FRST-Fix

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Winsock: Catalog5 05 C:\Windows\system32\DnsBlockA.dll No File 
Winsock: Catalog5 09 C:\Windows\system32\DnsBlockB.dll No File 
Winsock: Catalog5-x64 05 C:\Windows\system32\DnsBlockA.dll No File 
Winsock: Catalog5-x64 09 C:\Windows\system32\DnsBlockB.dll No File 
cmd: netsh winsock reset
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2038875719-2975076231-4046231055-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt # 2: Virustotal

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Wählen Sie eine
Kopiere nun folgendes in die Suchleiste
Code:
ATTFilter
```
C:\Windows\SysWOW64\RotMgr32.dll
         
```
und klicke auf Öffnen.
Klicke auf Scannen!.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen

Zitat:

Diese Datei wurde bereits von VirusTotal analysiert...

klicke auf Neu analysieren.
Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Schritt # 3: TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Schritt # 4: FRST

Und noch ein frisches FRST-Log bitte.

Schritt # 5: Bitte Posten

Das Fixlog von FRST
Den Link von Virustotal
Das Log von TDSS-Killer
Das frische FRST-Log

muffti · 14.12.2015, 14:46

Hi,
hier das Fixlog von FRST:

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by User (2015-12-14 13:28:10) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winsock: Catalog5 05 C:\Windows\system32\DnsBlockA.dll No File 
Winsock: Catalog5 09 C:\Windows\system32\DnsBlockB.dll No File 
Winsock: Catalog5-x64 05 C:\Windows\system32\DnsBlockA.dll No File 
Winsock: Catalog5-x64 09 C:\Windows\system32\DnsBlockB.dll No File 
cmd: netsh winsock reset
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2038875719-2975076231-4046231055-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
EmptyTemp:
*****************

"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully

=========  netsh winsock reset =========

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 11003

Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= End of CMD: =========

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2038875719-2975076231-4046231055-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
EmptyTemp: => 434.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:30:41 ====

Zu Virustotal: Die dll-Datei kann nicht gefunden werden.

Hab jetzt erstmal nicht weitergemacht

Deathkid535 · 14.12.2015, 16:15

Hi,

wahrscheinlich hat Avira die gelöscht. Mach mal weiter bitte.

muffti · 15.12.2015, 10:28

Ok,

hier der TDSS Killer Report. Er hat kein Rootkit gefunden.

Code:

ATTFilter

09:16:13.0683 0x01e8  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
09:16:13.0685 0x01e8  UEFI system
09:16:20.0836 0x01e8  ============================================================
09:16:20.0836 0x01e8  Current date / time: 2015/12/15 09:16:20.0836
09:16:20.0836 0x01e8  SystemInfo:
09:16:20.0837 0x01e8  
09:16:20.0837 0x01e8  OS Version: 6.3.9600 ServicePack: 0.0
09:16:20.0837 0x01e8  Product type: Workstation
09:16:20.0837 0x01e8  ComputerName: ELITEPAD1000
09:16:20.0837 0x01e8  UserName: User
09:16:20.0837 0x01e8  Windows directory: C:\Windows
09:16:20.0837 0x01e8  System windows directory: C:\Windows
09:16:20.0837 0x01e8  Running under WOW64
09:16:20.0837 0x01e8  Processor architecture: Intel x64
09:16:20.0837 0x01e8  Number of processors: 4
09:16:20.0837 0x01e8  Page size: 0x1000
09:16:20.0837 0x01e8  Boot type: Normal boot
09:16:20.0837 0x01e8  ============================================================
09:16:21.0172 0x01e8  KLMD registered as C:\Windows\system32\drivers\28049271.sys
09:16:21.0489 0x01e8  System UUID: {4269E124-2D61-9EDB-2E28-C2509EE07D40}
09:16:22.0336 0x01e8  !crdlk
09:16:22.0349 0x01e8  Drive \Device\Harddisk0\DR0 - Size: 0x1D1F000000 ( 116.48 Gb ), SectorSize: 0x200, Cylinders: 0x3B66, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:16:22.0352 0x01e8  ============================================================
09:16:22.0352 0x01e8  \Device\Harddisk0\DR0:
09:16:22.0352 0x01e8  Can't read MBR
09:16:22.0352 0x01e8  Initialize success
09:16:22.0352 0x01e8  ============================================================
09:18:22.0347 0x0984  ============================================================
09:18:22.0347 0x0984  Scan started
09:18:22.0347 0x0984  Mode: Manual; SigCheck; TDLFS; 
09:18:22.0347 0x0984  ============================================================
09:18:22.0347 0x0984  KSN ping started
09:18:24.0785 0x0984  KSN ping finished: true
09:18:25.0285 0x0984  ================ Scan system memory ========================
09:18:25.0285 0x0984  System memory - ok
09:18:25.0285 0x0984  ================ Scan services =============================
09:18:25.0364 0x0984  1394ohci - ok
09:18:25.0364 0x0984  3ware - ok
09:18:25.0379 0x0984  ACPI - ok
09:18:25.0379 0x0984  acpiex - ok
09:18:25.0395 0x0984  acpipagr - ok
09:18:25.0395 0x0984  AcpiPmi - ok
09:18:25.0410 0x0984  acpitime - ok
09:18:25.0426 0x0984  AdobeFlashPlayerUpdateSvc - ok
09:18:25.0426 0x0984  ADP80XX - ok
09:18:25.0442 0x0984  AeLookupSvc - ok
09:18:25.0457 0x0984  AFD - ok
09:18:25.0457 0x0984  agp440 - ok
09:18:25.0473 0x0984  ahcache - ok
09:18:25.0473 0x0984  ALG - ok
09:18:25.0489 0x0984  AmdK8 - ok
09:18:25.0489 0x0984  AmdPPM - ok
09:18:25.0504 0x0984  amdsata - ok
09:18:25.0520 0x0984  amdsbs - ok
09:18:25.0520 0x0984  amdxata - ok
09:18:25.0535 0x0984  AntiVirMailService - ok
09:18:25.0535 0x0984  AntiVirSchedulerService - ok
09:18:25.0551 0x0984  AntiVirService - ok
09:18:25.0551 0x0984  AntiVirWebService - ok
09:18:25.0567 0x0984  AppID - ok
09:18:25.0567 0x0984  AppIDSvc - ok
09:18:25.0582 0x0984  Appinfo - ok
09:18:25.0598 0x0984  AppMgmt - ok
09:18:25.0598 0x0984  AppReadiness - ok
09:18:25.0614 0x0984  AppXSvc - ok
09:18:25.0614 0x0984  arcsas - ok
09:18:25.0629 0x0984  atapi - ok
09:18:25.0645 0x0984  AudioEndpointBuilder - ok
09:18:25.0645 0x0984  Audiosrv - ok
09:18:25.0660 0x0984  avgntflt - ok
09:18:25.0660 0x0984  avipbb - ok
09:18:25.0676 0x0984  avkmgr - ok
09:18:25.0676 0x0984  avnetflt - ok
09:18:25.0692 0x0984  AxInstSV - ok
09:18:25.0707 0x0984  b06bdrv - ok
09:18:25.0707 0x0984  BasicDisplay - ok
09:18:25.0723 0x0984  BasicRender - ok
09:18:25.0739 0x0984  BcmBtRSupport - ok
09:18:25.0739 0x0984  bcmfn2 - ok
09:18:25.0754 0x0984  BCMSDH43XX - ok
09:18:25.0754 0x0984  BDESVC - ok
09:18:25.0770 0x0984  Beep - ok
09:18:25.0785 0x0984  BFE - ok
09:18:25.0785 0x0984  BITS - ok
09:18:25.0801 0x0984  bowser - ok
09:18:25.0801 0x0984  BrokerInfrastructure - ok
09:18:25.0817 0x0984  Browser - ok
09:18:25.0817 0x0984  BthAvrcpTg - ok
09:18:25.0832 0x0984  BthEnum - ok
09:18:25.0848 0x0984  BthHFEnum - ok
09:18:25.0848 0x0984  bthhfhid - ok
09:18:25.0864 0x0984  BthHFSrv - ok
09:18:25.0864 0x0984  BthLEEnum - ok
09:18:25.0879 0x0984  BthMini - ok
09:18:25.0895 0x0984  BTHMODEM - ok
09:18:25.0895 0x0984  BthPan - ok
09:18:25.0911 0x0984  BTHPORT - ok
09:18:25.0926 0x0984  bthserv - ok
09:18:25.0926 0x0984  btwampfl - ok
09:18:25.0942 0x0984  BtwSerialBus - ok
09:18:25.0942 0x0984  camera - ok
09:18:25.0957 0x0984  cdfs - ok
09:18:25.0957 0x0984  cdrom - ok
09:18:25.0973 0x0984  CertPropSvc - ok
09:18:25.0989 0x0984  circlass - ok
09:18:25.0989 0x0984  CLFS - ok
09:18:26.0020 0x0984  CmBatt - ok
09:18:26.0020 0x0984  CNG - ok
09:18:26.0036 0x0984  CompositeBus - ok
09:18:26.0051 0x0984  COMSysApp - ok
09:18:26.0051 0x0984  condrv - ok
09:18:26.0067 0x0984  cphs - ok
09:18:26.0082 0x0984  CryptSvc - ok
09:18:26.0082 0x0984  CSC - ok
09:18:26.0098 0x0984  CscService - ok
09:18:26.0114 0x0984  dam - ok
09:18:26.0114 0x0984  DASL - ok
09:18:26.0129 0x0984  dc3d - ok
09:18:26.0145 0x0984  DcomLaunch - ok
09:18:26.0145 0x0984  defragsvc - ok
09:18:26.0161 0x0984  DeviceAssociationService - ok
09:18:26.0161 0x0984  DeviceInstall - ok
09:18:26.0176 0x0984  Dfsc - ok
09:18:26.0176 0x0984  Dhcp - ok
09:18:26.0192 0x0984  DiagTrack - ok
09:18:26.0192 0x0984  disk - ok
09:18:26.0207 0x0984  dmvsc - ok
09:18:26.0223 0x0984  Dnscache - ok
09:18:26.0223 0x0984  dot3svc - ok
09:18:26.0239 0x0984  DPS - ok
09:18:26.0239 0x0984  DptfDevDisplay - ok
09:18:26.0254 0x0984  DptfDevGen - ok
09:18:26.0254 0x0984  DptfDevProc - ok
09:18:26.0270 0x0984  DptfManager - ok
09:18:26.0286 0x0984  DptfParticipantProcessorService - ok
09:18:26.0286 0x0984  DptfPolicyCriticalService - ok
09:18:26.0301 0x0984  DptfPolicyLpmService - ok
09:18:26.0301 0x0984  drmkaud - ok
09:18:26.0317 0x0984  DsmSvc - ok
09:18:26.0317 0x0984  DXGKrnl - ok
09:18:26.0332 0x0984  Eaphost - ok
09:18:26.0348 0x0984  ebdrv - ok
09:18:26.0348 0x0984  EFS - ok
09:18:26.0364 0x0984  EhStorClass - ok
09:18:26.0364 0x0984  EhStorTcgDrv - ok
09:18:26.0379 0x0984  ErrDev - ok
09:18:26.0395 0x0984  EventSystem - ok
09:18:26.0395 0x0984  exfat - ok
09:18:26.0411 0x0984  fastfat - ok
09:18:26.0426 0x0984  Fax - ok
09:18:26.0426 0x0984  fdc - ok
09:18:26.0442 0x0984  fdPHost - ok
09:18:26.0442 0x0984  FDResPub - ok
09:18:26.0457 0x0984  fhsvc - ok
09:18:26.0457 0x0984  FileInfo - ok
09:18:26.0473 0x0984  Filetrace - ok
09:18:26.0489 0x0984  flpydisk - ok
09:18:26.0489 0x0984  FltMgr - ok
09:18:26.0504 0x0984  FontCache - ok
09:18:26.0504 0x0984  FontCache3.0.0.0 - ok
09:18:26.0520 0x0984  FsDepends - ok
09:18:26.0520 0x0984  Fs_Rec - ok
09:18:26.0536 0x0984  fvevol - ok
09:18:26.0551 0x0984  FxPPM - ok
09:18:26.0551 0x0984  gagp30kx - ok
09:18:26.0567 0x0984  gencounter - ok
09:18:26.0567 0x0984  GPIO - ok
09:18:26.0582 0x0984  GPIOClx0101 - ok
09:18:26.0582 0x0984  GpioVirtual - ok
09:18:26.0598 0x0984  gpsvc - ok
09:18:26.0614 0x0984  gwiopm - ok
09:18:26.0614 0x0984  HDAudBus - ok
09:18:26.0629 0x0984  HidBatt - ok
09:18:26.0629 0x0984  HidBth - ok
09:18:26.0645 0x0984  hidi2c - ok
09:18:26.0645 0x0984  HidIr - ok
09:18:26.0661 0x0984  hidserv - ok
09:18:26.0676 0x0984  HidUsb - ok
09:18:26.0676 0x0984  hkmsvc - ok
09:18:26.0692 0x0984  HomeGroupListener - ok
09:18:26.0692 0x0984  HomeGroupProvider - ok
09:18:26.0707 0x0984  hpqwmiex - ok
09:18:26.0707 0x0984  HpSAMD - ok
09:18:26.0723 0x0984  HTTP - ok
09:18:26.0739 0x0984  hwpolicy - ok
09:18:26.0739 0x0984  hyperkbd - ok
09:18:26.0754 0x0984  HyperVideo - ok
09:18:26.0754 0x0984  i8042prt - ok
09:18:26.0770 0x0984  iaioi2c - ok
09:18:26.0770 0x0984  iaiospi - ok
09:18:26.0786 0x0984  iaiouart - ok
09:18:26.0801 0x0984  iaLPSSi_GPIO - ok
09:18:26.0801 0x0984  iaLPSSi_I2C - ok
09:18:26.0817 0x0984  iaStorAV - ok
09:18:26.0832 0x0984  iaStorV - ok
09:18:26.0832 0x0984  IEEtwCollectorService - ok
09:18:26.0848 0x0984  igfx - ok
09:18:26.0848 0x0984  IKEEXT - ok
09:18:26.0864 0x0984  imx175 - ok
09:18:26.0879 0x0984  intaud_WaveExtensible - ok
09:18:26.0879 0x0984  Intel(R) Capability Licensing Service Interface - ok
09:18:26.0895 0x0984  Intel(R) Capability Licensing Service TCP IP Interface - ok
09:18:26.0895 0x0984  intelide - ok
09:18:26.0911 0x0984  intelpep - ok
09:18:26.0911 0x0984  intelppm - ok
09:18:26.0926 0x0984  IntelSST - ok
09:18:26.0942 0x0984  IpFilterDriver - ok
09:18:26.0942 0x0984  iphlpsvc - ok
09:18:26.0957 0x0984  IPMIDRV - ok
09:18:26.0957 0x0984  IPNAT - ok
09:18:26.0973 0x0984  IRENUM - ok
09:18:26.0973 0x0984  isapnp - ok
09:18:26.0989 0x0984  iScsiPrt - ok
09:18:26.0989 0x0984  iwdbus - ok
09:18:27.0004 0x0984  jhi_service - ok
09:18:27.0004 0x0984  kbdclass - ok
09:18:27.0020 0x0984  kbdhid - ok
09:18:27.0036 0x0984  kbldfltr - ok
09:18:27.0036 0x0984  kdnic - ok
09:18:27.0051 0x0984  KeyIso - ok
09:18:27.0067 0x0984  KSecDD - ok
09:18:27.0067 0x0984  KSecPkg - ok
09:18:27.0082 0x0984  ksthunk - ok
09:18:27.0082 0x0984  KtmRm - ok
09:18:27.0098 0x0984  LAN9500 - ok
09:18:27.0098 0x0984  LanmanServer - ok
09:18:27.0114 0x0984  LanmanWorkstation - ok
09:18:27.0129 0x0984  lfsvc - ok
09:18:27.0129 0x0984  lltdio - ok
09:18:27.0145 0x0984  lltdsvc - ok
09:18:27.0145 0x0984  Lm3554 - ok
09:18:27.0161 0x0984  lmhosts - ok
09:18:27.0176 0x0984  LSI_SAS - ok
09:18:27.0176 0x0984  LSI_SAS2 - ok
09:18:27.0192 0x0984  LSI_SAS3 - ok
09:18:27.0208 0x0984  LSI_SSS - ok
09:18:27.0208 0x0984  LSM - ok
09:18:27.0224 0x0984  luafv - ok
09:18:27.0224 0x0984  MBI - ok
09:18:27.0239 0x0984  megasas - ok
09:18:27.0239 0x0984  megasr - ok
09:18:27.0255 0x0984  MMCSS - ok
09:18:27.0255 0x0984  Modem - ok
09:18:27.0270 0x0984  monitor - ok
09:18:27.0286 0x0984  mouclass - ok
09:18:27.0286 0x0984  mouhid - ok
09:18:27.0302 0x0984  mountmgr - ok
09:18:27.0302 0x0984  MozillaMaintenance - ok
09:18:27.0317 0x0984  mpsdrv - ok
09:18:27.0317 0x0984  MpsSvc - ok
09:18:27.0333 0x0984  MRxDAV - ok
09:18:27.0348 0x0984  mrxsmb - ok
09:18:27.0348 0x0984  mrxsmb10 - ok
09:18:27.0364 0x0984  mrxsmb20 - ok
09:18:27.0364 0x0984  MsBridge - ok
09:18:27.0380 0x0984  MSDTC - ok
09:18:27.0395 0x0984  Msfs - ok
09:18:27.0395 0x0984  msgpiowin32 - ok
09:18:27.0411 0x0984  mshidkmdf - ok
09:18:27.0427 0x0984  mshidumdf - ok
09:18:27.0427 0x0984  msisadrv - ok
09:18:27.0442 0x0984  MSiSCSI - ok
09:18:27.0442 0x0984  msiserver - ok
09:18:27.0458 0x0984  MsKeyboardFilter - ok
09:18:27.0473 0x0984  MSKSSRV - ok
09:18:27.0473 0x0984  MsLldp - ok
09:18:27.0489 0x0984  MSPCLOCK - ok
09:18:27.0489 0x0984  MSPQM - ok
09:18:27.0505 0x0984  MsRPC - ok
09:18:27.0520 0x0984  mssmbios - ok
09:18:27.0520 0x0984  MSTEE - ok
09:18:27.0536 0x0984  MTConfig - ok
09:18:27.0536 0x0984  Mup - ok
09:18:27.0551 0x0984  mvumis - ok
09:18:27.0551 0x0984  napagent - ok
09:18:27.0567 0x0984  NativeWifiP - ok
09:18:27.0583 0x0984  NcaSvc - ok
09:18:27.0583 0x0984  NcbService - ok
09:18:27.0598 0x0984  NcdAutoSetup - ok
09:18:27.0598 0x0984  NDIS - ok
09:18:27.0614 0x0984  NdisCap - ok
09:18:27.0614 0x0984  NdisImPlatform - ok
09:18:27.0630 0x0984  NdisTapi - ok
09:18:27.0645 0x0984  Ndisuio - ok
09:18:27.0645 0x0984  NdisVirtualBus - ok
09:18:27.0661 0x0984  NdisWan - ok
09:18:27.0661 0x0984  NdisWanLegacy - ok
09:18:27.0677 0x0984  NDProxy - ok
09:18:27.0677 0x0984  Ndu - ok
09:18:27.0692 0x0984  NetBIOS - ok
09:18:27.0708 0x0984  NetBT - ok
09:18:27.0708 0x0984  Netlogon - ok
09:18:27.0724 0x0984  Netman - ok
09:18:27.0724 0x0984  netprofm - ok
09:18:27.0739 0x0984  NetTcpPortSharing - ok
09:18:27.0739 0x0984  netvsc - ok
09:18:27.0755 0x0984  NlaSvc - ok
09:18:27.0755 0x0984  Npfs - ok
09:18:27.0770 0x0984  npsvctrig - ok
09:18:27.0786 0x0984  nsi - ok
09:18:27.0786 0x0984  nsiproxy - ok
09:18:27.0801 0x0984  Ntfs - ok
09:18:27.0817 0x0984  NuidFltr - ok
09:18:27.0817 0x0984  Null - ok
09:18:27.0833 0x0984  nvraid - ok
09:18:27.0833 0x0984  nvstor - ok
09:18:27.0848 0x0984  nv_agp - ok
09:18:27.0848 0x0984  ov2722 - ok
09:18:27.0864 0x0984  p2pimsvc - ok
09:18:27.0880 0x0984  p2psvc - ok
09:18:27.0880 0x0984  Parport - ok
09:18:27.0895 0x0984  partmgr - ok
09:18:27.0895 0x0984  PcaSvc - ok
09:18:27.0911 0x0984  pci - ok
09:18:27.0911 0x0984  pciide - ok
09:18:27.0927 0x0984  pcmcia - ok
09:18:27.0927 0x0984  pcw - ok
09:18:27.0942 0x0984  pdc - ok
09:18:27.0958 0x0984  PEAUTH - ok
09:18:27.0958 0x0984  PeerDistSvc - ok
09:18:27.0973 0x0984  PerfHost - ok
09:18:27.0989 0x0984  pla - ok
09:18:28.0005 0x0984  PlugPlay - ok
09:18:28.0005 0x0984  PMIC - ok
09:18:28.0020 0x0984  PNRPAutoReg - ok
09:18:28.0036 0x0984  PNRPsvc - ok
09:18:28.0036 0x0984  PolicyAgent - ok
09:18:28.0051 0x0984  Power - ok
09:18:28.0051 0x0984  PrintNotify - ok
09:18:28.0067 0x0984  Processor - ok
09:18:28.0083 0x0984  ProfSvc - ok
09:18:28.0083 0x0984  Psched - ok
09:18:28.0099 0x0984  QWAVE - ok
09:18:28.0099 0x0984  QWAVEdrv - ok
09:18:28.0114 0x0984  RasAcd - ok
09:18:28.0114 0x0984  RasAuto - ok
09:18:28.0130 0x0984  RasMan - ok
09:18:28.0145 0x0984  RasPppoe - ok
09:18:28.0145 0x0984  rdbss - ok
09:18:28.0161 0x0984  rdpbus - ok
09:18:28.0177 0x0984  RDPDR - ok
09:18:28.0192 0x0984  RdpVideoMiniport - ok
09:18:28.0192 0x0984  rdyboost - ok
09:18:28.0208 0x0984  ReFS - ok
09:18:28.0223 0x0984  RemoteAccess - ok
09:18:28.0223 0x0984  RemoteRegistry - ok
09:18:28.0239 0x0984  RFCOMM - ok
09:18:28.0239 0x0984  RpcEptMapper - ok
09:18:28.0255 0x0984  RpcLocator - ok
09:18:28.0270 0x0984  RpcSs - ok
09:18:28.0286 0x0984  rspndr - ok
09:18:28.0286 0x0984  RSUSBVSTOR - ok
09:18:28.0301 0x0984  rtii2sac - ok
09:18:28.0301 0x0984  s3cap - ok
09:18:28.0317 0x0984  SamSs - ok
09:18:28.0333 0x0984  sbp2port - ok
09:18:28.0333 0x0984  SCardSvr - ok
09:18:28.0348 0x0984  ScDeviceEnum - ok
09:18:28.0348 0x0984  scfilter - ok
09:18:28.0364 0x0984  Schedule - ok
09:18:28.0364 0x0984  SCPolicySvc - ok
09:18:28.0380 0x0984  sdbus - ok
09:18:28.0380 0x0984  sdstor - ok
09:18:28.0395 0x0984  secdrv - ok
09:18:28.0411 0x0984  seclogon - ok
09:18:28.0411 0x0984  SENS - ok
09:18:28.0427 0x0984  SensorsHIDClassDriver - ok
09:18:28.0427 0x0984  SensorsServiceDriver - ok
09:18:28.0442 0x0984  SensrSvc - ok
09:18:28.0442 0x0984  SerCx - ok
09:18:28.0458 0x0984  SerCx2 - ok
09:18:28.0474 0x0984  Serenum - ok
09:18:28.0474 0x0984  Serial - ok
09:18:28.0489 0x0984  sermouse - ok
09:18:28.0505 0x0984  SessionEnv - ok
09:18:28.0505 0x0984  sfloppy - ok
09:18:28.0520 0x0984  SharedAccess - ok
09:18:28.0536 0x0984  ShellHWDetection - ok
09:18:28.0536 0x0984  SiSRaid2 - ok
09:18:28.0551 0x0984  SiSRaid4 - ok
09:18:28.0551 0x0984  smphost - ok
09:18:28.0567 0x0984  SNMPTRAP - ok
09:18:28.0583 0x0984  spaceport - ok
09:18:28.0583 0x0984  SpbCx - ok
09:18:28.0599 0x0984  Spooler - ok
09:18:28.0614 0x0984  sppsvc - ok
09:18:28.0614 0x0984  srv - ok
09:18:28.0630 0x0984  srv2 - ok
09:18:28.0630 0x0984  srvnet - ok
09:18:28.0645 0x0984  SSDPSRV - ok
09:18:28.0645 0x0984  SstpSvc - ok
09:18:28.0661 0x0984  stexstor - ok
09:18:28.0677 0x0984  stisvc - ok
09:18:28.0677 0x0984  storahci - ok
09:18:28.0692 0x0984  storflt - ok
09:18:28.0692 0x0984  stornvme - ok
09:18:28.0708 0x0984  StorSvc - ok
09:18:28.0708 0x0984  storvsc - ok
09:18:28.0724 0x0984  storvsp - ok
09:18:28.0739 0x0984  svsvc - ok
09:18:28.0739 0x0984  swenum - ok
09:18:28.0755 0x0984  swprv - ok
09:18:28.0755 0x0984  Synth3dVsc - ok
09:18:28.0770 0x0984  SysMain - ok
09:18:28.0770 0x0984  SystemEventsBroker - ok
09:18:28.0786 0x0984  TabletInputService - ok
09:18:28.0801 0x0984  TapiSrv - ok
09:18:28.0801 0x0984  Tcpip - ok
09:18:28.0817 0x0984  TCPIP6 - ok
09:18:28.0817 0x0984  tcpipreg - ok
09:18:28.0833 0x0984  tdx - ok
09:18:28.0849 0x0984  terminpt - ok
09:18:28.0864 0x0984  TermService - ok
09:18:28.0864 0x0984  Themes - ok
09:18:28.0880 0x0984  THREADORDER - ok
09:18:28.0880 0x0984  TimeBroker - ok
09:18:28.0895 0x0984  TPM - ok
09:18:28.0895 0x0984  TrkWks - ok
09:18:28.0911 0x0984  TrustedInstaller - ok
09:18:28.0927 0x0984  TsUsbFlt - ok
09:18:28.0927 0x0984  TsUsbGD - ok
09:18:28.0942 0x0984  tsusbhub - ok
09:18:28.0942 0x0984  tunnel - ok
09:18:28.0958 0x0984  TXEIx64 - ok
09:18:28.0974 0x0984  uagp35 - ok
09:18:28.0974 0x0984  UASPStor - ok
09:18:28.0989 0x0984  UCX01000 - ok
09:18:28.0989 0x0984  udfs - ok
09:18:29.0005 0x0984  UEFI - ok
09:18:29.0020 0x0984  UI0Detect - ok
09:18:29.0020 0x0984  uliagpkx - ok
09:18:29.0036 0x0984  umbus - ok
09:18:29.0051 0x0984  UmPass - ok
09:18:29.0051 0x0984  UmRdpService - ok
09:18:29.0067 0x0984  upnphost - ok
09:18:29.0067 0x0984  usbccgp - ok
09:18:29.0083 0x0984  usbcir - ok
09:18:29.0083 0x0984  usbehci - ok
09:18:29.0099 0x0984  usbhub - ok
09:18:29.0114 0x0984  USBHUB3 - ok
09:18:29.0114 0x0984  usbohci - ok
09:18:29.0130 0x0984  usbprint - ok
09:18:29.0130 0x0984  USBSTOR - ok
09:18:29.0145 0x0984  usbuhci - ok
09:18:29.0145 0x0984  usbvideo - ok
09:18:29.0161 0x0984  USBXHCI - ok
09:18:29.0177 0x0984  VaultSvc - ok
09:18:29.0177 0x0984  vdrvroot - ok
09:18:29.0192 0x0984  vds - ok
09:18:29.0192 0x0984  VerifierExt - ok
09:18:29.0208 0x0984  vhdmp - ok
09:18:29.0223 0x0984  viaide - ok
09:18:29.0223 0x0984  Vid - ok
09:18:29.0239 0x0984  vmbus - ok
09:18:29.0239 0x0984  VMBusHID - ok
09:18:29.0255 0x0984  vmbusr - ok
09:18:29.0255 0x0984  vmicguestinterface - ok
09:18:29.0270 0x0984  vmicheartbeat - ok
09:18:29.0286 0x0984  vmickvpexchange - ok
09:18:29.0286 0x0984  vmicrdv - ok
09:18:29.0302 0x0984  vmicshutdown - ok
09:18:29.0302 0x0984  vmictimesync - ok
09:18:29.0317 0x0984  vmicvss - ok
09:18:29.0317 0x0984  volmgr - ok
09:18:29.0333 0x0984  volmgrx - ok
09:18:29.0333 0x0984  volsnap - ok
09:18:29.0349 0x0984  vpci - ok
09:18:29.0364 0x0984  vpcivsp - ok
09:18:29.0364 0x0984  vsmraid - ok
09:18:29.0380 0x0984  VSS - ok
09:18:29.0380 0x0984  VSTXRAID - ok
09:18:29.0395 0x0984  vwifibus - ok
09:18:29.0395 0x0984  vwififlt - ok
09:18:29.0411 0x0984  vwifimp - ok
09:18:29.0427 0x0984  W32Time - ok
09:18:29.0427 0x0984  WacomPen - ok
09:18:29.0442 0x0984  wbengine - ok
09:18:29.0442 0x0984  WbioSrvc - ok
09:18:29.0458 0x0984  Wcmsvc - ok
09:18:29.0458 0x0984  wcncsvc - ok
09:18:29.0474 0x0984  WcsPlugInService - ok
09:18:29.0489 0x0984  WdBoot - ok
09:18:29.0489 0x0984  Wdf01000 - ok
09:18:29.0505 0x0984  WdFilter - ok
09:18:29.0505 0x0984  WdiServiceHost - ok
09:18:29.0520 0x0984  WdiSystemHost - ok
09:18:29.0520 0x0984  WdNisDrv - ok
09:18:29.0536 0x0984  WdNisSvc - ok
09:18:29.0536 0x0984  WebClient - ok
09:18:29.0552 0x0984  Wecsvc - ok
09:18:29.0552 0x0984  WEPHOSTSVC - ok
09:18:29.0567 0x0984  wercplsupport - ok
09:18:29.0583 0x0984  WerSvc - ok
09:18:29.0583 0x0984  WFPLWFS - ok
09:18:29.0599 0x0984  WiaRpc - ok
09:18:29.0599 0x0984  WIMMount - ok
09:18:29.0614 0x0984  WinDefend - ok
09:18:29.0630 0x0984  WinHttpAutoProxySvc - ok
09:18:29.0645 0x0984  Winmgmt - ok
09:18:29.0645 0x0984  WinRM - ok
09:18:29.0770 0x0984  WinUsb - ok
09:18:29.0802 0x0984  WlanSvc - ok
09:18:29.0833 0x0984  wlidsvc - ok
09:18:29.0849 0x0984  wmbclass - ok
09:18:29.0864 0x0984  WmiAcpi - ok
09:18:29.0880 0x0984  wmiApSrv - ok
09:18:29.0880 0x0984  WMPNetworkSvc - ok
09:18:29.0895 0x0984  Wof - ok
09:18:29.0911 0x0984  workfolderssvc - ok
09:18:29.0911 0x0984  wpcfltr - ok
09:18:29.0927 0x0984  WPCSvc - ok
09:18:29.0942 0x0984  WPDBusEnum - ok
09:18:29.0942 0x0984  WpdUpFltr - ok
09:18:29.0958 0x0984  ws2ifsl - ok
09:18:29.0958 0x0984  wscsvc - ok
09:18:29.0974 0x0984  WSDPrintDevice - ok
09:18:29.0974 0x0984  WSDScan - ok
09:18:29.0989 0x0984  WSearch - ok
09:18:30.0005 0x0984  WSService - ok
09:18:30.0005 0x0984  wuauserv - ok
09:18:30.0020 0x0984  WudfPf - ok
09:18:30.0036 0x0984  WUDFRd - ok
09:18:30.0036 0x0984  WUDFSensorLP - ok
09:18:30.0052 0x0984  wudfsvc - ok
09:18:30.0052 0x0984  WUDFWpdFs - ok
09:18:30.0067 0x0984  WwanSvc - ok
09:18:30.0098 0x0984  ================ Scan global ===============================
09:18:30.0098 0x0984  [ Global ] - ok
09:18:30.0114 0x0984  ================ Scan MBR ==================================
09:18:30.0114 0x0984  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
09:18:30.0181 0x0984  \Device\Harddisk0\DR0 - ok
09:18:30.0181 0x0984  ================ Scan VBR ==================================
09:18:30.0181 0x0984  ================ Scan generic autorun ======================
09:18:30.0181 0x0984  hpdfe - ok
09:18:30.0197 0x0984  DptfPolicyLpmServiceHelper - ok
09:18:30.0197 0x0984  RtkNGUI - ok
09:18:30.0212 0x0984  IgfxTray - ok
09:18:30.0212 0x0984  HotKeysCmds - ok
09:18:30.0228 0x0984  Persistence - ok
09:18:30.0228 0x0984  avgnt - ok
09:18:30.0228 0x0984  SunJavaUpdateSched - ok
09:18:30.0306 0x0984  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.15.75 ), 0x40000 ( disabled : updated )
09:18:30.0368 0x0984  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
09:18:30.0400 0x0984  Win FW state via NFP2: enabled ( trusted )
09:18:32.0891 0x0984  ============================================================
09:18:32.0891 0x0984  Scan finished
09:18:32.0891 0x0984  ============================================================
09:18:32.0922 0x130c  Detected object count: 0
09:18:32.0922 0x130c  Actual detected object count: 0

FRST- Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by User (administrator) on ELITEPAD1000 (15-12-2015 09:23:12)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 Enterprise (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpdfe] => C:\Program Files\Hewlett-Packard\Shared\hpdfe.exe [325816 2014-01-03] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-01-20] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe [3318488 2014-01-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [758928 2015-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{956F45A2-A224-4257-9411-009FC141564F}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {6374D37B-8A33-4EFF-A0E8-6B989841AAEB} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2038875719-2975076231-4046231055-1001 -> {6374D37B-8A33-4EFF-A0E8-6B989841AAEB} URL = hxxp://www.startseite24.net/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-28] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zhkchf5r.default-1447613874437
FF DefaultSearchEngine: google
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF SelectedSearchEngine: google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [835616 2015-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461728 2015-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461728 2015-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1032384 2015-12-15] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [80384 2014-01-20] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-01-20] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-01-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 hpqwmiex; "C:\Users\User\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-05-29] (Avira Operations GmbH & Co. KG)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [366808 2013-10-16] (Broadcom Corp)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [31744 2014-10-29] (Microsoft Corporation)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [150744 2013-09-10] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [479232 2014-01-20] (Intel Corporation)
R3 DASL; C:\Windows\system32\DRIVERS\DASL64.sys [86200 2014-01-03] (Hewlett-Packard)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [29424 2014-01-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-01-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [94960 2014-01-20] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-01-20] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-01-20] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [21504 2014-01-20] (Intel Corporation)
S3 gwiopm; C:\Program Files (x86)\Slotman\gwiopm.sys [3904 1998-06-03] () [File not signed]
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-01-20] (Intel Corporation)
R3 iaiospi; C:\Windows\System32\drivers\iaiospi.sys [65024 2014-01-20] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [101376 2014-01-20] (Intel Corporation)
R3 imx175; C:\Windows\system32\DRIVERS\imx175.sys [73728 2014-01-20] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [312320 2014-01-20] (Intel(R) Corporation)
S3 LAN9500; C:\Windows\system32\DRIVERS\lan9500-x64-n630f.sys [83968 2014-08-19] (SMSC)
R3 Lm3554; C:\Windows\System32\drivers\lm3554.sys [31232 2014-01-20] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [27600 2014-01-20] (Intel Corporation)
R3 ov2722; C:\Windows\System32\drivers\ov2722.sys [53760 2014-01-20] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [57344 2014-01-20] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [192216 2014-01-13] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88080 2014-01-20] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 09:16 - 2015-12-15 09:22 - 00043862 _____ C:\TDSSKiller.3.1.0.9_15.12.2015_09.16.13_log.txt
2015-12-15 09:14 - 2015-12-15 09:14 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2015-12-14 13:28 - 2015-12-14 13:30 - 00002049 _____ C:\Users\User\Downloads\Fixlog.txt
2015-12-14 10:42 - 2015-12-14 10:42 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-14 10:40 - 2015-12-14 10:40 - 02870984 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2015-12-14 09:35 - 2015-12-14 09:37 - 00000000 ____D C:\AdwCleaner
2015-12-14 09:30 - 2015-12-14 09:30 - 01740288 _____ C:\Users\User\Desktop\AdwCleaner_5.025.exe
2015-12-14 09:24 - 2015-12-14 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Data
2015-12-14 09:22 - 2015-12-14 09:24 - 00002192 _____ C:\Users\User\AppData\Local\settings.ini
2015-12-14 09:21 - 2015-12-14 09:16 - 03443652 _____ (Igor Pavlov) C:\Users\User\Desktop\AttentionUninstaller64.exe
2015-12-14 09:20 - 2015-12-14 09:20 - 00000154 _____ C:\Users\User\Desktop\UnList.txt
2015-12-14 09:18 - 2015-12-14 09:24 - 00000224 _____ C:\Users\User\Desktop\AttentionUninstallerLog.txt
2015-12-14 09:16 - 2015-12-14 09:16 - 03443652 _____ (Igor Pavlov) C:\Users\User\Downloads\AttentionUninstaller64.exe
2015-12-13 19:42 - 2015-12-13 19:43 - 00018269 _____ C:\Users\User\Downloads\Addition.txt
2015-12-13 19:41 - 2015-12-15 09:23 - 00013064 _____ C:\Users\User\Downloads\FRST.txt
2015-12-13 19:41 - 2015-12-15 09:23 - 00000000 ____D C:\FRST
2015-12-13 19:40 - 2015-12-13 19:41 - 02369536 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-12-13 19:39 - 2015-12-13 19:39 - 01720320 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-12-08 21:25 - 2015-12-08 21:26 - 00608470 _____ C:\Users\User\Downloads\Slotman_1131a_Help_e.zip
2015-12-08 20:58 - 2015-12-08 21:00 - 00000000 ____D C:\Program Files (x86)\Slotman
2015-12-08 20:58 - 2015-12-08 20:58 - 02063652 _____ C:\Users\User\Downloads\Slotman_1131a_e.exe
2015-12-08 20:58 - 2015-12-08 20:58 - 00001007 _____ C:\Users\User\Desktop\Slotman.lnk
2015-12-08 20:58 - 2015-12-08 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slotman
2015-12-08 20:37 - 2015-12-08 20:37 - 00499994 _____ C:\Users\User\Downloads\Slotman608_Doku.zip
2015-12-08 20:37 - 2015-12-08 20:37 - 00000000 ____D C:\Users\User\Downloads\Slotman608_Doku
2015-12-08 20:37 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 20:36 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 20:36 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 20:36 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 20:36 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 20:36 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 20:36 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 20:36 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 20:36 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 20:36 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 20:36 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 20:36 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 20:36 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 20:36 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 20:36 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 20:36 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 20:36 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 20:36 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 20:36 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 20:36 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 20:36 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 20:36 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 20:36 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 20:36 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 20:36 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 20:36 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 20:36 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 20:36 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 20:36 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 20:36 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 20:36 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 20:36 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 20:36 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 20:36 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 20:36 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 20:36 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 20:36 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 20:36 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 20:36 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 20:36 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 20:35 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 20:35 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 20:35 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 20:35 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 20:35 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 20:35 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 20:35 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 20:35 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 20:35 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 20:35 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 20:35 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 20:35 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 20:35 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 20:35 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 20:35 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 20:35 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 20:35 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 20:35 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 20:35 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 20:35 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 20:35 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 20:35 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 20:35 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 20:35 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 20:35 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 20:35 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 20:35 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 20:35 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 20:35 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 20:35 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 20:35 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 20:35 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 20:35 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 20:35 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 20:35 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 20:35 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 20:35 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 20:35 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 20:35 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 20:35 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-08 20:35 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 20:35 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-08 20:35 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 20:35 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-08 20:35 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 20:35 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-08 20:35 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-08 20:35 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-08 20:35 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-08 20:35 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-08 20:35 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-08 20:35 - 2015-10-10 19:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-08 20:35 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-08 20:35 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-08 20:35 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-08 20:35 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-08 20:35 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 20:34 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-08 20:34 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-08 20:30 - 2015-12-08 20:38 - 00000000 ____D C:\Users\User\Documents\Slotman608
2015-12-05 14:14 - 2015-12-05 14:27 - 00044544 _____ C:\Users\User\Desktop\Mitgliederliste f Startliste.xls
2015-12-02 09:12 - 2015-12-14 13:28 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp
2015-12-02 09:12 - 2015-12-02 09:12 - 02298424 ____T C:\Users\User\Documents\Weihnachtsfeier 2015.oxps
2015-11-29 13:41 - 2015-11-29 13:42 - 00061440 _____ C:\Users\User\Desktop\Mitgliederliste master.xls
2015-11-29 08:41 - 2015-11-29 08:41 - 05626824 _____ C:\Users\User\Downloads\Update SEPA Account Converter.exe
2015-11-29 08:41 - 2015-11-29 08:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2015-11-29 08:41 - 2015-11-29 08:41 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2015-11-29 08:40 - 2015-11-29 08:41 - 00002429 _____ C:\Users\User\Desktop\SEPA Account Converter.lnk
2015-11-29 08:40 - 2015-11-29 08:40 - 00000000 ____D C:\Program Files (x86)\BIVG Hannover
2015-11-29 08:39 - 2015-11-29 08:39 - 01734144 _____ C:\Users\User\Downloads\sepa_account_converter.msi
2015-11-15 20:07 - 2015-11-15 20:07 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2015-11-15 20:06 - 2015-12-15 09:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-15 20:06 - 2015-12-08 21:01 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-15 20:05 - 2015-11-23 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-15 19:57 - 2015-11-15 19:57 - 00000000 ____D C:\Users\User\Desktop\Alte Firefox-Daten
2015-11-15 19:35 - 2015-11-15 20:07 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-11-15 19:35 - 2015-11-15 19:35 - 00000000 ____D C:\Users\User\AppData\Roaming\dlg
2015-11-15 19:34 - 2015-12-14 09:37 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-11-15 19:34 - 2015-12-06 14:57 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG
2015-11-15 19:34 - 2015-12-06 14:57 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-15 19:33 - 2015-12-06 14:57 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2015-11-15 19:33 - 2015-12-06 14:57 - 00000000 ____D C:\ProgramData\AVG
2015-11-15 19:30 - 2015-11-15 19:30 - 00569488 _____ C:\Users\User\Downloads\Adobe-Flash-Player_091.exe
2015-11-15 19:25 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-15 19:25 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-15 19:25 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-15 19:25 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-15 19:25 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-15 19:25 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-15 19:25 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 08:22 - 2014-11-14 18:03 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-15 08:22 - 2014-11-14 18:03 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-15 08:22 - 2014-03-18 12:24 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C6306504-C39E-4BE8-AF4F-BCBF392B09A0}
2015-12-14 13:37 - 2015-09-28 21:49 - 00764970 _____ C:\Windows\system32\perfh007.dat
2015-12-14 13:37 - 2015-09-28 21:49 - 00159884 _____ C:\Windows\system32\perfc007.dat
2015-12-14 13:37 - 2014-03-18 11:01 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 13:37 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2015-12-14 13:32 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-13 21:20 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-13 20:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-12-13 19:42 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-13 19:35 - 2014-11-12 21:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-13 19:35 - 2014-11-12 21:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-13 19:35 - 2013-08-22 15:44 - 00362544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 12:20 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-08 21:52 - 2014-03-18 12:15 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2038875719-2975076231-4046231055-1001
2015-12-08 21:45 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-08 21:44 - 2014-11-12 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 21:40 - 2014-11-12 20:52 - 00000000 ____D C:\Windows\system32\MRT
2015-12-08 21:37 - 2014-11-12 20:52 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-01 18:19 - 2014-11-13 02:11 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 18:19 - 2014-11-13 02:11 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-01 17:51 - 2015-09-28 21:03 - 00000000 ____D C:\FCM
2015-11-23 18:05 - 2015-09-28 20:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-12-14 09:22 - 2015-12-14 09:24 - 0002192 _____ () C:\Users\User\AppData\Local\settings.ini
2015-07-12 08:29 - 2015-07-12 08:30 - 0000010 _____ () C:\ProgramData\system_image_date.txt

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-05 13:41

==================== End of FRST.txt ============================

--- --- ---

Vielen Dank für Deine Mühe (muss man immer mal wieder sagen)

Gruß M.

Deathkid535 · 15.12.2015, 14:25

Hi,

kommt die Meldung immer noch?

muffti · 15.12.2015, 15:28

Hi,
heute kam die Meldung bis jetzt nicht mehr.

Gruß M.

Deathkid535 · 15.12.2015, 15:30

Hi,

wart noch ein bisschen, gib mir morgen oder übermorgen bescheid obs endgültig weg ist

muffti · 15.12.2015, 15:57

ok, mach ich.

Nochmal danke!

Deathkid535 · 18.12.2015, 14:05

Hi,

wie schauts aus?

muffti · 19.12.2015, 13:15

Hi,

also bis jetzt ist die Meldung nicht mehr gekommen. Ich geh mal davon aus, dass das Tablet geheilt ist.
Vielen Dank nochmal
Gruß M

14.12.2015, 16:15	#8
Deathkid535 /// Malwareteam	TR/Firehooker.1825 Infektion gefunden von Avira Hi, wahrscheinlich hat Avira die gelöscht. Mach mal weiter bitte. __________________ mfg, Dennis Lob, Kritik oder Wünsche Unterstütze uns mit einer kleinen Spende

15.12.2015, 14:25	#10
Deathkid535 /// Malwareteam	TR/Firehooker.1825 Infektion gefunden von Avira Hi, kommt die Meldung immer noch? __________________ mfg, Dennis Lob, Kritik oder Wünsche Unterstütze uns mit einer kleinen Spende

15.12.2015, 15:30	#12
Deathkid535 /// Malwareteam	TR/Firehooker.1825 Infektion gefunden von Avira Hi, wart noch ein bisschen, gib mir morgen oder übermorgen bescheid obs endgültig weg ist __________________ mfg, Dennis Lob, Kritik oder Wünsche Unterstütze uns mit einer kleinen Spende

18.12.2015, 14:05	#14
Deathkid535 /// Malwareteam	TR/Firehooker.1825 Infektion gefunden von Avira Hi, wie schauts aus? __________________ mfg, Dennis Lob, Kritik oder Wünsche Unterstütze uns mit einer kleinen Spende

TR/Firehooker.1825 Infektion gefunden von Avira

Plagegeister aller Art und deren Bekämpfung: TR/Firehooker.1825 Infektion gefunden von Avira