Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Trojanerbefall tr/crpyt.xpak, tr/crpyt.zpak, tr/crpyt.epak (https://www.trojaner-board.de/153603-windows-7-trojanerbefall-tr-crpyt-xpak-tr-crpyt-zpak-tr-crpyt-epak.html)

matze0816 08.05.2014 18:38
Windows 7: Trojanerbefall tr/crpyt.xpak, tr/crpyt.zpak, tr/crpyt.epak
 
Hallo zusammen,

meine Eltern haben sich durch das Öffnen eines infizierten E-Mail-Anhanges bezüglich eines vermeintlichen Download-Abos einen Trojaner eingefangen. Das Antivirenprogramm Avira meldet tr/crpyt.xpak, tr/crpyt.zpak, tr/crpyt.epak. Die Logs befinden sich nach eurer Anleitung weiter unten. Kann man diese Schädlinge wieder entfernen?

Vielen Dank für eure Hilfe!

Gruß
Matze

defrogger_disable.txt
Code:
defogger_disable by jpshortstuff (23.02.10.1)

Log created at 10:52 on 08/05/2014 (User)



Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.



Checking for services/drivers...





-=E.O.F=-
FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by User (administrator) on WINDOWS-C24H7VG on 08-05-2014 10:56:49
Running from C:\Users\User\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Faronics Corporation) C:\ProgramData\tso\mvblbnx.exe
(Faronics Corporation) C:\ProgramData\dfqdi\yibw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Faronics Corporation) C:\ProgramData\tso\mvblbnx.exe
(Faronics Corporation) C:\ProgramData\dfqdi\yibw.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Faronics Corporation) C:\ProgramData\scjpwjq\gtka.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-04-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WinZip Malware Protector_startup] => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [6390448 2013-07-15] (Nico Mak Computing)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4067564863-2445936951-307354132-1000\...\RunOnce: [ku2yqpl] - C:\ProgramData\tso\mvblbnx.exe [290816 2014-05-06] (Faronics Corporation)
HKU\S-1-5-21-4067564863-2445936951-307354132-1000\...\RunOnce: [ujeum2] - C:\ProgramData\dfqdi\yibw.exe [290304 2014-05-07] (Faronics Corporation)
HKU\S-1-5-21-4067564863-2445936951-307354132-1000\...\RunOnce: [lje86] - C:\ProgramData\scjpwjq\gtka.exe [293888 2014-05-08] (Faronics Corporation)
HKU\S-1-5-21-4067564863-2445936951-307354132-1000\...\MountPoints2: {3030a320-85dc-11e3-9fe2-806e6f6e6963} - I:\smoney.exe

==================== Internet (Whitelisted) ====================

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP73925FEA-00C7-432C-B48E-8D4992449D43
FF SearchEngineOrder.1: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=11471&tm=296&src=hmp
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\youtube-video-search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [125008 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 msftesql$KLAES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)
R2 MSSQL$KLAES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-01] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-01] (SafeNet Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-02-01] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 _____ () C:\Users\User\defogger_reenable
2014-05-08 10:37 - 2014-05-08 10:52 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-08 10:33 - 2014-05-08 10:33 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2014-05-08 07:42 - 2014-05-08 07:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HiJackThis204.exe
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\scjpwjq
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\pabpao
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\hfypf
2014-05-08 06:05 - 2014-05-08 06:05 - 00017488 _____ () C:\Users\User\Desktop\AVira2.LOG
2014-05-07 23:17 - 2014-05-07 23:53 - 00000000 ____D () C:\Windows\pss
2014-05-07 20:56 - 2014-05-07 20:56 - 00013416 _____ () C:\Users\User\Desktop\AVSCAN.LOG
2014-05-07 19:48 - 2014-05-07 19:48 - 00011383 _____ () C:\Users\User\Desktop\Gmer.txt
2014-05-07 19:47 - 2014-05-07 19:47 - 00011383 _____ () C:\Users\User\Documents\Gmer.txt
2014-05-07 19:38 - 2014-05-07 19:38 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe
2014-05-07 19:32 - 2014-05-08 10:56 - 00013275 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-07 19:32 - 2014-05-08 10:56 - 00000000 ____D () C:\FRST
2014-05-07 19:32 - 2014-05-07 19:32 - 00023928 _____ () C:\Users\User\Desktop\Addition.txt
2014-05-07 19:30 - 2014-05-07 19:30 - 02063872 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-07 19:18 - 2014-05-08 10:52 - 00000000 ____D () C:\ProgramData\laab
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-07 19:16 - 2014-05-07 19:16 - 00002999 _____ () C:\Users\User\Desktop\log.xml
2014-05-07 19:06 - 2014-05-08 06:11 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-05-07 19:06 - 2014-05-07 19:06 - 00001189 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-05-07 19:06 - 2014-05-07 19:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nico Mak Computing
2014-05-07 19:06 - 2014-05-07 19:06 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-05-07 19:06 - 2014-05-07 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-05-07 19:06 - 2014-05-07 19:06 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-05-07 19:06 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-05-07 19:05 - 2014-05-07 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\User\Desktop\wzmp_8.exe
2014-05-07 15:37 - 2014-05-07 15:37 - 00002114 _____ () C:\Users\Public\Desktop\Starmoney9.0.lnk
2014-05-07 15:37 - 2014-05-07 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0 S-Edition
2014-05-07 15:36 - 2014-05-07 17:32 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition
2014-05-07 14:59 - 2014-05-07 14:59 - 00000636 _____ () C:\Windows\HBCIKRNL.INI
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Identive
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\Program Files (x86)\Identive
2014-05-07 14:59 - 2012-08-14 18:05 - 00346512 _____ (SCM Microsystems Inc.) C:\Windows\system32\MCSCM.dll
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\qlfvcw
2014-05-07 11:16 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 11:16 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-07 11:16 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-07 11:16 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-07 10:29 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\fsstws
2014-05-07 10:29 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\mqncoa
2014-05-07 10:29 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\dfqdi
2014-05-07 03:18 - 2014-05-07 03:18 - 00000000 ____D () C:\ProgramData\crucgl
2014-05-07 03:16 - 2014-05-07 03:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 03:00 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 03:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 03:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 03:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 03:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 03:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 03:00 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 03:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 03:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 03:00 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 03:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 03:00 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 03:00 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 03:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 03:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 03:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 03:00 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 03:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 03:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 03:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 03:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 03:00 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 03:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 03:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 03:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 03:00 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 03:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 03:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 03:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 03:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 03:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 03:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 03:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 03:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 03:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 03:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 03:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 03:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 03:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 03:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-06 19:54 - 2014-05-08 06:10 - 00000000 ____D () C:\ProgramData\nrgxu
2014-05-06 19:54 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\tso
2014-05-06 19:54 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\shfkve
2014-05-06 14:46 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 14:46 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 14:21 - 2014-05-08 07:35 - 00000000 ____D () C:\ProgramData\ixvma
2014-05-06 14:20 - 2014-05-07 07:12 - 00000000 ____D () C:\ProgramData\jqiwjns
2014-05-06 14:20 - 2014-05-07 07:08 - 00000000 ____D () C:\ProgramData\ninpbxk
2014-05-06 14:20 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\vcsjde
2014-05-06 14:20 - 2014-05-06 14:21 - 00000000 ____D () C:\ProgramData\ufr
2014-05-06 12:21 - 2014-05-06 12:21 - 00002237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00002231 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Users\User\AppData\Local\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-05-06 12:16 - 2014-05-06 12:19 - 43543552 _____ () C:\Users\User\Downloads\wz180gev-32.msi
2014-05-06 12:11 - 2014-05-07 07:08 - 00000000 ___HD () C:\Users\User\AppData\Local\Gjefwklvpu
2014-05-06 11:55 - 2014-05-06 11:55 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-06 11:49 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\laabi
2014-05-06 11:49 - 2014-05-07 17:51 - 00000000 ___HD () C:\Users\User\AppData\Local\Atoqa
2014-05-01 17:56 - 2014-05-01 18:06 - 00013606 _____ () C:\Users\User\#Umrisse.dxf
2014-05-01 17:51 - 2014-05-01 17:51 - 00013594 _____ () C:\Users\User\Umrisse.dxf
2014-04-30 15:18 - 2014-04-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-27 12:57 - 2014-04-27 12:57 - 00001447 _____ () C:\Users\User\Desktop\PC-FAX Rx - Verknüpfung.lnk
2014-04-21 14:40 - 2014-04-21 14:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\ControlCenter4
2014-04-21 14:38 - 2014-04-21 14:38 - 00002140 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-04-21 14:38 - 2014-04-21 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-04-21 14:37 - 2014-05-06 16:40 - 00000154 _____ () C:\Windows\Brfaxrx.ini
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Brother
2014-04-21 14:37 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2014-04-21 14:37 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2014-04-21 14:37 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2014-04-21 14:37 - 2010-02-05 04:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2014-04-21 14:37 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\InstallShield
2014-04-21 14:21 - 2014-04-21 14:21 - 00001054 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-04-21 14:20 - 2014-02-18 03:44 - 65158728 _____ (Macrovision Corporation) C:\Users\User\Downloads\ControlCenter4 Updater.exe
2014-04-21 14:12 - 2014-04-21 14:18 - 64052804 _____ (A.I.SOFT,INC.) C:\Users\User\Downloads\CC4updater_424091.EXE
2014-04-18 13:14 - 2014-04-27 12:54 - 00000000 ____D () C:\Users\User\AppData\Local\FRITZ!
2014-04-18 13:14 - 2014-04-18 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2014-04-18 13:13 - 2014-04-18 13:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\FRITZ!
2014-04-18 13:13 - 2014-04-18 13:14 - 00000000 ____D () C:\Program Files (x86)\FRITZ!
2014-04-18 13:13 - 2000-01-07 02:09 - 00114688 _____ (AVM Berlin GmbH) C:\Windows\SysWOW64\Fridru32.dll
2014-04-18 13:13 - 2000-01-07 02:09 - 00032768 _____ (AVM Berlin GmbH) C:\Windows\SysWOW64\FritzPort.dll
2014-04-18 13:13 - 1999-12-01 13:30 - 00040960 _____ (AVM Berlin GmbH) C:\Windows\SysWOW64\I2err32.dll
2014-04-18 13:09 - 2014-04-18 13:09 - 00000224 _____ () C:\Windows\setup.log
2014-04-18 13:09 - 1998-11-17 13:44 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2014-04-18 13:06 - 2014-04-18 13:08 - 18232168 _____ (AVM Berlin ) C:\Users\User\Downloads\FRITZ!fax_3.07.04.exe
2014-04-18 12:59 - 2014-04-18 13:11 - 00011376 _____ () C:\Windows\avmcoins.log
2014-04-16 08:45 - 2014-04-16 08:45 - 00000814 _____ () C:\Users\User\Desktop\EigDat2013 - Verknüpfung.lnk
2014-04-11 08:24 - 2014-04-11 08:25 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-04-10 10:36 - 2014-04-10 10:36 - 00001238 _____ () C:\Users\User\Desktop\KLAES 6.8 2010.lnk
2014-04-10 10:36 - 2014-04-10 10:36 - 00000028 _____ () C:\Windows\ODBC.INI
2014-04-09 14:50 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 14:50 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 14:50 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 14:50 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 14:50 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 14:50 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 14:50 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 14:50 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 14:50 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 14:50 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 14:50 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 14:50 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 14:50 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 14:50 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 14:50 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 14:50 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 14:50 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-08 10:56 - 2014-05-07 19:32 - 00013275 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-08 10:56 - 2014-05-07 19:32 - 00000000 ____D () C:\FRST
2014-05-08 10:52 - 2014-05-08 10:37 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-08 10:52 - 2014-05-07 19:18 - 00000000 ____D () C:\ProgramData\laab
2014-05-08 10:50 - 2014-01-25 18:21 - 01186992 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 _____ () C:\Users\User\defogger_reenable
2014-05-08 10:33 - 2014-05-08 10:33 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2014-05-08 10:33 - 2014-04-02 22:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 07:42 - 2014-05-08 07:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HiJackThis204.exe
2014-05-08 07:35 - 2014-05-06 14:21 - 00000000 ____D () C:\ProgramData\ixvma
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\scjpwjq
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\pabpao
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\hfypf
2014-05-08 07:34 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\fsstws
2014-05-08 07:34 - 2014-05-06 11:49 - 00000000 ____D () C:\ProgramData\laabi
2014-05-08 06:24 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 06:24 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 06:14 - 2013-01-28 09:48 - 00787386 _____ () C:\Windows\system32\perfh007.dat
2014-05-08 06:14 - 2013-01-28 09:48 - 00180040 _____ () C:\Windows\system32\perfc007.dat
2014-05-08 06:14 - 2009-07-14 07:13 - 01852362 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 06:11 - 2014-05-07 19:06 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-05-08 06:10 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\nrgxu
2014-05-08 06:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 06:09 - 2009-07-14 06:51 - 00059425 _____ () C:\Windows\setupact.log
2014-05-08 06:05 - 2014-05-08 06:05 - 00017488 _____ () C:\Users\User\Desktop\AVira2.LOG
2014-05-07 23:53 - 2014-05-07 23:17 - 00000000 ____D () C:\Windows\pss
2014-05-07 20:56 - 2014-05-07 20:56 - 00013416 _____ () C:\Users\User\Desktop\AVSCAN.LOG
2014-05-07 19:48 - 2014-05-07 19:48 - 00011383 _____ () C:\Users\User\Desktop\Gmer.txt
2014-05-07 19:47 - 2014-05-07 19:47 - 00011383 _____ () C:\Users\User\Documents\Gmer.txt
2014-05-07 19:38 - 2014-05-07 19:38 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe
2014-05-07 19:32 - 2014-05-07 19:32 - 00023928 _____ () C:\Users\User\Desktop\Addition.txt
2014-05-07 19:30 - 2014-05-07 19:30 - 02063872 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-07 19:16 - 2014-05-07 19:16 - 00002999 _____ () C:\Users\User\Desktop\log.xml
2014-05-07 19:06 - 2014-05-07 19:06 - 00001189 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-05-07 19:06 - 2014-05-07 19:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nico Mak Computing
2014-05-07 19:06 - 2014-05-07 19:06 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-05-07 19:06 - 2014-05-07 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-05-07 19:06 - 2014-05-07 19:06 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-05-07 19:05 - 2014-05-07 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\User\Desktop\wzmp_8.exe
2014-05-07 17:51 - 2014-05-06 11:49 - 00000000 ___HD () C:\Users\User\AppData\Local\Atoqa
2014-05-07 17:32 - 2014-05-07 15:36 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition
2014-05-07 15:49 - 2014-01-25 18:22 - 00126408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-07 15:48 - 2009-07-14 06:45 - 00522520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 15:43 - 2013-10-01 06:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-07 15:37 - 2014-05-07 15:37 - 00002114 _____ () C:\Users\Public\Desktop\Starmoney9.0.lnk
2014-05-07 15:37 - 2014-05-07 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0 S-Edition
2014-05-07 15:37 - 2014-03-30 14:29 - 00000000 ____D () C:\ProgramData\StarMoney 9.0
2014-05-07 15:37 - 2009-07-14 04:34 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-05-07 14:59 - 2014-05-07 14:59 - 00000636 _____ () C:\Windows\HBCIKRNL.INI
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Identive
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\Program Files (x86)\Identive
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\qlfvcw
2014-05-07 10:29 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\mqncoa
2014-05-07 10:29 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\dfqdi
2014-05-07 07:12 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\jqiwjns
2014-05-07 07:08 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\ninpbxk
2014-05-07 07:08 - 2014-05-06 12:11 - 00000000 ___HD () C:\Users\User\AppData\Local\Gjefwklvpu
2014-05-07 03:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-07 03:18 - 2014-05-07 03:18 - 00000000 ____D () C:\ProgramData\crucgl
2014-05-07 03:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-07 03:16 - 2014-05-07 03:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:54 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\tso
2014-05-06 19:54 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\shfkve
2014-05-06 19:54 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\vcsjde
2014-05-06 16:40 - 2014-04-21 14:37 - 00000154 _____ () C:\Windows\Brfaxrx.ini
2014-05-06 14:21 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\ufr
2014-05-06 12:21 - 2014-05-06 12:21 - 00002237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00002231 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Users\User\AppData\Local\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-05-06 12:21 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 12:19 - 2014-05-06 12:16 - 43543552 _____ () C:\Users\User\Downloads\wz180gev-32.msi
2014-05-06 12:17 - 2014-03-31 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-06 12:17 - 2014-03-31 17:00 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-06 12:10 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-06 11:55 - 2014-05-06 11:55 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-04 17:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-04 14:08 - 2014-03-30 14:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-04 14:08 - 2010-11-21 05:47 - 00113304 _____ () C:\Windows\PFRO.log
2014-05-01 18:06 - 2014-05-01 17:56 - 00013606 _____ () C:\Users\User\#Umrisse.dxf
2014-05-01 17:51 - 2014-05-01 17:51 - 00013594 _____ () C:\Users\User\Umrisse.dxf
2014-04-30 17:08 - 2014-04-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 14:17 - 2014-03-30 14:31 - 00000000 ____D () C:\Users\User\AppData\Local\Thunderbird
2014-04-29 16:01 - 2014-05-07 11:16 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-07 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-07 11:16 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-07 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 09:35 - 2014-04-02 22:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 09:35 - 2014-04-02 22:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 09:35 - 2014-04-02 22:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 07:22 - 2014-03-30 14:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-29 07:22 - 2014-03-30 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-29 07:22 - 2014-03-30 14:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-29 07:22 - 2014-03-30 14:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-27 12:57 - 2014-04-27 12:57 - 00001447 _____ () C:\Users\User\Desktop\PC-FAX Rx - Verknüpfung.lnk
2014-04-27 12:54 - 2014-04-18 13:14 - 00000000 ____D () C:\Users\User\AppData\Local\FRITZ!
2014-04-21 14:40 - 2014-04-21 14:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\ControlCenter4
2014-04-21 14:38 - 2014-04-21 14:38 - 00002140 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-04-21 14:38 - 2014-04-21 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-04-21 14:38 - 2014-03-30 14:57 - 00000969 _____ () C:\Windows\Brpfx04a.ini
2014-04-21 14:38 - 2014-03-30 14:57 - 00000130 _____ () C:\Windows\brpcfx.ini
2014-04-21 14:38 - 2014-03-30 14:49 - 00002954 _____ () C:\Windows\BRPARAM.INI
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Brother
2014-04-21 14:37 - 2014-03-30 14:56 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-04-21 14:37 - 2014-03-30 14:48 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\InstallShield
2014-04-21 14:21 - 2014-04-21 14:21 - 00001054 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-04-21 14:18 - 2014-04-21 14:12 - 64052804 _____ (A.I.SOFT,INC.) C:\Users\User\Downloads\CC4updater_424091.EXE
2014-04-18 13:15 - 2014-04-18 13:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\FRITZ!
2014-04-18 13:14 - 2014-04-18 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2014-04-18 13:14 - 2014-04-18 13:13 - 00000000 ____D () C:\Program Files (x86)\FRITZ!
2014-04-18 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-18 13:11 - 2014-04-18 12:59 - 00011376 _____ () C:\Windows\avmcoins.log
2014-04-18 13:09 - 2014-04-18 13:09 - 00000224 _____ () C:\Windows\setup.log
2014-04-18 13:08 - 2014-04-18 13:06 - 18232168 _____ (AVM Berlin ) C:\Users\User\Downloads\FRITZ!fax_3.07.04.exe
2014-04-16 08:45 - 2014-04-16 08:45 - 00000814 _____ () C:\Users\User\Desktop\EigDat2013 - Verknüpfung.lnk
2014-04-14 04:24 - 2014-05-06 14:46 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 14:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 19:25 - 2014-03-30 15:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-11 08:25 - 2014-04-11 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-04-10 16:49 - 2014-03-31 09:20 - 00000000 ____D () C:\Bürodaten14
2014-04-10 10:36 - 2014-04-10 10:36 - 00001238 _____ () C:\Users\User\Desktop\KLAES 6.8 2010.lnk
2014-04-10 10:36 - 2014-04-10 10:36 - 00000028 _____ () C:\Windows\ODBC.INI
2014-04-10 10:21 - 2014-03-31 15:42 - 00000000 ____D () C:\KLAESWH
2014-04-10 03:01 - 2013-10-01 15:22 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 03:01 - 2013-10-01 15:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 17:11 - 2014-03-30 15:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer

Files to move or delete:
====================
C:\Users\LibreCAD\D3DCompiler_43.dll
C:\Users\LibreCAD\icudt51.dll
C:\Users\LibreCAD\icuin51.dll
C:\Users\LibreCAD\icuuc51.dll
C:\Users\LibreCAD\libEGL.dll
C:\Users\LibreCAD\libgcc_s_dw2-1.dll
C:\Users\LibreCAD\libGLESv2.dll
C:\Users\LibreCAD\LibreCAD.exe
C:\Users\LibreCAD\libstdc++-6.dll
C:\Users\LibreCAD\libwinpthread-1.dll
C:\Users\LibreCAD\Qt5CLucene.dll
C:\Users\LibreCAD\Qt5Core.dll
C:\Users\LibreCAD\Qt5Declarative.dll
C:\Users\LibreCAD\Qt5Gui.dll
C:\Users\LibreCAD\Qt5Help.dll
C:\Users\LibreCAD\Qt5Network.dll
C:\Users\LibreCAD\Qt5OpenGL.dll
C:\Users\LibreCAD\Qt5PrintSupport.dll
C:\Users\LibreCAD\Qt5Script.dll
C:\Users\LibreCAD\Qt5Sql.dll
C:\Users\LibreCAD\Qt5Svg.dll
C:\Users\LibreCAD\Qt5Widgets.dll
C:\Users\LibreCAD\Qt5Xml.dll
C:\Users\LibreCAD\Qt5XmlPatterns.dll
C:\Users\LibreCAD\ttf2lff.exe
C:\Users\LibreCAD\Uninstall.exe
C:\Users\User\LibreCAD-Installer-2.0.3.exe


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Foxit Updater.exe
C:\Users\User\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\User\AppData\Local\Temp\repair4.exe
C:\Users\User\AppData\Local\Temp\_is932C.exe
C:\Users\User\AppData\Local\Temp\_isE7B2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 07:46

==================== End Of Log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2014
Ran by User at 2014-05-07 19:32:22
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Aladdin Drivers 4.99.5.20 (HKLM-x32\...\{BBD93E01-D40B-4C69-B3F8-B70B747C4F19}) (Version: 4.102.522 - Horst Klaes GmbH & Co. KG)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
Avira (HKLM-x32\...\{de2a210d-874c-44e2-840c-8a05b974fbc9}) (Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Btrieve Workstation Engine 6.15.430 (HKLM-x32\...\{DEC257D4-9012-40A0-A4A9-96AA94BECFE0}) (Version: 1.0.0 - Btrieve Technologies)
Foxit Reader (HKLM-x32\...\{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}) (Version: 5.4.3.920 - Foxit Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
KLAES Fonts (HKLM-x32\...\{C7B04C59-EA13-452A-AB2A-E7248E00A238}) (Version: 0.0.1 - Klaes)
KLAES Prerequisites (HKLM-x32\...\{95935134-F75B-4D1F-9B90-48CAEF499BD9}) (Version: 0.3.13 - Klaes)
LibreCAD (HKLM-x32\...\LibreCAD) (Version: 2.0.3 - LibreCAD Team)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 (KLAES) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Management Studio Express (HKLM\...\{C40D6727-57FE-4671-B51A-69B0F21F44B5}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
SPR332 USB Smart Card Reader V1.06 (HKLM-x32\...\{6121875B-8A84-4218-9D11-B94B55795006}) (Version: 1.06 - Identive)
StarMoney (x32 Version: 4.0.1.51 - StarFinanz) Hidden
StarMoney 9.0 S-Edition (HKLM-x32\...\{B3B5B6FB-77FE-48BC-9E52-97F3C75FE46E}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
WinZip 18.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}) (Version: 18.0.10661 - WinZip Computing, S.L. )
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)

==================== Restore Points  =========================

29-04-2014 05:53:12 Geplanter Prüfpunkt
03-05-2014 23:03:01 Windows Update
06-05-2014 10:20:46 WinZip 18.0 wird installiert
07-05-2014 01:00:27 Windows Update
07-05-2014 09:16:12 Windows Update
07-05-2014 12:59:01 Installed SPR332 USB Smart Card Reader V1.06
07-05-2014 13:01:26 Installiert StarMoney
07-05-2014 13:28:45 Entfernt StarMoney
07-05-2014 13:35:52 Installiert StarMoney
07-05-2014 13:43:27 Installiert StarMoney
07-05-2014 15:11:18 Removed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4AAA063F-ABD4-41E4-A32D-C7C7672C1E38} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E336458-1C30-42D6-9B00-3EB8A7450E4D} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {9AA5551E-E6AA-4EC6-BD04-A1C36FB7EE3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {A026A8FA-251A-461B-B02E-ACA313CAB76F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-01 06:38 - 2012-10-29 09:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2014-03-30 15:36 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-30 15:36 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-03-30 14:56 - 2010-03-16 01:04 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-03-30 14:41 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-01 06:38 - 2014-05-07 18:56 - 00027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-10-01 06:38 - 2012-05-07 18:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2014-03-30 14:41 - 2014-04-15 18:59 - 00049744 _____ () C:\Users\User\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-04-21 14:37 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-04-15 19:00 - 2014-04-15 19:00 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-07 15:37 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\PATCHW32.dll
2014-04-15 18:59 - 2014-04-15 18:59 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-30 14:23 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-01 06:48 - 2013-03-12 22:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-07 19:06 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-05-07 19:06 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-05-07 19:06 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL
2014-04-29 09:35 - 2014-04-29 09:35 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2014 06:58:22 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 06:02:13 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: StarMoney.exe, Version: 4.0.4.21, Zeitstempel: 0x53425bd4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x05040218
ID des fehlerhaften Prozesses: 0x21a8
Startzeit der fehlerhaften Anwendung: 0xStarMoney.exe0
Pfad der fehlerhaften Anwendung: StarMoney.exe1
Pfad des fehlerhaften Moduls: StarMoney.exe2
Berichtskennung: StarMoney.exe3

Error: (05/07/2014 06:00:40 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: StarMoney.exe, Version: 4.0.4.21, Zeitstempel: 0x53425bd4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x08fc0218
ID des fehlerhaften Prozesses: 0x1ec8
Startzeit der fehlerhaften Anwendung: 0xStarMoney.exe0
Pfad der fehlerhaften Anwendung: StarMoney.exe1
Pfad des fehlerhaften Moduls: StarMoney.exe2
Berichtskennung: StarMoney.exe3

Error: (05/07/2014 06:00:27 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: StarMoney.exe, Version: 4.0.4.21, Zeitstempel: 0x53425bd4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04db0218
ID des fehlerhaften Prozesses: 0x1df4
Startzeit der fehlerhaften Anwendung: 0xStarMoney.exe0
Pfad der fehlerhaften Anwendung: StarMoney.exe1
Pfad des fehlerhaften Moduls: StarMoney.exe2
Berichtskennung: StarMoney.exe3

Error: (05/07/2014 06:00:12 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: StarMoney.exe, Version: 4.0.4.21, Zeitstempel: 0x53425bd4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x051c0218
ID des fehlerhaften Prozesses: 0x1c8c
Startzeit der fehlerhaften Anwendung: 0xStarMoney.exe0
Pfad der fehlerhaften Anwendung: StarMoney.exe1
Pfad des fehlerhaften Moduls: StarMoney.exe2
Berichtskennung: StarMoney.exe3

Error: (05/07/2014 05:59:29 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: StarMoney.exe, Version: 4.0.4.21, Zeitstempel: 0x53425bd4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x090c0218
ID des fehlerhaften Prozesses: 0x1940
Startzeit der fehlerhaften Anwendung: 0xStarMoney.exe0
Pfad der fehlerhaften Anwendung: StarMoney.exe1
Pfad des fehlerhaften Moduls: StarMoney.exe2
Berichtskennung: StarMoney.exe3

Error: (05/07/2014 05:28:13 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: StarMoney.exe, Version: 4.0.4.21, Zeitstempel: 0x53425bd4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04cb0218
ID des fehlerhaften Prozesses: 0xcd0
Startzeit der fehlerhaften Anwendung: 0xStarMoney.exe0
Pfad der fehlerhaften Anwendung: StarMoney.exe1
Pfad des fehlerhaften Moduls: StarMoney.exe2
Berichtskennung: StarMoney.exe3

Error: (05/07/2014 05:27:54 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: StarMoney.exe, Version: 4.0.4.21, Zeitstempel: 0x53425bd4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04d40218
ID des fehlerhaften Prozesses: 0x92c
Startzeit der fehlerhaften Anwendung: 0xStarMoney.exe0
Pfad der fehlerhaften Anwendung: StarMoney.exe1
Pfad des fehlerhaften Moduls: StarMoney.exe2
Berichtskennung: StarMoney.exe3

Error: (05/07/2014 05:27:29 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: StarMoney.exe, Version: 4.0.4.21, Zeitstempel: 0x53425bd4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x09000218
ID des fehlerhaften Prozesses: 0x1af0
Startzeit der fehlerhaften Anwendung: 0xStarMoney.exe0
Pfad der fehlerhaften Anwendung: StarMoney.exe1
Pfad des fehlerhaften Moduls: StarMoney.exe2
Berichtskennung: StarMoney.exe3

Error: (05/07/2014 05:27:14 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: StarMoney.exe, Version: 4.0.4.21, Zeitstempel: 0x53425bd4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x08fd0218
ID des fehlerhaften Prozesses: 0x195c
Startzeit der fehlerhaften Anwendung: 0xStarMoney.exe0
Pfad der fehlerhaften Anwendung: StarMoney.exe1
Pfad des fehlerhaften Moduls: StarMoney.exe2
Berichtskennung: StarMoney.exe3


System errors:
=============
Error: (05/06/2014 11:44:31 AM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (05/04/2014 01:03:29 AM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/18/2014 00:59:48 PM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/17/2014 01:28:17 PM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/12/2014 06:24:55 PM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/11/2014 08:17:39 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/10/2014 03:19:22 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/09/2014 10:35:42 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/08/2014 07:12:09 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/07/2014 10:39:30 PM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (05/07/2014 06:58:22 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 06:02:13 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: StarMoney.exe4.0.4.2153425bd4unknown0.0.0.000000000c00000050504021821a801cf6a0db23f55ddC:\Program Files (x86)\StarMoney 9.0 S-Edition\app\StarMoney.exeunknownf3c097ae-d600-11e3-a901-404e57434401

Error: (05/07/2014 06:00:40 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: StarMoney.exe4.0.4.2153425bd4unknown0.0.0.000000000c000000508fc02181ec801cf6a0d7aba1d59C:\Program Files (x86)\StarMoney 9.0 S-Edition\app\StarMoney.exeunknownbc285428-d600-11e3-a901-404e57434401

Error: (05/07/2014 06:00:27 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: StarMoney.exe4.0.4.2153425bd4unknown0.0.0.000000000c000000504db02181df401cf6a0d730e4e17C:\Program Files (x86)\StarMoney 9.0 S-Edition\app\StarMoney.exeunknownb472ff65-d600-11e3-a901-404e57434401

Error: (05/07/2014 06:00:12 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: StarMoney.exe4.0.4.2153425bd4unknown0.0.0.000000000c0000005051c02181c8c01cf6a0d69ea656aC:\Program Files (x86)\StarMoney 9.0 S-Edition\app\StarMoney.exeunknownab6221ba-d600-11e3-a901-404e57434401

Error: (05/07/2014 05:59:29 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: StarMoney.exe4.0.4.2153425bd4unknown0.0.0.000000000c0000005090c0218194001cf6a0d4f2c6fd6C:\Program Files (x86)\StarMoney 9.0 S-Edition\app\StarMoney.exeunknown917a67fe-d600-11e3-a901-404e57434401

Error: (05/07/2014 05:28:13 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: StarMoney.exe4.0.4.2153425bd4unknown0.0.0.000000000c000000504cb0218cd001cf6a08f2701198C:\Program Files (x86)\StarMoney 9.0 S-Edition\app\StarMoney.exeunknown33de4867-d5fc-11e3-a901-404e57434401

Error: (05/07/2014 05:27:54 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: StarMoney.exe4.0.4.2153425bd4unknown0.0.0.000000000c000000504d4021892c01cf6a08e6b3b309C:\Program Files (x86)\StarMoney 9.0 S-Edition\app\StarMoney.exeunknown28186457-d5fc-11e3-a901-404e57434401

Error: (05/07/2014 05:27:29 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: StarMoney.exe4.0.4.2153425bd4unknown0.0.0.000000000c0000005090002181af001cf6a08d7bfdf6cC:\Program Files (x86)\StarMoney 9.0 S-Edition\app\StarMoney.exeunknown192e163b-d5fc-11e3-a901-404e57434401

Error: (05/07/2014 05:27:14 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: StarMoney.exe4.0.4.2153425bd4unknown0.0.0.000000000c000000508fd0218195c01cf6a08cf3b72f1C:\Program Files (x86)\StarMoney 9.0 S-Edition\app\StarMoney.exeunknown10a0243f-d5fc-11e3-a901-404e57434401


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 7869.85 MB
Available physical RAM: 5473.04 MB
Total Pagefile: 15737.88 MB
Available Pagefile: 12923.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:874.9 GB) NTFS
Drive d: (Storage) (Fixed) (Total:1397.26 GB) (Free:848.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: C37E6C68)
Partition 1: (Not Active) - (Size=-698723990528) - (Type=07 NTFS)

==================== End Of Log ============================
GMER.txt
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-08 11:14:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 ATA_____ rev.A750 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\User\AppData\Local\Temp\kgaiqaoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                        fffff800031bb000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                        fffff800031bb02f 16 bytes [00, 03, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69  0000000075c71465 2 bytes [C7, 75]
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  0000000075c714bb 2 bytes [C7, 75]
.text    ...                                                                                                                        * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [168:5488]                                                                                000007fef147a2b0
Thread    C:\Windows\System32\svchost.exe [168:5508]                                                                                000007fef1b720c0
Thread    C:\Windows\System32\svchost.exe [168:5512]                                                                                000007fef1b726a8
Thread    C:\Windows\System32\svchost.exe [168:5516]                                                                                000007fef12814a0
Thread    C:\Windows\System32\svchost.exe [168:9444]                                                                                000007fef1b729dc
Thread    C:\Windows\system32\svchost.exe [496:5848]                                                                                000007fef7ef506c
Thread    C:\Windows\system32\svchost.exe [496:7976]                                                                                000007fef2f64164
Thread    C:\Windows\system32\svchost.exe [496:11904]                                                                                000007feef4bcb70
Thread    C:\Windows\System32\spoolsv.exe [1264:1624]                                                                                000007fef92110c8
Thread    C:\Windows\System32\spoolsv.exe [1264:1628]                                                                                000007fef91d6144
Thread    C:\Windows\System32\spoolsv.exe [1264:1632]                                                                                000007fef8d85fd0
Thread    C:\Windows\System32\spoolsv.exe [1264:1636]                                                                                000007fef8d73438
Thread    C:\Windows\System32\spoolsv.exe [1264:1640]                                                                                000007fef8d863ec
Thread    C:\Windows\System32\spoolsv.exe [1264:1648]                                                                                000007fef98c5e5c
Thread    C:\Windows\System32\spoolsv.exe [1264:1656]                                                                                000007fef9f45074
Thread    C:\Windows\System32\spoolsv.exe [1264:1764]                                                                                000007fef96a8760
Thread    C:\Windows\system32\taskhost.exe [1448:1484]                                                                              000007fefa292740
Thread    C:\Windows\system32\taskhost.exe [1448:1524]                                                                              000007fefa231010
Thread    C:\Windows\system32\taskhost.exe [1448:1532]                                                                              000007fef9ee1f38
Thread    C:\Windows\system32\taskhost.exe [1448:4748]                                                                              000007fef9b55170
Thread    [1540:1548]                                                                                                              000000007732aef0
Thread    [1540:1552]                                                                                                              000000007732fbf0
Thread    [1540:13204]                                                                                                              000000007732fbf0
Thread    [1540:11452]                                                                                                              000000007732fbf0
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:1592]                                                                                  000000000166fc1e
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:4076]                                                                                  000000006fe5786a
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:4464]                                                                                  0000000063642109
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:4476]                                                                                  0000000062f60550
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:5348]                                                                                  0000000062f60550
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:5812]                                                                                  0000000062f60550
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:5816]                                                                                  0000000062f60550
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6040]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6044]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6048]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6052]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6056]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6060]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6064]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6068]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6072]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6076]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6080]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6084]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6088]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6092]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6096]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6100]                                                                                  000000005a8b1dc5
Thread    C:\Windows\SysWOW64\ntdll.dll [1588:6132]                                                                                  0000000072f132fb
Thread    C:\Windows\SysWOW64\ntdll.dll [2084:2088]                                                                                  000000000139d1f6
Thread    C:\Windows\SysWOW64\ntdll.dll [2084:2704]                                                                                  0000000071ee8c90
Thread    C:\Windows\SysWOW64\ntdll.dll [2084:5068]                                                                                  0000000063e08960
Thread    C:\Windows\SysWOW64\ntdll.dll [2084:5072]                                                                                  0000000063e08960
Thread    C:\Windows\SysWOW64\ntdll.dll [2084:5076]                                                                                  0000000063e08960
Thread    C:\Windows\SysWOW64\ntdll.dll [2084:5080]                                                                                  0000000063e04090
Thread    C:\Windows\SysWOW64\ntdll.dll [2092:2096]                                                                                  0000000000a117c0
Thread    C:\Windows\SysWOW64\ntdll.dll [2092:3828]                                                                                  000000006ced8940
Thread    C:\Windows\SysWOW64\ntdll.dll [2128:2132]                                                                                  0000000000a34adb
Thread    C:\Windows\SysWOW64\ntdll.dll [2136:2140]                                                                                  0000000000463ae0
Thread    C:\Windows\SysWOW64\ntdll.dll [2136:5808]                                                                                  0000000000463246
Thread    C:\Windows\SysWOW64\ntdll.dll [2356:2360]                                                                                  0000000000b12104
Thread    C:\Windows\SysWOW64\ntdll.dll [2404:2408]                                                                                  0000000000b12104
Thread    C:\Windows\SysWOW64\ntdll.dll [2432:2436]                                                                                  000000000043323e
Thread    C:\Windows\SysWOW64\ntdll.dll [2432:4088]                                                                                  0000000000432ab8
Thread    C:\Windows\SysWOW64\ntdll.dll [3208:3212]                                                                                  0000000000c50000
Thread    C:\Windows\SysWOW64\ntdll.dll [3208:3492]                                                                                  0000000000a814f9
Thread    C:\Windows\SysWOW64\ntdll.dll [3208:3724]                                                                                  0000000000a836c3
Thread    C:\Windows\SysWOW64\ntdll.dll [3208:3436]                                                                                  0000000000a836c3
Thread    C:\Windows\SysWOW64\ntdll.dll [3208:2204]                                                                                  0000000000a836c3
Thread    C:\Windows\SysWOW64\ntdll.dll [3208:3772]                                                                                  0000000000a836c3
Thread    C:\Windows\SysWOW64\ntdll.dll [3208:3456]                                                                                  0000000000a836c3
Thread    C:\Windows\SysWOW64\ntdll.dll [3208:3452]                                                                                  0000000000a836c3
Thread    C:\Windows\SysWOW64\ntdll.dll [3208:3980]                                                                                  0000000000a836c3
Thread    [3496:3504]                                                                                                              000000007732aef0
Thread    [3496:3516]                                                                                                              000007feff51a808
Thread    [3496:12952]                                                                                                              000000007732fbf0
Thread    [3496:11972]                                                                                                              000000007732fbf0
Thread    C:\Windows\SysWOW64\ntdll.dll [3528:3532]                                                                                  0000000001007afa
Thread    C:\Windows\explorer.exe [3576:3624]                                                                                        0000000001f895e0
Thread    C:\Windows\explorer.exe [3576:3628]                                                                                        0000000001f863e0
Thread    [3600:1752]                                                                                                              0000000077542e65
Thread    [3600:2184]                                                                                                              000000006f0029e1
Thread    [3600:2188]                                                                                                              000000006f0029e1
Thread    [3600:2236]                                                                                                              000000006f0029e1
Thread    [3600:1828]                                                                                                              000000006f0029e1
Thread    [3600:2852]                                                                                                              000000006f0029e1
Thread    [3600:1692]                                                                                                              000000006f0029e1
Thread    [3600:1832]                                                                                                              000000006f0029e1
Thread    [3600:2180]                                                                                                              000000006f0029e1
Thread    [3600:3128]                                                                                                              000000006f0029e1
Thread    [3600:2232]                                                                                                              000000006f0029e1
Thread    [3600:4296]                                                                                                              000000006f0029e1
Thread    [3600:4300]                                                                                                              000000006f0029e1
Thread    [3600:4304]                                                                                                              000000006f0029e1
Thread    [3600:4496]                                                                                                              000000006f0029e1
Thread    [3600:4500]                                                                                                              000000006f0029e1
Thread    [3600:4512]                                                                                                              000000006f0029e1
Thread    [3600:4516]                                                                                                              000000006f0029e1
Thread    [3600:4520]                                                                                                              000000006f0029e1
Thread    [3600:4524]                                                                                                              000000006f0029e1
Thread    [3600:4528]                                                                                                              000000006f0029e1
Thread    [3600:4532]                                                                                                              000000006f0029e1
Thread    [3600:4536]                                                                                                              0000000077543e85
Thread    [3600:4592]                                                                                                              000000006f0029e1
Thread    [3600:4600]                                                                                                              00000000624b1c2f
Thread    [3600:4768]                                                                                                              000000006f0029e1
Thread    [3600:4772]                                                                                                              000000006f0029e1
Thread    [3600:4780]                                                                                                              000000006f0029e1
Thread    [3600:4784]                                                                                                              000000006f0029e1
Thread    [3600:4896]                                                                                                              000000006f0029e1
Thread    [3600:5036]                                                                                                              000000006f0029e1
Thread    [3600:13028]                                                                                                              0000000077543e85
Thread    [3600:1464]                                                                                                              0000000077543e85
Thread    [3736:3760]                                                                                                              000000007756b7c0
Thread    [3736:3764]                                                                                                              0000000077542e65
Thread    [3736:3768]                                                                                                              0000000001e39060
Thread    [3736:3900]                                                                                                              000000007756b7c0
Thread    [3736:3908]                                                                                                              000000007756b7c0
Thread    [3736:3912]                                                                                                              000000007756b7c0
Thread    [3736:3916]                                                                                                              000000007756b7c0
Thread    [3736:3920]                                                                                                              000000007756b7c0
Thread    [3736:3924]                                                                                                              000000007756b7c0
Thread    [3736:3928]                                                                                                              000000007756b7c0
Thread    [3736:3996]                                                                                                              000000007756b7c0
Thread    [3736:4000]                                                                                                              000000007756b7c0
Thread    [3736:3700]                                                                                                              000000007756b7c0
Thread    [3736:4324]                                                                                                              000000007756b7c0
Thread    [3736:692]                                                                                                                000000007756b7c0
Thread    [3736:976]                                                                                                                000000007756b7c0
Thread    [3736:2672]                                                                                                              000000007756b7c0
Thread    [3736:2676]                                                                                                              000000007756b7c0
Thread    [3736:2680]                                                                                                              000000007756b7c0
Thread    [3736:2684]                                                                                                              000000007756b7c0
Thread    [3736:3220]                                                                                                              000000007756b7c0
Thread    [3880:3952]                                                                                                              000000007756b7c0
Thread    [3880:3984]                                                                                                              0000000077542e65
Thread    [3880:3988]                                                                                                              0000000001e89060
Thread    [3880:4024]                                                                                                              000000007756b7c0
Thread    [3880:4032]                                                                                                              000000007756b7c0
Thread    [3880:4036]                                                                                                              000000007756b7c0
Thread    [3880:4040]                                                                                                              000000007756b7c0
Thread    [3880:4044]                                                                                                              000000007756b7c0
Thread    [3880:4048]                                                                                                              000000007756b7c0
Thread    [3880:4060]                                                                                                              000000007756b7c0
Thread    [3880:4064]                                                                                                              000000007756b7c0
Thread    [3880:5376]                                                                                                              000000007756b7c0
Thread    [3880:3196]                                                                                                              000000007756b7c0
Thread    [3880:3656]                                                                                                              000000007756b7c0
Thread    [3880:1348]                                                                                                              000000007756b7c0
Thread    [3880:4492]                                                                                                              000000007756b7c0
Thread    [3880:6152]                                                                                                              000000007756b7c0
Thread    [3880:6156]                                                                                                              000000007756b7c0
Thread    [3880:6160]                                                                                                              000000007756b7c0
Thread    [3880:6612]                                                                                                              000000007756b7c0
Thread    [3880:11492]                                                                                                              0000000077543e85
Thread    C:\Windows\SysWOW64\ntdll.dll [3188:2264]                                                                                  00000000004fa544
Thread    C:\Windows\SysWOW64\ntdll.dll [2240:4100]                                                                                  000000000007878e
Thread    C:\Windows\SysWOW64\ntdll.dll [2240:4132]                                                                                  0000000000053d20
Thread    C:\Windows\SysWOW64\ntdll.dll [2240:4136]                                                                                  0000000000052660
Thread    C:\Windows\SysWOW64\ntdll.dll [2240:4160]                                                                                  000000006d30cfd0
Thread    C:\Windows\SysWOW64\ntdll.dll [4192:4196]                                                                                  0000000000ec4329
Thread    C:\Windows\SysWOW64\ntdll.dll [4192:4284]                                                                                  0000000000ec1a59
Thread    C:\Windows\SysWOW64\ntdll.dll [4192:4288]                                                                                  0000000000ec1a59
Thread    C:\Windows\SysWOW64\ntdll.dll [4192:4312]                                                                                  0000000000ec1a59
Thread    C:\Windows\SysWOW64\ntdll.dll [4192:4316]                                                                                  0000000000ec1a59
Thread    C:\Windows\SysWOW64\ntdll.dll [4244:4248]                                                                                  0000000000ef930e
Thread    C:\Windows\SysWOW64\ntdll.dll [4244:4552]                                                                                  0000000072f132fb
Thread    [4348:4540]                                                                                                              000000007732aef0
Thread    [4348:12540]                                                                                                              000000007732fbf0
Thread    [4348:11840]                                                                                                              000000007732fbf0
Thread    [1564:4460]                                                                                                              000000007732aef0
Thread    [1564:4488]                                                                                                              000007feff51a808
Thread    [1564:3572]                                                                                                              000000007732fbf0
Thread    [1564:11672]                                                                                                              000000007732fbf0
Thread    C:\Windows\SysWOW64\ntdll.dll [5152:5156]                                                                                  000000000041f0b0
Thread    C:\Windows\SysWOW64\ntdll.dll [4380:4956]                                                                                  0000000000e6314e
Thread    C:\Windows\SysWOW64\ntdll.dll [2476:4356]                                                                                  0000000000d57e12
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [1412:2260]                                                            000007fefb582a7c
Thread    [7596:7616]                                                                                                              000000007756b7c0
Thread    [7596:7620]                                                                                                              0000000077542e65
Thread    [7596:7628]                                                                                                              0000000001de9060
Thread    [7596:7604]                                                                                                              000000007756b7c0
Thread    [7596:7592]                                                                                                              000000007756b7c0
Thread    [7596:6344]                                                                                                              000000007756b7c0
Thread    [7596:7528]                                                                                                              000000007756b7c0
Thread    [7596:8176]                                                                                                              000000007756b7c0
Thread    [7596:6424]                                                                                                              000000007756b7c0
Thread    [7596:8188]                                                                                                              000000007756b7c0
Thread    [7596:5784]                                                                                                              000000007756b7c0
Thread    [7596:5168]                                                                                                              000000007756b7c0
Thread    [7596:872]                                                                                                                000000007756b7c0
Thread    [7596:4452]                                                                                                              000000007756b7c0
Thread    [7596:5832]                                                                                                              000000007756b7c0
Thread    [7596:7292]                                                                                                              000000007756b7c0
Thread    [7596:8020]                                                                                                              000000007756b7c0
Thread    [7596:5096]                                                                                                              000000007756b7c0
Thread    [7596:5260]                                                                                                              000000007756b7c0
Thread    [7596:7248]                                                                                                              000000007756b7c0
Thread    [7596:8148]                                                                                                              000000007756b7c0
Thread    [7596:11960]                                                                                                              0000000077543e85

---- EOF - GMER 2.1 ----
Avscan.txt

Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 7. Mai 2014  20:52


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Antivirus Free
Seriennummer  : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : WINDOWS-C24H7VG

Versionsinformationen:
BUILD.DAT      : 14.0.3.350    56624 Bytes  25.02.2014 11:41:00
AVSCAN.EXE    : 14.0.3.332  1058384 Bytes  25.02.2014 09:41:04
AVSCANRC.DLL  : 14.0.2.180    62008 Bytes  25.02.2014 09:41:04
LUKE.DLL      : 14.0.3.336    65616 Bytes  25.02.2014 09:41:05
AVSCPLR.DLL    : 14.0.3.336    124496 Bytes  25.02.2014 09:41:04
AVREG.DLL      : 14.0.3.336    250448 Bytes  25.02.2014 09:41:04
avlode.dll    : 14.0.3.336    544848 Bytes  25.02.2014 09:41:04
avlode.rdf    : 14.0.4.14      63648 Bytes  15.04.2014 11:55:59
VBASE000.VDF  : 7.11.70.0  66736640 Bytes  04.04.2013 09:41:06
VBASE001.VDF  : 7.11.74.226  2201600 Bytes  30.04.2013 09:41:06
VBASE002.VDF  : 7.11.80.60  2751488 Bytes  28.05.2013 09:41:06
VBASE003.VDF  : 7.11.85.214  2162688 Bytes  21.06.2013 09:41:06
VBASE004.VDF  : 7.11.91.176  3903488 Bytes  23.07.2013 09:41:06
VBASE005.VDF  : 7.11.98.186  6822912 Bytes  29.08.2013 09:41:06
VBASE006.VDF  : 7.11.139.38 15708672 Bytes  27.03.2014 12:44:33
VBASE007.VDF  : 7.11.145.136  2117120 Bytes  28.04.2014 11:31:53
VBASE008.VDF  : 7.11.145.137    2048 Bytes  28.04.2014 11:31:53
VBASE009.VDF  : 7.11.145.138    2048 Bytes  28.04.2014 11:31:53
VBASE010.VDF  : 7.11.145.139    2048 Bytes  28.04.2014 11:31:54
VBASE011.VDF  : 7.11.145.140    2048 Bytes  28.04.2014 11:31:54
VBASE012.VDF  : 7.11.145.141    2048 Bytes  28.04.2014 11:31:54
VBASE013.VDF  : 7.11.146.20  166912 Bytes  29.04.2014 17:22:02
VBASE014.VDF  : 7.11.146.131  194048 Bytes  01.05.2014 13:58:58
VBASE015.VDF  : 7.11.146.243  167936 Bytes  03.05.2014 12:13:48
VBASE016.VDF  : 7.11.147.97  122368 Bytes  05.05.2014 18:45:34
VBASE017.VDF  : 7.11.147.207  169472 Bytes  06.05.2014 17:24:14
VBASE018.VDF  : 7.11.147.208    2048 Bytes  06.05.2014 17:24:14
VBASE019.VDF  : 7.11.147.209    2048 Bytes  06.05.2014 17:24:14
VBASE020.VDF  : 7.11.147.210    2048 Bytes  06.05.2014 17:24:14
VBASE021.VDF  : 7.11.147.211    2048 Bytes  06.05.2014 17:24:14
VBASE022.VDF  : 7.11.147.212    2048 Bytes  06.05.2014 17:24:14
VBASE023.VDF  : 7.11.147.213    2048 Bytes  06.05.2014 17:24:14
VBASE024.VDF  : 7.11.147.214    2048 Bytes  06.05.2014 17:24:14
VBASE025.VDF  : 7.11.147.215    2048 Bytes  06.05.2014 17:24:15
VBASE026.VDF  : 7.11.147.216    2048 Bytes  06.05.2014 17:24:15
VBASE027.VDF  : 7.11.147.217    2048 Bytes  06.05.2014 17:24:15
VBASE028.VDF  : 7.11.147.218    2048 Bytes  06.05.2014 17:24:15
VBASE029.VDF  : 7.11.147.219    2048 Bytes  06.05.2014 17:24:15
VBASE030.VDF  : 7.11.147.220    2048 Bytes  06.05.2014 17:24:15
VBASE031.VDF  : 7.11.148.22  196608 Bytes  07.05.2014 13:00:30
Engineversion  : 8.3.18.12
AEVDF.DLL      : 8.3.0.4      118976 Bytes  30.03.2014 12:42:26
AESCRIPT.DLL  : 8.1.4.200    528584 Bytes  10.04.2014 13:35:09
AESCN.DLL      : 8.3.0.2      135360 Bytes  30.03.2014 12:42:24
AESBX.DLL      : 8.2.20.18    1409224 Bytes  29.04.2014 17:22:01
AERDL.DLL      : 8.2.0.138    704888 Bytes  25.02.2014 09:41:04
AEPACK.DLL    : 8.4.0.22      778440 Bytes  29.04.2014 17:21:59
AEOFFICE.DLL  : 8.3.0.4      205000 Bytes  17.04.2014 17:32:21
AEHEUR.DLL    : 8.1.4.1044  6697160 Bytes  30.04.2014 18:12:03
AEHELP.DLL    : 8.3.0.0      274808 Bytes  30.03.2014 12:41:57
AEGEN.DLL      : 8.1.7.26      450752 Bytes  17.04.2014 17:32:20
AEEXP.DLL      : 8.4.1.312    569544 Bytes  30.04.2014 18:12:04
AEEMU.DLL      : 8.1.3.2      393587 Bytes  25.02.2014 09:41:04
AECORE.DLL    : 8.3.0.6      241864 Bytes  30.03.2014 12:41:54
AEBB.DLL      : 8.1.1.4        53619 Bytes  25.02.2014 09:41:04
AVWINLL.DLL    : 14.0.3.252    23608 Bytes  25.02.2014 09:41:05
AVPREF.DLL    : 14.0.3.252    48696 Bytes  25.02.2014 09:41:04
AVREP.DLL      : 14.0.3.252    175672 Bytes  25.02.2014 09:41:04
AVARKT.DLL    : 14.0.3.336    256080 Bytes  25.02.2014 09:41:04
AVEVTLOG.DLL  : 14.0.3.336    165968 Bytes  25.02.2014 09:41:04
SQLITE3.DLL    : 3.7.0.1      394808 Bytes  25.02.2014 09:41:06
AVSMTP.DLL    : 14.0.3.252    60472 Bytes  25.02.2014 09:41:04
NETNT.DLL      : 14.0.3.252    13368 Bytes  25.02.2014 09:41:05
RCIMAGE.DLL    : 14.0.3.260  4979256 Bytes  25.02.2014 09:41:06
RCTEXT.DLL    : 14.0.3.282    72760 Bytes  25.02.2014 09:41:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 7. Mai 2014  20:52

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'HDD1(D:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.


Ende des Suchlaufs: Mittwoch, 7. Mai 2014  20:53
Benötigte Zeit: 01:36 Minute(n)

Der Suchlauf wurde abgebrochen!

      0 Verzeichnisse wurden überprüft
      0 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
      0 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise

schrauber 08.05.2014 20:20
hi,

WinZip Malware Protector deinstallieren.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

matze0816 09.05.2014 12:22
Hallo!

Vielen Dank für die schnelle Rückmeldung.

Das Programm wurde wie gewünscht entfernt.

combofix.txt

Code:
ComboFix 14-05-07.03 - User 09.05.2014  12:56:25.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.7870.5653 [GMT 2:00]
ausgef¸hrt von:: c:\users\User\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Lˆschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\LibreCAD\icudt51.dll
c:\users\LibreCAD\icuin51.dll
c:\users\LibreCAD\icuuc51.dll
c:\users\LibreCAD\libEGL.dll
c:\users\LibreCAD\libgcc_s_dw2-1.dll
c:\users\LibreCAD\libGLESv2.dll
c:\users\LibreCAD\LibreCAD.exe
c:\users\LibreCAD\libstdc++-6.dll
c:\users\LibreCAD\Qt5Core.dll
c:\users\LibreCAD\ttf2lff.exe
c:\users\LibreCAD\Uninstall.exe
c:\users\User\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\User\LibreCAD-Installer-2.0.3.exe
c:\windows\IsUn0407.exe
D:\setup.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-09 bis 2014-05-09  ))))))))))))))))))))))))))))))
.
.
2014-05-09 10:59 . 2014-05-09 10:59        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-05-09 10:38 . 2014-05-09 10:38        --------        d-----w-        c:\programdata\lye
2014-05-09 10:38 . 2014-05-09 10:38        --------        d-----w-        c:\programdata\rjvecso
2014-05-09 10:38 . 2014-05-09 10:38        --------        d-----w-        c:\programdata\bwdnd
2014-05-08 09:44 . 2014-05-09 10:48        --------        d-----w-        c:\programdata\fce
2014-05-08 05:34 . 2014-05-09 10:38        --------        d-----w-        c:\programdata\hfypf
2014-05-08 05:34 . 2014-05-08 05:34        --------        d-----w-        c:\programdata\scjpwjq
2014-05-08 05:34 . 2014-05-08 05:34        --------        d-----w-        c:\programdata\pabpao
2014-05-07 17:32 . 2014-05-08 08:56        --------        d-----w-        C:\FRST
2014-05-07 17:18 . 2014-05-08 09:02        --------        d-----w-        c:\programdata\laab
2014-05-07 17:17 . 2014-05-07 17:17        --------        d-sh--w-        c:\users\User\AppData\Local\EmieUserList
2014-05-07 17:17 . 2014-05-07 17:17        --------        d-sh--w-        c:\users\User\AppData\Local\EmieSiteList
2014-05-07 17:06 . 2014-05-09 10:40        --------        d-----w-        c:\users\User\AppData\Roaming\Nico Mak Computing
2014-05-07 13:36 . 2014-05-09 10:37        --------        d-----w-        c:\program files (x86)\StarMoney 9.0 S-Edition
2014-05-07 13:36 . 2014-05-07 13:36        --------        d-----w-        c:\program files (x86)\Common Files\StarFinanz
2014-05-07 12:59 . 2012-08-14 16:05        346512        ----a-w-        c:\windows\system32\MCSCM.dll
2014-05-07 12:59 . 2014-05-07 12:59        --------        d-----w-        c:\program files (x86)\Identive
2014-05-07 09:17 . 2014-05-08 10:59        --------        d-----w-        c:\programdata\qlfvcw
2014-05-07 09:16 . 2014-04-29 14:01        23547904        ----a-w-        c:\windows\system32\mshtml.dll
2014-05-07 09:16 . 2014-04-29 13:40        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-07 09:16 . 2014-04-29 12:34        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-05-07 08:29 . 2014-05-08 09:48        --------        d-----w-        c:\programdata\dfqdi
2014-05-07 08:29 . 2014-05-08 09:44        --------        d-----w-        c:\programdata\fsstws
2014-05-07 08:29 . 2014-05-07 08:29        --------        d-----w-        c:\programdata\mqncoa
2014-05-07 01:18 . 2014-05-08 10:59        --------        d-----w-        c:\programdata\crucgl
2014-05-07 01:16 . 2014-05-07 01:16        --------        d-s---w-        c:\windows\system32\CompatTel
2014-05-07 01:01 . 2014-03-06 06:00        359936        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2014-05-07 01:01 . 2014-03-06 05:50        257536        ----a-w-        c:\program files (x86)\Internet Explorer\IEShims.dll
2014-05-07 01:01 . 2014-03-06 08:32        574976        ----a-w-        c:\windows\system32\ieui.dll
2014-05-06 17:54 . 2014-05-08 10:59        --------        d-----w-        c:\programdata\tso
2014-05-06 17:54 . 2014-05-08 09:44        --------        d-----w-        c:\programdata\nrgxu
2014-05-06 17:54 . 2014-05-06 17:54        --------        d-----w-        c:\programdata\shfkve
2014-05-06 12:46 . 2014-04-14 02:24        465408        ----a-w-        c:\windows\system32\aepdu.dll
2014-05-06 12:46 . 2014-04-14 02:19        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-05-06 12:21 . 2014-05-09 10:38        --------        d-----w-        c:\programdata\ixvma
2014-05-06 12:20 . 2014-05-07 05:12        --------        d-----w-        c:\programdata\jqiwjns
2014-05-06 12:20 . 2014-05-07 05:08        --------        d-----w-        c:\programdata\ninpbxk
2014-05-06 12:20 . 2014-05-06 17:54        --------        d-----w-        c:\programdata\vcsjde
2014-05-06 12:20 . 2014-05-06 12:21        --------        d-----w-        c:\programdata\ufr
2014-05-06 10:21 . 2014-05-06 10:21        --------        d-----w-        c:\users\User\AppData\Local\WinZip
2014-05-06 10:21 . 2014-05-06 10:21        --------        d-----w-        c:\programdata\WinZip
2014-05-06 10:11 . 2014-05-07 05:08        --------        d--h--w-        c:\users\User\AppData\Local\Gjefwklvpu
2014-05-06 09:55 . 2014-05-06 09:55        --------        d-----w-        c:\program files (x86)\7-Zip
2014-05-06 09:49 . 2014-05-07 15:51        --------        d--h--w-        c:\users\User\AppData\Local\Atoqa
2014-04-30 13:18 . 2014-04-30 15:08        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2014-04-21 12:40 . 2014-04-21 12:40        --------        d-----w-        c:\users\User\AppData\Roaming\ControlCenter4
2014-04-21 12:37 . 2014-04-21 12:37        --------        d-----w-        C:\Brother
2014-04-21 12:37 . 2014-04-21 12:37        --------        d-----w-        c:\program files (x86)\Browny02
2014-04-21 12:37 . 2014-04-21 12:37        --------        d-----w-        c:\programdata\ControlCenter4
2014-04-21 12:37 . 2010-02-05 02:42        180224        ----a-w-        c:\windows\SysWow64\BROSNMP.DLL
2014-04-21 12:37 . 2012-09-10 14:31        245760        ------w-        c:\windows\SysWow64\NSSearch.dll
2014-04-21 12:37 . 2012-07-09 15:19        5120        ------w-        c:\windows\SysWow64\BrDctF2S.dll
2014-04-21 12:37 . 2010-03-15 17:45        73728        ------w-        c:\windows\SysWow64\BrDctF2.dll
2014-04-21 12:37 . 2007-12-13 20:16        5632        ------w-        c:\windows\SysWow64\BrDctF2L.dll
2014-04-21 12:36 . 2014-04-21 12:36        --------        d-----w-        c:\users\User\AppData\Roaming\InstallShield
2014-04-21 12:21 . 2014-04-21 12:21        --------        d-----w-        c:\program files (x86)\Foxit Software
2014-04-18 11:14 . 2014-04-27 10:54        --------        d-----w-        c:\users\User\AppData\Local\FRITZ!
2014-04-18 11:13 . 2000-01-07 00:09        32768        ----a-w-        c:\windows\SysWow64\FritzPort.dll
2014-04-18 11:13 . 2000-01-07 00:09        114688        ----a-w-        c:\windows\SysWow64\Fridru32.dll
2014-04-18 11:13 . 1999-12-01 11:30        40960        ----a-w-        c:\windows\SysWow64\I2err32.dll
2014-04-18 11:13 . 2014-04-18 11:15        --------        d-----w-        c:\users\User\AppData\Roaming\FRITZ!
2014-04-18 11:13 . 2014-04-18 11:14        --------        d-----w-        c:\program files (x86)\FRITZ!
2014-04-11 06:24 . 2014-04-11 06:25        --------        d-----w-        c:\users\User\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 07:35 . 2014-04-02 20:25        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 07:35 . 2014-04-02 20:25        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-12 16:50 . 2014-03-30 13:55        578256        ----a-w-        c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-04-10 01:01 . 2013-10-01 13:22        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-31 16:19 . 2014-03-31 16:19        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2014-03-31 16:19 . 2014-03-31 16:19        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-31 16:19 . 2014-03-31 16:19        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2014-03-31 16:19 . 2014-03-31 16:19        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2014-03-31 16:19 . 2014-03-31 16:19        337408        ----a-w-        c:\windows\SysWow64\html.iec
2014-03-31 16:19 . 2014-03-31 16:19        235008        ----a-w-        c:\windows\system32\elshyph.dll
2014-03-31 16:19 . 2014-03-31 16:19        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2014-03-31 16:19 . 2014-03-31 16:19        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2014-03-31 16:19 . 2014-03-31 16:19        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2014-03-31 16:19 . 2014-03-31 16:19        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2014-03-31 16:19 . 2014-03-31 16:19        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2014-03-31 16:19 . 2014-03-31 16:19        81408        ----a-w-        c:\windows\system32\icardie.dll
2014-03-31 16:19 . 2014-03-31 16:19        77312        ----a-w-        c:\windows\system32\tdc.ocx
2014-03-31 16:19 . 2014-03-31 16:19        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-31 16:19 . 2014-03-31 16:19        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-03-31 16:19 . 2014-03-31 16:19        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2014-03-31 16:19 . 2014-03-31 16:19        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2014-03-31 16:19 . 2014-03-31 16:19        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2014-03-31 16:19 . 2014-03-31 16:19        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2014-03-31 16:19 . 2014-03-31 16:19        413696        ----a-w-        c:\windows\system32\html.iec
2014-03-31 16:19 . 2014-03-31 16:19        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2014-03-31 16:19 . 2014-03-31 16:19        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-03-31 16:19 . 2014-03-31 16:19        247808        ----a-w-        c:\windows\system32\msls31.dll
2014-03-31 16:19 . 2014-03-31 16:19        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2014-03-31 16:19 . 2014-03-31 16:19        235520        ----a-w-        c:\windows\system32\url.dll
2014-03-31 16:19 . 2014-03-31 16:19        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2014-03-31 16:19 . 2014-03-31 16:19        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2014-03-31 16:19 . 2014-03-31 16:19        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2014-03-31 16:19 . 2014-03-31 16:19        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2014-03-31 16:19 . 2014-03-31 16:19        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2014-03-31 16:19 . 2014-03-31 16:19        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-03-31 16:19 . 2014-03-31 16:19        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2014-03-31 16:19 . 2014-03-31 16:19        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2014-03-31 16:19 . 2014-03-31 16:19        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-03-31 16:18 . 2014-03-31 16:18        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2014-03-31 16:18 . 2014-03-31 16:18        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-03-31 16:18 . 2014-03-31 16:18        774144        ----a-w-        c:\windows\system32\jscript.dll
2014-03-31 16:18 . 2014-03-31 16:18        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2014-03-31 16:18 . 2014-03-31 16:18        48128        ----a-w-        c:\windows\system32\imgutil.dll
2014-03-31 16:18 . 2014-03-31 16:18        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2014-03-31 16:18 . 2014-03-31 16:18        243200        ----a-w-        c:\windows\system32\webcheck.dll
2014-03-31 16:18 . 2014-03-31 16:18        167424        ----a-w-        c:\windows\system32\iexpress.exe
2014-03-31 16:18 . 2014-03-31 16:18        147968        ----a-w-        c:\windows\system32\occache.dll
2014-03-31 16:18 . 2014-03-31 16:18        143872        ----a-w-        c:\windows\system32\wextract.exe
2014-03-31 16:18 . 2014-03-31 16:18        13824        ----a-w-        c:\windows\system32\mshta.exe
2014-03-31 16:18 . 2014-03-31 16:18        135680        ----a-w-        c:\windows\system32\iepeers.dll
2014-03-31 16:18 . 2014-03-31 16:18        101376        ----a-w-        c:\windows\system32\inseng.dll
2014-03-31 01:08 . 2014-03-31 01:08        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2014-03-31 01:08 . 2014-03-31 01:08        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2014-03-31 01:08 . 2014-03-31 01:08        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2014-03-31 01:08 . 2014-03-31 01:08        363008        ----a-w-        c:\windows\system32\dxgi.dll
2014-03-31 01:08 . 2014-03-31 01:08        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        333312        ----a-w-        c:\windows\system32\d3d10_1core.dll
2014-03-31 01:08 . 2014-03-31 01:08        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        296960        ----a-w-        c:\windows\system32\d3d10core.dll
2014-03-31 01:08 . 2014-03-31 01:08        2776576        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-03-31 01:08 . 2014-03-31 01:08        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        249856        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2014-03-31 01:08 . 2014-03-31 01:08        245248        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2014-03-31 01:08 . 2014-03-31 01:08        2284544        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2014-03-31 01:08 . 2014-03-31 01:08        220160        ----a-w-        c:\windows\SysWow64\d3d10core.dll
2014-03-31 01:08 . 2014-03-31 01:08        207872        ----a-w-        c:\windows\SysWow64\WindowsCodecsExt.dll
2014-03-31 01:08 . 2014-03-31 01:08        194560        ----a-w-        c:\windows\system32\d3d10_1.dll
2014-03-31 01:08 . 2014-03-31 01:08        1682432        ----a-w-        c:\windows\system32\XpsPrint.dll
2014-03-31 01:08 . 2014-03-31 01:08        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2014-03-31 01:08 . 2014-03-31 01:08        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2014-03-31 01:08 . 2014-03-31 01:08        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2014-03-31 01:08 . 2014-03-31 01:08        1238528        ----a-w-        c:\windows\system32\d3d10.dll
2014-03-31 01:08 . 2014-03-31 01:08        1175552        ----a-w-        c:\windows\system32\FntCache.dll
2014-03-31 01:08 . 2014-03-31 01:08        1158144        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2014-03-31 01:08 . 2014-03-31 01:08        1080832        ----a-w-        c:\windows\SysWow64\d3d10.dll
2014-03-31 01:08 . 2014-03-31 01:08        10752        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-31 01:08 . 2014-03-31 01:08        648192        ----a-w-        c:\windows\system32\d3d10level9.dll
2014-03-31 01:08 . 2014-03-31 01:08        293376        ----a-w-        c:\windows\SysWow64\dxgi.dll
2014-03-31 01:08 . 2014-03-31 01:08        221184        ----a-w-        c:\windows\system32\UIAnimation.dll
2014-03-31 01:08 . 2014-03-31 01:08        187392        ----a-w-        c:\windows\SysWow64\UIAnimation.dll
2014-03-30 18:41 . 2014-03-30 18:42        84720        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-03-04 09:17 . 2014-04-09 12:50        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-02-25 09:41 . 2014-03-30 12:41        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2014-02-25 09:41 . 2014-03-30 12:41        131576        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-02-25 09:41 . 2014-03-30 12:41        108440        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 14:28        222920        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 14:28        222920        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 14:28        222920        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-04-15 182352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 msftesql$KLAES;SQL Server FullText Search (KLAES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [x]
S2 MSSQL$KLAES;SQL Server (KLAES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;c:\program files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys;c:\windows\SYSNATIVE\DRIVERS\AVMCOWAN.sys [x]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys;c:\windows\SYSNATIVE\DRIVERS\fpcibase.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02 07:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-30 14:28        261832        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-30 14:28        261832        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-30 14:28        261832        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-04-12 17:04        2333400        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-04-12 17:04        2333400        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-04-12 17:04        2333400        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-24 444400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-24 165872]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-24 407536]
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=11471&tm=296&src=hmp
FF - ExtSQL: !HIDDEN! 2009-08-16 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-06-17 16:49; smartwebprinting@hp.com; c:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-LibreCAD - c:\users\LibreCAD\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$KLAES]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:KLAES"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-09  13:03:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-09 11:03
.
Vor Suchlauf: 18 Verzeichnis(se), 947.800.518.656 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 947.819.155.456 Bytes frei
.
- - End Of File - - 1F9B2163F5810E590DE6A044B3AA3459
A36C5E4F47E84449FF07ED3517B43A31

schrauber 10.05.2014 11:02
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

matze0816 10.05.2014 12:56
So, alles wie gewünscht erledigt!

mbam.txt

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 10.05.2014
Suchlauf-Zeit: 13:36:09
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.10.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bˆsartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 277656
Verstrichene Zeit: 7 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschl¸ssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 29
PUP.Optional.DefaultSearch.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\default-search.xml, In Quarant‰ne, [7a41e06f90ebbf77263eea9c27db60a0],
PUP.Optional.MyStartSearch.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\MyStart Search.xml, In Quarant‰ne, [10abd57a78037bbb0c22a1e6e41e1ee2],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\conduit-search.xml, In Quarant‰ne, [a714e36c96e5989e32d009807a8834cc],
PUP.Optional.DefaultSearch.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=11471&tm=296&src=hmp");), Ersetzt,[7e3dc68993e8b4825c8254195fa51de3]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), Ersetzt,[5368490652293bfbf400b0bde71d4fb1]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.babTrack", "affID=100607");), Ersetzt,[7843133c80fb57df35bf402d8b79ab55]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.bbDpng", 29);), Ersetzt,[ffbc331cb8c3dc5afdf779f463a14ab6]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), Ersetzt,[615a5ff07803a096f8fc25484cb806fa]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltSrch", true);), Ersetzt,[ba011a351566e452e80cd29bcd3717e9]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.firstRun", false);), Ersetzt,[04b7db745f1ca591e01498d56c98a957]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.hmpg", true);), Ersetzt,[cbf0c8874b3046f0a1536607ad57da26]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "c431eb5f0000000000000018f38af376");), Ersetzt,[09b2bf904239d1659163313c966e53ad]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15211");), Ersetzt,[506b1738f7841f17777d6706b45047b9]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), Ersetzt,[f6c5fc53e19aa88e00f45c11d331ef11]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c431eb5f0000000000000018f38af376&tlver=1.4.35.10&affID=100607");), Ersetzt,[dedd8dc23c3fa591d71d7fee976d24dc]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.lastDP", 29);), Ersetzt,[dae181ce86f50531ea0af776f113926e]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1017:21:13");), Ersetzt,[56654708493254e27c78363743c155ab]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.newTab", true);), Ersetzt,[6b50e96695e65cda2ec6fd70030116ea]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");), Ersetzt,[9a21e06f7308d165f9fb0469d331bd43]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), Ersetzt,[b407b59a28531c1aee06026bba4a43bd]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), Ersetzt,[0caf5af51a61c274777d5b1239cb4ab6]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.ptch_0717", true);), Ersetzt,[695279d6c1ba1e18955f2b4223e1a060]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.smplGrp", "none");), Ersetzt,[89324e01354678bee60e78f5de262cd4]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.srcExt", "ss");), Ersetzt,[219a8fc0245779bdfff5b5b87f85b24e]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");), Ersetzt,[e8d39ab50279ef476d87f7760ff5f40c]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), Ersetzt,[dbe04708c9b21422b143ec819a6a956b]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");), Ersetzt,[3388301f097255e16391165726de14ec]
PUP.Optional.Babylon.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1017:21:13");), Ersetzt,[794272dd2457191da054b1bc0afa1de3]
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP73925FEA-00C7-432C-B48E-8D4992449D43");), Ersetzt,[5f5ccd82215a3402bc87fc729b69a45c]

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner.txt

Code:
# AdwCleaner v3.207 - Bericht erstellt am 10/05/2014 um 13:41:10
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : User - WINDOWS-C24H7VG
# Gestartet von : C:\Users\User\Desktop\adwcleaner.exe
# Option : Lˆschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelˆscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\invalidprefs.js
Datei Gelˆscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\ask-search.xml

***** [ Verkn¸pfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schl¸ssel Gelˆscht : HKLM\Software\Description

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\prefs.js ]

Zeile gelˆscht : user_pref("browser.search.order.1", "default-search.net");

*************************

AdwCleaner[R0].txt - [1159 octets] - [10/05/2014 13:39:52]
AdwCleaner[S0].txt - [1080 octets] - [10/05/2014 13:41:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1140 octets] ##########
JRT.txt

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by User on 10.05.2014 at 13:46:05,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\fj36m6ci.default\searchplugins\youtube-video-search.xml
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\fj36m6ci.default\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.05.2014 at 13:49:45,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by User (administrator) on WINDOWS-C24H7VG on 10-05-2014 13:50:24
Running from C:\Users\User\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-04-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [125008 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 msftesql$KLAES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)
R2 MSSQL$KLAES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-01] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-01] (SafeNet Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-02-01] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-10 13:50 - 2014-05-10 13:50 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2014-05-10 13:49 - 2014-05-10 13:49 - 00000896 _____ () C:\Users\User\Desktop\JRT.txt
2014-05-10 13:46 - 2014-05-10 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 13:44 - 2014-05-10 13:44 - 00001220 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2014-05-10 13:39 - 2014-05-10 13:41 - 00000000 ____D () C:\AdwCleaner
2014-05-10 13:38 - 2014-05-10 13:38 - 00008032 _____ () C:\Users\User\Desktop\mbam.txt
2014-05-10 13:26 - 2014-05-10 13:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 13:26 - 2014-05-10 13:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 13:26 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-10 13:26 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-10 13:26 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 13:24 - 2014-05-10 13:24 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-05-10 13:23 - 2014-05-10 13:23 - 01316991 _____ () C:\Users\User\Desktop\adwcleaner.exe
2014-05-10 13:22 - 2014-05-10 13:23 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-09 13:18 - 2014-05-09 13:18 - 00027510 _____ () C:\Users\User\Desktop\combofix2.txt
2014-05-09 13:17 - 2014-05-09 13:17 - 00027510 _____ () C:\ComboFix.txt
2014-05-09 13:04 - 2014-05-09 13:04 - 00028621 _____ () C:\Users\User\Desktop\combofix.txt
2014-05-09 12:55 - 2014-05-09 13:17 - 00000000 ____D () C:\Qoobox
2014-05-09 12:55 - 2014-05-09 13:02 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 12:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-09 12:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-09 12:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-09 12:46 - 2014-05-09 12:47 - 05200039 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\rjvecso
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\lye
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\bwdnd
2014-05-08 13:01 - 2014-05-08 13:01 - 00028866 _____ () C:\Users\User\Desktop\Avira3.LOG
2014-05-08 11:44 - 2014-05-09 12:48 - 00000000 ____D () C:\ProgramData\fce
2014-05-08 11:25 - 2014-05-08 11:25 - 00000242 _____ () C:\Users\User\Desktop\defogger_enable.log
2014-05-08 11:14 - 2014-05-08 11:14 - 00031325 _____ () C:\Users\User\Desktop\Gmer.txt
2014-05-08 10:37 - 2014-05-08 10:52 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-08 10:33 - 2014-05-08 10:33 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2014-05-08 07:42 - 2014-05-08 07:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HiJackThis204.exe
2014-05-08 07:34 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\hfypf
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\scjpwjq
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\pabpao
2014-05-08 06:05 - 2014-05-08 06:05 - 00017488 _____ () C:\Users\User\Desktop\AVira2.LOG
2014-05-07 23:17 - 2014-05-07 23:53 - 00000000 ____D () C:\Windows\pss
2014-05-07 20:56 - 2014-05-07 20:56 - 00013416 _____ () C:\Users\User\Desktop\AVSCAN.LOG
2014-05-07 19:47 - 2014-05-07 19:47 - 00011383 _____ () C:\Users\User\Documents\Gmer.txt
2014-05-07 19:38 - 2014-05-07 19:38 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe
2014-05-07 19:32 - 2014-05-10 13:50 - 00012084 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-07 19:32 - 2014-05-10 13:50 - 00000000 ____D () C:\FRST
2014-05-07 19:32 - 2014-05-07 19:32 - 00023928 _____ () C:\Users\User\Desktop\Addition.txt
2014-05-07 19:30 - 2014-05-10 13:50 - 02065408 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-07 19:18 - 2014-05-08 11:02 - 00000000 ____D () C:\ProgramData\laab
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-07 19:16 - 2014-05-07 19:16 - 00002999 _____ () C:\Users\User\Desktop\log.xml
2014-05-07 19:06 - 2014-05-09 12:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nico Mak Computing
2014-05-07 19:05 - 2014-05-07 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\User\Desktop\wzmp_8.exe
2014-05-07 15:37 - 2014-05-07 15:37 - 00002114 _____ () C:\Users\Public\Desktop\Starmoney9.0.lnk
2014-05-07 15:37 - 2014-05-07 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0 S-Edition
2014-05-07 15:36 - 2014-05-09 12:37 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition
2014-05-07 14:59 - 2014-05-07 14:59 - 00000636 _____ () C:\Windows\HBCIKRNL.INI
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Identive
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\Program Files (x86)\Identive
2014-05-07 14:59 - 2012-08-14 18:05 - 00346512 _____ (SCM Microsystems Inc.) C:\Windows\system32\MCSCM.dll
2014-05-07 11:17 - 2014-05-08 12:59 - 00000000 ____D () C:\ProgramData\qlfvcw
2014-05-07 11:16 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 11:16 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-07 11:16 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-07 11:16 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-07 10:29 - 2014-05-08 11:48 - 00000000 ____D () C:\ProgramData\dfqdi
2014-05-07 10:29 - 2014-05-08 11:44 - 00000000 ____D () C:\ProgramData\fsstws
2014-05-07 10:29 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\mqncoa
2014-05-07 03:18 - 2014-05-08 12:59 - 00000000 ____D () C:\ProgramData\crucgl
2014-05-07 03:16 - 2014-05-07 03:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 03:00 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 03:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 03:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 03:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 03:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 03:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 03:00 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 03:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 03:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 03:00 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 03:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 03:00 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 03:00 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 03:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 03:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 03:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 03:00 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 03:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 03:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 03:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 03:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 03:00 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 03:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 03:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 03:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 03:00 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 03:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 03:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 03:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 03:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 03:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 03:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 03:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 03:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 03:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 03:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 03:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 03:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 03:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 03:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-06 19:54 - 2014-05-08 12:59 - 00000000 ____D () C:\ProgramData\tso
2014-05-06 19:54 - 2014-05-08 11:44 - 00000000 ____D () C:\ProgramData\nrgxu
2014-05-06 19:54 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\shfkve
2014-05-06 14:46 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 14:46 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 14:21 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\ixvma
2014-05-06 14:20 - 2014-05-07 07:12 - 00000000 ____D () C:\ProgramData\jqiwjns
2014-05-06 14:20 - 2014-05-07 07:08 - 00000000 ____D () C:\ProgramData\ninpbxk
2014-05-06 14:20 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\vcsjde
2014-05-06 14:20 - 2014-05-06 14:21 - 00000000 ____D () C:\ProgramData\ufr
2014-05-06 12:21 - 2014-05-06 12:21 - 00002237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00002231 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Users\User\AppData\Local\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-05-06 12:16 - 2014-05-06 12:19 - 43543552 _____ () C:\Users\User\Downloads\wz180gev-32.msi
2014-05-06 12:11 - 2014-05-07 07:08 - 00000000 ___HD () C:\Users\User\AppData\Local\Gjefwklvpu
2014-05-06 11:55 - 2014-05-06 11:55 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-06 11:49 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\laabi
2014-05-06 11:49 - 2014-05-07 17:51 - 00000000 ___HD () C:\Users\User\AppData\Local\Atoqa
2014-05-01 17:56 - 2014-05-01 18:06 - 00013606 _____ () C:\Users\User\#Umrisse.dxf
2014-05-01 17:51 - 2014-05-01 17:51 - 00013594 _____ () C:\Users\User\Umrisse.dxf
2014-04-30 15:18 - 2014-04-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-27 12:57 - 2014-04-27 12:57 - 00001447 _____ () C:\Users\User\Desktop\PC-FAX Rx - Verknüpfung.lnk
2014-04-21 14:40 - 2014-04-21 14:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\ControlCenter4
2014-04-21 14:38 - 2014-04-21 14:38 - 00002140 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-04-21 14:38 - 2014-04-21 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-04-21 14:37 - 2014-05-06 16:40 - 00000154 _____ () C:\Windows\Brfaxrx.ini
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Brother
2014-04-21 14:37 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2014-04-21 14:37 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2014-04-21 14:37 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2014-04-21 14:37 - 2010-02-05 04:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2014-04-21 14:37 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\InstallShield
2014-04-21 14:21 - 2014-04-21 14:21 - 00001054 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-04-21 14:20 - 2014-02-18 03:44 - 65158728 _____ (Macrovision Corporation) C:\Users\User\Downloads\ControlCenter4 Updater.exe
2014-04-21 14:12 - 2014-04-21 14:18 - 64052804 _____ (A.I.SOFT,INC.) C:\Users\User\Downloads\CC4updater_424091.EXE
2014-04-18 13:14 - 2014-04-27 12:54 - 00000000 ____D () C:\Users\User\AppData\Local\FRITZ!
2014-04-18 13:14 - 2014-04-18 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2014-04-18 13:13 - 2014-04-18 13:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\FRITZ!
2014-04-18 13:13 - 2014-04-18 13:14 - 00000000 ____D () C:\Program Files (x86)\FRITZ!
2014-04-18 13:13 - 2000-01-07 02:09 - 00114688 _____ (AVM Berlin GmbH) C:\Windows\SysWOW64\Fridru32.dll
2014-04-18 13:13 - 2000-01-07 02:09 - 00032768 _____ (AVM Berlin GmbH) C:\Windows\SysWOW64\FritzPort.dll
2014-04-18 13:13 - 1999-12-01 13:30 - 00040960 _____ (AVM Berlin GmbH) C:\Windows\SysWOW64\I2err32.dll
2014-04-18 13:09 - 2014-04-18 13:09 - 00000224 _____ () C:\Windows\setup.log
2014-04-18 13:06 - 2014-04-18 13:08 - 18232168 _____ (AVM Berlin ) C:\Users\User\Downloads\FRITZ!fax_3.07.04.exe
2014-04-18 12:59 - 2014-04-18 13:11 - 00011376 _____ () C:\Windows\avmcoins.log
2014-04-16 08:45 - 2014-04-16 08:45 - 00000814 _____ () C:\Users\User\Desktop\EigDat2013 - Verknüpfung.lnk
2014-04-11 08:24 - 2014-04-11 08:25 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-04-10 10:36 - 2014-04-10 10:36 - 00001238 _____ () C:\Users\User\Desktop\KLAES 6.8 2010.lnk
2014-04-10 10:36 - 2014-04-10 10:36 - 00000028 _____ () C:\Windows\ODBC.INI

==================== One Month Modified Files and Folders =======

2014-05-10 13:50 - 2014-05-10 13:50 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2014-05-10 13:50 - 2014-05-07 19:32 - 00012084 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-10 13:50 - 2014-05-07 19:32 - 00000000 ____D () C:\FRST
2014-05-10 13:50 - 2014-05-07 19:30 - 02065408 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-10 13:50 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 13:50 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 13:49 - 2014-05-10 13:49 - 00000896 _____ () C:\Users\User\Desktop\JRT.txt
2014-05-10 13:48 - 2013-01-28 09:48 - 00787386 _____ () C:\Windows\system32\perfh007.dat
2014-05-10 13:48 - 2013-01-28 09:48 - 00180040 _____ () C:\Windows\system32\perfc007.dat
2014-05-10 13:48 - 2009-07-14 07:13 - 01852362 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 13:46 - 2014-05-10 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 13:46 - 2014-01-25 18:21 - 01261865 _____ () C:\Windows\WindowsUpdate.log
2014-05-10 13:44 - 2014-05-10 13:44 - 00001220 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2014-05-10 13:43 - 2014-05-10 13:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 13:41 - 2014-05-10 13:39 - 00000000 ____D () C:\AdwCleaner
2014-05-10 13:41 - 2010-11-21 05:47 - 00114932 _____ () C:\Windows\PFRO.log
2014-05-10 13:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 13:41 - 2009-07-14 06:51 - 00060097 _____ () C:\Windows\setupact.log
2014-05-10 13:38 - 2014-05-10 13:38 - 00008032 _____ () C:\Users\User\Desktop\mbam.txt
2014-05-10 13:33 - 2014-04-02 22:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-10 13:26 - 2014-05-10 13:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 13:24 - 2014-05-10 13:24 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-05-10 13:23 - 2014-05-10 13:23 - 01316991 _____ () C:\Users\User\Desktop\adwcleaner.exe
2014-05-10 13:23 - 2014-05-10 13:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-09 13:18 - 2014-05-09 13:18 - 00027510 _____ () C:\Users\User\Desktop\combofix2.txt
2014-05-09 13:17 - 2014-05-09 13:17 - 00027510 _____ () C:\ComboFix.txt
2014-05-09 13:17 - 2014-05-09 12:55 - 00000000 ____D () C:\Qoobox
2014-05-09 13:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-09 13:04 - 2014-05-09 13:04 - 00028621 _____ () C:\Users\User\Desktop\combofix.txt
2014-05-09 13:03 - 2014-03-31 08:23 - 00000000 ____D () C:\Users\LibreCAD
2014-05-09 13:03 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-09 13:02 - 2014-05-09 12:55 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 12:48 - 2014-05-08 11:44 - 00000000 ____D () C:\ProgramData\fce
2014-05-09 12:47 - 2014-05-09 12:46 - 05200039 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-09 12:40 - 2014-05-07 19:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nico Mak Computing
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\rjvecso
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\lye
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\bwdnd
2014-05-09 12:38 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\hfypf
2014-05-09 12:38 - 2014-05-06 14:21 - 00000000 ____D () C:\ProgramData\ixvma
2014-05-09 12:38 - 2014-05-06 11:49 - 00000000 ____D () C:\ProgramData\laabi
2014-05-09 12:37 - 2014-05-07 15:36 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition
2014-05-08 13:01 - 2014-05-08 13:01 - 00028866 _____ () C:\Users\User\Desktop\Avira3.LOG
2014-05-08 12:59 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\qlfvcw
2014-05-08 12:59 - 2014-05-07 03:18 - 00000000 ____D () C:\ProgramData\crucgl
2014-05-08 12:59 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\tso
2014-05-08 12:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 11:48 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\dfqdi
2014-05-08 11:44 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\fsstws
2014-05-08 11:44 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\nrgxu
2014-05-08 11:25 - 2014-05-08 11:25 - 00000242 _____ () C:\Users\User\Desktop\defogger_enable.log
2014-05-08 11:14 - 2014-05-08 11:14 - 00031325 _____ () C:\Users\User\Desktop\Gmer.txt
2014-05-08 11:02 - 2014-05-07 19:18 - 00000000 ____D () C:\ProgramData\laab
2014-05-08 10:52 - 2014-05-08 10:37 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-08 10:33 - 2014-05-08 10:33 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2014-05-08 07:42 - 2014-05-08 07:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HiJackThis204.exe
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\scjpwjq
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\pabpao
2014-05-08 06:05 - 2014-05-08 06:05 - 00017488 _____ () C:\Users\User\Desktop\AVira2.LOG
2014-05-07 23:53 - 2014-05-07 23:17 - 00000000 ____D () C:\Windows\pss
2014-05-07 20:56 - 2014-05-07 20:56 - 00013416 _____ () C:\Users\User\Desktop\AVSCAN.LOG
2014-05-07 19:47 - 2014-05-07 19:47 - 00011383 _____ () C:\Users\User\Documents\Gmer.txt
2014-05-07 19:38 - 2014-05-07 19:38 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe
2014-05-07 19:32 - 2014-05-07 19:32 - 00023928 _____ () C:\Users\User\Desktop\Addition.txt
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-07 19:16 - 2014-05-07 19:16 - 00002999 _____ () C:\Users\User\Desktop\log.xml
2014-05-07 19:05 - 2014-05-07 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\User\Desktop\wzmp_8.exe
2014-05-07 17:51 - 2014-05-06 11:49 - 00000000 ___HD () C:\Users\User\AppData\Local\Atoqa
2014-05-07 15:49 - 2014-01-25 18:22 - 00126408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-07 15:48 - 2009-07-14 06:45 - 00522520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 15:43 - 2013-10-01 06:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-07 15:37 - 2014-05-07 15:37 - 00002114 _____ () C:\Users\Public\Desktop\Starmoney9.0.lnk
2014-05-07 15:37 - 2014-05-07 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0 S-Edition
2014-05-07 15:37 - 2014-03-30 14:29 - 00000000 ____D () C:\ProgramData\StarMoney 9.0
2014-05-07 15:37 - 2009-07-14 04:34 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-05-07 14:59 - 2014-05-07 14:59 - 00000636 _____ () C:\Windows\HBCIKRNL.INI
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Identive
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\Program Files (x86)\Identive
2014-05-07 10:29 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\mqncoa
2014-05-07 07:12 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\jqiwjns
2014-05-07 07:08 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\ninpbxk
2014-05-07 07:08 - 2014-05-06 12:11 - 00000000 ___HD () C:\Users\User\AppData\Local\Gjefwklvpu
2014-05-07 03:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-07 03:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-07 03:16 - 2014-05-07 03:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:54 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\shfkve
2014-05-06 19:54 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\vcsjde
2014-05-06 16:40 - 2014-04-21 14:37 - 00000154 _____ () C:\Windows\Brfaxrx.ini
2014-05-06 14:21 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\ufr
2014-05-06 12:21 - 2014-05-06 12:21 - 00002237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00002231 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Users\User\AppData\Local\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-05-06 12:21 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 12:19 - 2014-05-06 12:16 - 43543552 _____ () C:\Users\User\Downloads\wz180gev-32.msi
2014-05-06 12:17 - 2014-03-31 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-06 12:17 - 2014-03-31 17:00 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-06 12:10 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-06 11:55 - 2014-05-06 11:55 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-04 14:08 - 2014-03-30 14:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-01 18:06 - 2014-05-01 17:56 - 00013606 _____ () C:\Users\User\#Umrisse.dxf
2014-05-01 17:51 - 2014-05-01 17:51 - 00013594 _____ () C:\Users\User\Umrisse.dxf
2014-04-30 17:08 - 2014-04-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 14:17 - 2014-03-30 14:31 - 00000000 ____D () C:\Users\User\AppData\Local\Thunderbird
2014-04-29 16:01 - 2014-05-07 11:16 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-07 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-07 11:16 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-07 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 09:35 - 2014-04-02 22:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 09:35 - 2014-04-02 22:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 09:35 - 2014-04-02 22:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 07:22 - 2014-03-30 14:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-29 07:22 - 2014-03-30 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-29 07:22 - 2014-03-30 14:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-29 07:22 - 2014-03-30 14:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-27 12:57 - 2014-04-27 12:57 - 00001447 _____ () C:\Users\User\Desktop\PC-FAX Rx - Verknüpfung.lnk
2014-04-27 12:54 - 2014-04-18 13:14 - 00000000 ____D () C:\Users\User\AppData\Local\FRITZ!
2014-04-21 14:40 - 2014-04-21 14:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\ControlCenter4
2014-04-21 14:38 - 2014-04-21 14:38 - 00002140 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-04-21 14:38 - 2014-04-21 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-04-21 14:38 - 2014-03-30 14:57 - 00000969 _____ () C:\Windows\Brpfx04a.ini
2014-04-21 14:38 - 2014-03-30 14:57 - 00000130 _____ () C:\Windows\brpcfx.ini
2014-04-21 14:38 - 2014-03-30 14:49 - 00002954 _____ () C:\Windows\BRPARAM.INI
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Brother
2014-04-21 14:37 - 2014-03-30 14:56 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-04-21 14:37 - 2014-03-30 14:48 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\InstallShield
2014-04-21 14:21 - 2014-04-21 14:21 - 00001054 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-04-21 14:18 - 2014-04-21 14:12 - 64052804 _____ (A.I.SOFT,INC.) C:\Users\User\Downloads\CC4updater_424091.EXE
2014-04-18 13:15 - 2014-04-18 13:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\FRITZ!
2014-04-18 13:14 - 2014-04-18 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2014-04-18 13:14 - 2014-04-18 13:13 - 00000000 ____D () C:\Program Files (x86)\FRITZ!
2014-04-18 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-18 13:11 - 2014-04-18 12:59 - 00011376 _____ () C:\Windows\avmcoins.log
2014-04-18 13:09 - 2014-04-18 13:09 - 00000224 _____ () C:\Windows\setup.log
2014-04-18 13:08 - 2014-04-18 13:06 - 18232168 _____ (AVM Berlin ) C:\Users\User\Downloads\FRITZ!fax_3.07.04.exe
2014-04-16 08:45 - 2014-04-16 08:45 - 00000814 _____ () C:\Users\User\Desktop\EigDat2013 - Verknüpfung.lnk
2014-04-14 04:24 - 2014-05-06 14:46 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 14:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 19:25 - 2014-03-30 15:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-11 08:25 - 2014-04-11 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-04-10 16:49 - 2014-03-31 09:20 - 00000000 ____D () C:\Bürodaten14
2014-04-10 10:36 - 2014-04-10 10:36 - 00001238 _____ () C:\Users\User\Desktop\KLAES 6.8 2010.lnk
2014-04-10 10:36 - 2014-04-10 10:36 - 00000028 _____ () C:\Windows\ODBC.INI
2014-04-10 10:21 - 2014-03-31 15:42 - 00000000 ____D () C:\KLAESWH
2014-04-10 03:01 - 2013-10-01 15:22 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 03:01 - 2013-10-01 15:22 - 00000000 ____D () C:\Windows\system32\MRT

Files to move or delete:
====================
C:\Users\LibreCAD\D3DCompiler_43.dll
C:\Users\LibreCAD\libwinpthread-1.dll
C:\Users\LibreCAD\Qt5CLucene.dll
C:\Users\LibreCAD\Qt5Declarative.dll
C:\Users\LibreCAD\Qt5Gui.dll
C:\Users\LibreCAD\Qt5Help.dll
C:\Users\LibreCAD\Qt5Network.dll
C:\Users\LibreCAD\Qt5OpenGL.dll
C:\Users\LibreCAD\Qt5PrintSupport.dll
C:\Users\LibreCAD\Qt5Script.dll
C:\Users\LibreCAD\Qt5Sql.dll
C:\Users\LibreCAD\Qt5Svg.dll
C:\Users\LibreCAD\Qt5Widgets.dll
C:\Users\LibreCAD\Qt5Xml.dll
C:\Users\LibreCAD\Qt5XmlPatterns.dll


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 07:46

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 11.05.2014 12:17

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

matze0816 11.05.2014 16:36
Hallo,

wie gewünscht wieder die Log-Dateien.

Der Avira Live-Scanner meldet sich zumindest nicht mehr, von dem her scheint es mit dem Problem besser zu werden! :)

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1b7f851f49f5a3458f7c890febd8171b
# engine=18216
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-11 12:35:17
# local_time=2014-05-11 02:35:17 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 88609 6494053 81384 0
# compatibility_mode=5893 16776574 100 94 3617982 151441567 0 0
# scanned=227633
# found=1
# cleaned=0
# scan_time=4047
sh=C90A3A8117EA8A1A40600FEFC13F5DAEF38F6D31 ft=1 fh=d643e915fb827735 vn="Win32/Adware.Yontoo.D Anwendung" ac=I fn="D:\Spirituell\R.B. - Botschaften der geistigen Welt\IlemiTVApp_setup(21).exe"
Code:
Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 13.0.0.206 
 Mozilla Firefox (28.0)
 Mozilla Thunderbird (24.5.0)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
 StarMoney 9.0 S-Edition ouservice StarMoneyOnlineUpdate.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by User (administrator) on WINDOWS-C24H7VG on 11-05-2014 17:11:39
Running from C:\Users\User\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-04-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fj36m6ci.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [125008 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 msftesql$KLAES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)
R2 MSSQL$KLAES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-01] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-01] (SafeNet Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-02-01] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 17:11 - 2014-05-11 17:11 - 00011850 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-11 17:09 - 2014-05-11 17:09 - 00000947 _____ () C:\Users\User\Desktop\checkup.txt
2014-05-11 13:24 - 2014-05-11 13:24 - 00855379 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-05-11 13:22 - 2014-05-11 14:35 - 00000913 _____ () C:\Users\User\Desktop\ESET (2).txt
2014-05-11 13:21 - 2014-05-11 13:22 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2014-05-10 13:50 - 2014-05-10 13:50 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2014-05-10 13:49 - 2014-05-10 13:49 - 00000896 _____ () C:\Users\User\Desktop\JRT.txt
2014-05-10 13:46 - 2014-05-10 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 13:44 - 2014-05-10 13:44 - 00001220 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2014-05-10 13:39 - 2014-05-10 13:41 - 00000000 ____D () C:\AdwCleaner
2014-05-10 13:38 - 2014-05-10 13:38 - 00008032 _____ () C:\Users\User\Desktop\mbam.txt
2014-05-10 13:26 - 2014-05-11 13:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 13:26 - 2014-05-10 13:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 13:26 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-10 13:26 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-10 13:26 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 13:24 - 2014-05-10 13:24 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-05-10 13:23 - 2014-05-10 13:23 - 01316991 _____ () C:\Users\User\Desktop\adwcleaner.exe
2014-05-10 13:22 - 2014-05-10 13:23 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-09 13:18 - 2014-05-09 13:18 - 00027510 _____ () C:\Users\User\Desktop\combofix2.txt
2014-05-09 13:17 - 2014-05-09 13:17 - 00027510 _____ () C:\ComboFix.txt
2014-05-09 13:04 - 2014-05-09 13:04 - 00028621 _____ () C:\Users\User\Desktop\combofix.txt
2014-05-09 12:55 - 2014-05-09 13:17 - 00000000 ____D () C:\Qoobox
2014-05-09 12:55 - 2014-05-09 13:02 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 12:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-09 12:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-09 12:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-09 12:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-09 12:46 - 2014-05-09 12:47 - 05200039 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\rjvecso
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\lye
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\bwdnd
2014-05-08 13:01 - 2014-05-08 13:01 - 00028866 _____ () C:\Users\User\Desktop\Avira3.LOG
2014-05-08 11:44 - 2014-05-09 12:48 - 00000000 ____D () C:\ProgramData\fce
2014-05-08 11:25 - 2014-05-08 11:25 - 00000242 _____ () C:\Users\User\Desktop\defogger_enable.log
2014-05-08 11:14 - 2014-05-08 11:14 - 00031325 _____ () C:\Users\User\Desktop\Gmer.txt
2014-05-08 10:37 - 2014-05-08 10:52 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-08 10:33 - 2014-05-08 10:33 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2014-05-08 07:42 - 2014-05-08 07:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HiJackThis204.exe
2014-05-08 07:34 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\hfypf
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\scjpwjq
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\pabpao
2014-05-08 06:05 - 2014-05-08 06:05 - 00017488 _____ () C:\Users\User\Desktop\AVira2.LOG
2014-05-07 23:17 - 2014-05-07 23:53 - 00000000 ____D () C:\Windows\pss
2014-05-07 20:56 - 2014-05-07 20:56 - 00013416 _____ () C:\Users\User\Desktop\AVSCAN.LOG
2014-05-07 19:47 - 2014-05-07 19:47 - 00011383 _____ () C:\Users\User\Documents\Gmer.txt
2014-05-07 19:38 - 2014-05-07 19:38 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe
2014-05-07 19:32 - 2014-05-11 17:11 - 00000000 ____D () C:\FRST
2014-05-07 19:32 - 2014-05-10 13:51 - 00045868 _____ () C:\Users\User\Desktop\FRST2.txt
2014-05-07 19:32 - 2014-05-10 13:51 - 00013074 _____ () C:\Users\User\Desktop\Addition.txt
2014-05-07 19:30 - 2014-05-10 13:50 - 02065408 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-07 19:18 - 2014-05-08 11:02 - 00000000 ____D () C:\ProgramData\laab
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-07 19:16 - 2014-05-07 19:16 - 00002999 _____ () C:\Users\User\Desktop\log.xml
2014-05-07 19:06 - 2014-05-09 12:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nico Mak Computing
2014-05-07 19:05 - 2014-05-07 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\User\Desktop\wzmp_8.exe
2014-05-07 15:37 - 2014-05-07 15:37 - 00002114 _____ () C:\Users\Public\Desktop\Starmoney9.0.lnk
2014-05-07 15:37 - 2014-05-07 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0 S-Edition
2014-05-07 15:36 - 2014-05-09 12:37 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition
2014-05-07 14:59 - 2014-05-07 14:59 - 00000636 _____ () C:\Windows\HBCIKRNL.INI
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Identive
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\Program Files (x86)\Identive
2014-05-07 14:59 - 2012-08-14 18:05 - 00346512 _____ (SCM Microsystems Inc.) C:\Windows\system32\MCSCM.dll
2014-05-07 11:17 - 2014-05-08 12:59 - 00000000 ____D () C:\ProgramData\qlfvcw
2014-05-07 11:16 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 11:16 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-07 11:16 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-07 11:16 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-07 10:29 - 2014-05-08 11:48 - 00000000 ____D () C:\ProgramData\dfqdi
2014-05-07 10:29 - 2014-05-08 11:44 - 00000000 ____D () C:\ProgramData\fsstws
2014-05-07 10:29 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\mqncoa
2014-05-07 03:18 - 2014-05-08 12:59 - 00000000 ____D () C:\ProgramData\crucgl
2014-05-07 03:16 - 2014-05-07 03:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 03:00 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 03:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 03:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 03:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 03:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 03:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 03:00 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 03:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 03:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 03:00 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 03:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 03:00 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 03:00 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 03:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 03:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 03:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 03:00 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 03:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 03:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 03:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 03:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 03:00 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 03:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 03:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 03:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 03:00 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 03:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 03:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 03:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 03:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 03:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 03:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 03:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 03:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 03:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 03:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 03:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 03:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 03:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 03:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-06 19:54 - 2014-05-08 12:59 - 00000000 ____D () C:\ProgramData\tso
2014-05-06 19:54 - 2014-05-08 11:44 - 00000000 ____D () C:\ProgramData\nrgxu
2014-05-06 19:54 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\shfkve
2014-05-06 14:46 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 14:46 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 14:21 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\ixvma
2014-05-06 14:20 - 2014-05-07 07:12 - 00000000 ____D () C:\ProgramData\jqiwjns
2014-05-06 14:20 - 2014-05-07 07:08 - 00000000 ____D () C:\ProgramData\ninpbxk
2014-05-06 14:20 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\vcsjde
2014-05-06 14:20 - 2014-05-06 14:21 - 00000000 ____D () C:\ProgramData\ufr
2014-05-06 12:21 - 2014-05-06 12:21 - 00002237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00002231 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Users\User\AppData\Local\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-05-06 12:16 - 2014-05-06 12:19 - 43543552 _____ () C:\Users\User\Downloads\wz180gev-32.msi
2014-05-06 12:11 - 2014-05-07 07:08 - 00000000 ___HD () C:\Users\User\AppData\Local\Gjefwklvpu
2014-05-06 11:55 - 2014-05-06 11:55 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-06 11:49 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\laabi
2014-05-06 11:49 - 2014-05-07 17:51 - 00000000 ___HD () C:\Users\User\AppData\Local\Atoqa
2014-05-01 17:56 - 2014-05-01 18:06 - 00013606 _____ () C:\Users\User\#Umrisse.dxf
2014-05-01 17:51 - 2014-05-01 17:51 - 00013594 _____ () C:\Users\User\Umrisse.dxf
2014-04-30 15:18 - 2014-04-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-27 12:57 - 2014-04-27 12:57 - 00001447 _____ () C:\Users\User\Desktop\PC-FAX Rx - Verknüpfung.lnk
2014-04-21 14:40 - 2014-04-21 14:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\ControlCenter4
2014-04-21 14:38 - 2014-04-21 14:38 - 00002140 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-04-21 14:38 - 2014-04-21 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-04-21 14:37 - 2014-05-06 16:40 - 00000154 _____ () C:\Windows\Brfaxrx.ini
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Brother
2014-04-21 14:37 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2014-04-21 14:37 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2014-04-21 14:37 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2014-04-21 14:37 - 2010-02-05 04:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2014-04-21 14:37 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\InstallShield
2014-04-21 14:21 - 2014-04-21 14:21 - 00001054 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-04-21 14:20 - 2014-02-18 03:44 - 65158728 _____ (Macrovision Corporation) C:\Users\User\Downloads\ControlCenter4 Updater.exe
2014-04-21 14:12 - 2014-04-21 14:18 - 64052804 _____ (A.I.SOFT,INC.) C:\Users\User\Downloads\CC4updater_424091.EXE
2014-04-18 13:14 - 2014-04-27 12:54 - 00000000 ____D () C:\Users\User\AppData\Local\FRITZ!
2014-04-18 13:14 - 2014-04-18 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2014-04-18 13:13 - 2014-04-18 13:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\FRITZ!
2014-04-18 13:13 - 2014-04-18 13:14 - 00000000 ____D () C:\Program Files (x86)\FRITZ!
2014-04-18 13:13 - 2000-01-07 02:09 - 00114688 _____ (AVM Berlin GmbH) C:\Windows\SysWOW64\Fridru32.dll
2014-04-18 13:13 - 2000-01-07 02:09 - 00032768 _____ (AVM Berlin GmbH) C:\Windows\SysWOW64\FritzPort.dll
2014-04-18 13:13 - 1999-12-01 13:30 - 00040960 _____ (AVM Berlin GmbH) C:\Windows\SysWOW64\I2err32.dll
2014-04-18 13:09 - 2014-04-18 13:09 - 00000224 _____ () C:\Windows\setup.log
2014-04-18 13:06 - 2014-04-18 13:08 - 18232168 _____ (AVM Berlin ) C:\Users\User\Downloads\FRITZ!fax_3.07.04.exe
2014-04-18 12:59 - 2014-04-18 13:11 - 00011376 _____ () C:\Windows\avmcoins.log
2014-04-16 08:45 - 2014-04-16 08:45 - 00000814 _____ () C:\Users\User\Desktop\EigDat2013 - Verknüpfung.lnk
2014-04-11 08:24 - 2014-04-11 08:25 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-05-11 17:11 - 2014-05-11 17:11 - 00011850 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-11 17:11 - 2014-05-07 19:32 - 00000000 ____D () C:\FRST
2014-05-11 17:09 - 2014-05-11 17:09 - 00000947 _____ () C:\Users\User\Desktop\checkup.txt
2014-05-11 16:33 - 2014-04-02 22:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 14:35 - 2014-05-11 13:22 - 00000913 _____ () C:\Users\User\Desktop\ESET (2).txt
2014-05-11 13:55 - 2014-01-25 18:21 - 01276125 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 13:27 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 13:27 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 13:25 - 2013-01-28 09:48 - 00787386 _____ () C:\Windows\system32\perfh007.dat
2014-05-11 13:25 - 2013-01-28 09:48 - 00180040 _____ () C:\Windows\system32\perfc007.dat
2014-05-11 13:25 - 2009-07-14 07:13 - 01852362 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 13:24 - 2014-05-11 13:24 - 00855379 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-05-11 13:22 - 2014-05-11 13:21 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2014-05-11 13:21 - 2014-05-10 13:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 13:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 13:19 - 2009-07-14 06:51 - 00060153 _____ () C:\Windows\setupact.log
2014-05-10 16:24 - 2014-04-10 10:36 - 00000028 _____ () C:\Windows\ODBC.INI
2014-05-10 13:51 - 2014-05-07 19:32 - 00045868 _____ () C:\Users\User\Desktop\FRST2.txt
2014-05-10 13:51 - 2014-05-07 19:32 - 00013074 _____ () C:\Users\User\Desktop\Addition.txt
2014-05-10 13:50 - 2014-05-10 13:50 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2014-05-10 13:50 - 2014-05-07 19:30 - 02065408 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-10 13:49 - 2014-05-10 13:49 - 00000896 _____ () C:\Users\User\Desktop\JRT.txt
2014-05-10 13:46 - 2014-05-10 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 13:44 - 2014-05-10 13:44 - 00001220 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2014-05-10 13:41 - 2014-05-10 13:39 - 00000000 ____D () C:\AdwCleaner
2014-05-10 13:41 - 2010-11-21 05:47 - 00114932 _____ () C:\Windows\PFRO.log
2014-05-10 13:38 - 2014-05-10 13:38 - 00008032 _____ () C:\Users\User\Desktop\mbam.txt
2014-05-10 13:26 - 2014-05-10 13:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 13:26 - 2014-05-10 13:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 13:24 - 2014-05-10 13:24 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-05-10 13:23 - 2014-05-10 13:23 - 01316991 _____ () C:\Users\User\Desktop\adwcleaner.exe
2014-05-10 13:23 - 2014-05-10 13:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-09 13:18 - 2014-05-09 13:18 - 00027510 _____ () C:\Users\User\Desktop\combofix2.txt
2014-05-09 13:17 - 2014-05-09 13:17 - 00027510 _____ () C:\ComboFix.txt
2014-05-09 13:17 - 2014-05-09 12:55 - 00000000 ____D () C:\Qoobox
2014-05-09 13:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-09 13:04 - 2014-05-09 13:04 - 00028621 _____ () C:\Users\User\Desktop\combofix.txt
2014-05-09 13:03 - 2014-03-31 08:23 - 00000000 ____D () C:\Users\LibreCAD
2014-05-09 13:03 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-09 13:02 - 2014-05-09 12:55 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 12:48 - 2014-05-08 11:44 - 00000000 ____D () C:\ProgramData\fce
2014-05-09 12:47 - 2014-05-09 12:46 - 05200039 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-09 12:40 - 2014-05-07 19:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nico Mak Computing
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\rjvecso
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\lye
2014-05-09 12:38 - 2014-05-09 12:38 - 00000000 ____D () C:\ProgramData\bwdnd
2014-05-09 12:38 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\hfypf
2014-05-09 12:38 - 2014-05-06 14:21 - 00000000 ____D () C:\ProgramData\ixvma
2014-05-09 12:38 - 2014-05-06 11:49 - 00000000 ____D () C:\ProgramData\laabi
2014-05-09 12:37 - 2014-05-07 15:36 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition
2014-05-08 13:01 - 2014-05-08 13:01 - 00028866 _____ () C:\Users\User\Desktop\Avira3.LOG
2014-05-08 12:59 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\qlfvcw
2014-05-08 12:59 - 2014-05-07 03:18 - 00000000 ____D () C:\ProgramData\crucgl
2014-05-08 12:59 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\tso
2014-05-08 12:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 11:48 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\dfqdi
2014-05-08 11:44 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\fsstws
2014-05-08 11:44 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\nrgxu
2014-05-08 11:25 - 2014-05-08 11:25 - 00000242 _____ () C:\Users\User\Desktop\defogger_enable.log
2014-05-08 11:14 - 2014-05-08 11:14 - 00031325 _____ () C:\Users\User\Desktop\Gmer.txt
2014-05-08 11:02 - 2014-05-07 19:18 - 00000000 ____D () C:\ProgramData\laab
2014-05-08 10:52 - 2014-05-08 10:37 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-08 10:33 - 2014-05-08 10:33 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2014-05-08 07:42 - 2014-05-08 07:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HiJackThis204.exe
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\scjpwjq
2014-05-08 07:34 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\pabpao
2014-05-08 06:05 - 2014-05-08 06:05 - 00017488 _____ () C:\Users\User\Desktop\AVira2.LOG
2014-05-07 23:53 - 2014-05-07 23:17 - 00000000 ____D () C:\Windows\pss
2014-05-07 20:56 - 2014-05-07 20:56 - 00013416 _____ () C:\Users\User\Desktop\AVSCAN.LOG
2014-05-07 19:47 - 2014-05-07 19:47 - 00011383 _____ () C:\Users\User\Documents\Gmer.txt
2014-05-07 19:38 - 2014-05-07 19:38 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-07 19:17 - 2014-05-07 19:17 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-07 19:16 - 2014-05-07 19:16 - 00002999 _____ () C:\Users\User\Desktop\log.xml
2014-05-07 19:05 - 2014-05-07 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\User\Desktop\wzmp_8.exe
2014-05-07 17:51 - 2014-05-06 11:49 - 00000000 ___HD () C:\Users\User\AppData\Local\Atoqa
2014-05-07 15:49 - 2014-01-25 18:22 - 00126408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-07 15:48 - 2009-07-14 06:45 - 00522520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 15:43 - 2013-10-01 06:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-07 15:37 - 2014-05-07 15:37 - 00002114 _____ () C:\Users\Public\Desktop\Starmoney9.0.lnk
2014-05-07 15:37 - 2014-05-07 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0 S-Edition
2014-05-07 15:37 - 2014-03-30 14:29 - 00000000 ____D () C:\ProgramData\StarMoney 9.0
2014-05-07 15:37 - 2009-07-14 04:34 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-05-07 14:59 - 2014-05-07 14:59 - 00000636 _____ () C:\Windows\HBCIKRNL.INI
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Identive
2014-05-07 14:59 - 2014-05-07 14:59 - 00000000 ____D () C:\Program Files (x86)\Identive
2014-05-07 10:29 - 2014-05-07 10:29 - 00000000 ____D () C:\ProgramData\mqncoa
2014-05-07 07:12 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\jqiwjns
2014-05-07 07:08 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\ninpbxk
2014-05-07 07:08 - 2014-05-06 12:11 - 00000000 ___HD () C:\Users\User\AppData\Local\Gjefwklvpu
2014-05-07 03:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-07 03:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-07 03:16 - 2014-05-07 03:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:54 - 2014-05-06 19:54 - 00000000 ____D () C:\ProgramData\shfkve
2014-05-06 19:54 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\vcsjde
2014-05-06 16:40 - 2014-04-21 14:37 - 00000154 _____ () C:\Windows\Brfaxrx.ini
2014-05-06 14:21 - 2014-05-06 14:20 - 00000000 ____D () C:\ProgramData\ufr
2014-05-06 12:21 - 2014-05-06 12:21 - 00002237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00002231 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Users\User\AppData\Local\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-06 12:21 - 2014-05-06 12:21 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-05-06 12:21 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 12:19 - 2014-05-06 12:16 - 43543552 _____ () C:\Users\User\Downloads\wz180gev-32.msi
2014-05-06 12:17 - 2014-03-31 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-06 12:17 - 2014-03-31 17:00 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-06 12:10 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-06 11:55 - 2014-05-06 11:55 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-04 14:08 - 2014-03-30 14:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-01 18:06 - 2014-05-01 17:56 - 00013606 _____ () C:\Users\User\#Umrisse.dxf
2014-05-01 17:51 - 2014-05-01 17:51 - 00013594 _____ () C:\Users\User\Umrisse.dxf
2014-04-30 17:08 - 2014-04-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 14:17 - 2014-03-30 14:31 - 00000000 ____D () C:\Users\User\AppData\Local\Thunderbird
2014-04-29 16:01 - 2014-05-07 11:16 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-07 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-07 11:16 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-07 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 09:35 - 2014-04-02 22:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 09:35 - 2014-04-02 22:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 09:35 - 2014-04-02 22:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 07:22 - 2014-03-30 14:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-29 07:22 - 2014-03-30 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-29 07:22 - 2014-03-30 14:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-29 07:22 - 2014-03-30 14:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-27 12:57 - 2014-04-27 12:57 - 00001447 _____ () C:\Users\User\Desktop\PC-FAX Rx - Verknüpfung.lnk
2014-04-27 12:54 - 2014-04-18 13:14 - 00000000 ____D () C:\Users\User\AppData\Local\FRITZ!
2014-04-21 14:40 - 2014-04-21 14:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\ControlCenter4
2014-04-21 14:38 - 2014-04-21 14:38 - 00002140 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-04-21 14:38 - 2014-04-21 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-04-21 14:38 - 2014-03-30 14:57 - 00000969 _____ () C:\Windows\Brpfx04a.ini
2014-04-21 14:38 - 2014-03-30 14:57 - 00000130 _____ () C:\Windows\brpcfx.ini
2014-04-21 14:38 - 2014-03-30 14:49 - 00002954 _____ () C:\Windows\BRPARAM.INI
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-04-21 14:37 - 2014-04-21 14:37 - 00000000 ____D () C:\Brother
2014-04-21 14:37 - 2014-03-30 14:56 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-04-21 14:37 - 2014-03-30 14:48 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\InstallShield
2014-04-21 14:21 - 2014-04-21 14:21 - 00001054 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-21 14:21 - 2014-04-21 14:21 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-04-21 14:18 - 2014-04-21 14:12 - 64052804 _____ (A.I.SOFT,INC.) C:\Users\User\Downloads\CC4updater_424091.EXE
2014-04-18 13:15 - 2014-04-18 13:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\FRITZ!
2014-04-18 13:14 - 2014-04-18 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2014-04-18 13:14 - 2014-04-18 13:13 - 00000000 ____D () C:\Program Files (x86)\FRITZ!
2014-04-18 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-18 13:11 - 2014-04-18 12:59 - 00011376 _____ () C:\Windows\avmcoins.log
2014-04-18 13:09 - 2014-04-18 13:09 - 00000224 _____ () C:\Windows\setup.log
2014-04-18 13:08 - 2014-04-18 13:06 - 18232168 _____ (AVM Berlin ) C:\Users\User\Downloads\FRITZ!fax_3.07.04.exe
2014-04-16 08:45 - 2014-04-16 08:45 - 00000814 _____ () C:\Users\User\Desktop\EigDat2013 - Verknüpfung.lnk
2014-04-14 04:24 - 2014-05-06 14:46 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 14:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 19:25 - 2014-03-30 15:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-11 08:25 - 2014-04-11 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe

Files to move or delete:
====================
C:\Users\LibreCAD\D3DCompiler_43.dll
C:\Users\LibreCAD\libwinpthread-1.dll
C:\Users\LibreCAD\Qt5CLucene.dll
C:\Users\LibreCAD\Qt5Declarative.dll
C:\Users\LibreCAD\Qt5Gui.dll
C:\Users\LibreCAD\Qt5Help.dll
C:\Users\LibreCAD\Qt5Network.dll
C:\Users\LibreCAD\Qt5OpenGL.dll
C:\Users\LibreCAD\Qt5PrintSupport.dll
C:\Users\LibreCAD\Qt5Script.dll
C:\Users\LibreCAD\Qt5Sql.dll
C:\Users\LibreCAD\Qt5Svg.dll
C:\Users\LibreCAD\Qt5Widgets.dll
C:\Users\LibreCAD\Qt5Xml.dll
C:\Users\LibreCAD\Qt5XmlPatterns.dll


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-10 14:17

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 12.05.2014 13:36
Den einen Fund auf D manuell löschen.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

matze0816 12.05.2014 16:33
Hallo schrauber,

vielen Dank nochmal für deine Hilfe. Meine Eltern haben die letzten Schritte wie beschrieben durchgeführt. Beim "re-enable" von defrogger gab es laut ihrer Schilderung jedoch eine Fehlermeldung, daher bin ich mir jetzt nicht mehr sicher, ob sie bei den ersten Scans die Laufwerksemulation wirklich ausgeschaltet haben.

Kann nochmal geprüft werden, ob das Ganze wirklich funktioniert hat?

Gruß
matze

schrauber 13.05.2014 12:25
die Fehlermeldung kam weil gar nichts deaktiviert wurde, sie aller erstes log von Defogger :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131