Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner TR/Zusy... und AgentCV.A.11125 durch Download bei Giga.de (https://www.trojaner-board.de/158796-trojaner-tr-zusy-agentcv-a-11125-download-giga-de.html)

JamesH85 16.09.2014 19:49
Trojaner TR/Zusy... und AgentCV.A.11125 durch Download bei Giga.de
 
Liebes Forum,

ich habe schon desöfteren mitgelesen, benötige nun aber selbst Hilfe. Vor einigen Stunden downloadete ich mir das Programm "TubeBox" auf der Giga Software-Webseite, die ich eigentlich für sicher erachtete - bisher. Nach dem Download und der Installation wunderte ich mich über neue Symbole auf dem Desktop, die sehr nach Spam aussahen. Anschließend schlug mein Virenscanner (Avira AntiVir) Alarm - die Dateien "TR/Zusy .. (eine Zahl)" sowie "AgentCV.A.11125" wurden entdeckt. Ich habe anschließend mit Malwarebytes AntiMalware gescannt, ohne Ergebnis. Anschließend starte ich den Avira AntiVir Scanner erneut, der bei 91% ca. 1 Stunde verharrte - die Datei, bei der er stockte, sah dem Virenscanner zugehörig aus ("avscan" oder so ähnlich).

Nun habe ich ein Logfile mit HijackThis erstellt, die ich hochlade. Ich hoffe nicht, dass mein PC infiziert ist...

Beste Grüße und vielen Dank für etwaige Hilfestellungen!

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:32:04, on 16.09.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\user\AppData\Local\Temp\DMR\dmr_72.exe
C:\Users\user\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://***/imperia/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Imperia OneClickEdit - {D14BBB5D-6857-4959-A586-82ABD4BD8BBA} - C:\Program Files\Imperia\OneClickEdit\LiveEdit0.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ACF5175-77C5-4E90-9AD1-3DE07C84CE84}: NameServer = 62.109.121.1 62.109.121.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ACF5175-77C5-4E90-9AD1-3DE07C84CE84}: NameServer = 62.109.121.1 62.109.121.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 7663 bytes

schrauber 16.09.2014 20:08
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


JamesH85 17.09.2014 16:59
Super, vielen lieben Dank. Allerdings scannt bei mir AntiVir noch nebenbei, hoffe das ist nicht schlimm. Anbei die Logfiles:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by user (administrator) on USER-PC on 16-09-2014 21:12:17
Running from C:\Users\user\Desktop\DOWNLOADS
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3074792076-4256691818-3474749184-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-3074792076-4256691818-3474749184-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3074792076-4256691818-3474749184-1000\...\MountPoints2: {654c296f-2436-11e2-b780-806e6f6e6963} - D:\hdclone.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://***/imperia/index.php
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3F01B86A6D63CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Imperia OneClickEdit - {D14BBB5D-6857-4959-A586-82ABD4BD8BBA} - C:\Program Files\Imperia\OneClickEdit\LiveEdit0.dll (Imperia AG)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{1ACF5175-77C5-4E90-9AD1-3DE07C84CE84}: [NameServer] 62.109.121.1 62.109.121.2

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792
FF NewTab: https://www.google.de
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HootBar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792\Extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}.xpi [2014-05-05]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl2121bc5f; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE5641DF-8506-4211-9E0F-F8B37806ECE4}\MpKsl2121bc5f.sys [39464 2014-09-16] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-07] (Avira GmbH)
S3 S6U12Scanner; system32\drivers\usbscan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 21:12 - 2014-09-16 21:12 - 00000000 ____D () C:\FRST
2014-09-16 20:30 - 2014-09-16 20:30 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 19:29 - 2014-09-16 20:29 - 00000007 _____ () C:\Users\user\Desktop\cc cleaner.txt
2014-09-16 18:15 - 2014-09-16 18:15 - 00000000 ____D () C:\Users\user\Documents\TubeBox
2014-09-16 18:12 - 2014-09-16 18:12 - 00000000 ____D () C:\Program Files\SoftwareUpdater
2014-09-16 18:10 - 2014-09-16 18:10 - 00000000 ____D () C:\Program Files\SearchProtect
2014-09-16 18:10 - 2014-09-16 18:10 - 00000000 _____ () C:\END
2014-09-16 17:06 - 2014-09-16 17:06 - 00000000 _____ () C:\Users\user\Desktop\<<<auf wunsch entfernt>>>.txt
2014-09-15 21:23 - 2014-09-15 21:23 - 00026156 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-11 23:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 23:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 23:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 23:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 23:30 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 23:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 23:30 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 23:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 23:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 23:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 23:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 23:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 23:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 23:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 23:30 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 23:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 23:30 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 23:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 23:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 23:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 23:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 23:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 23:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 23:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 23:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 23:30 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 23:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 23:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 23:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 23:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 23:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 21:28 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:28 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:28 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:28 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:28 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 19:48 - 2014-09-11 16:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-02 21:42 - 2014-09-13 10:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-28 14:14 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:14 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 17:26 - 2014-09-16 17:37 - 00000000 ____D () C:\Users\user\Desktop\HA
2014-08-25 14:20 - 2014-08-25 14:20 - 00000000 ___RD () C:\Sandbox
2014-08-25 14:17 - 2014-09-07 15:12 - 00001714 _____ () C:\Windows\Sandboxie.ini
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-25 14:09 - 2014-09-07 21:59 - 00007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-08-24 16:46 - 2014-08-24 16:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-24 16:01 - 2014-08-24 16:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-23 16:57 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 16:57 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 16:57 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 16:57 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 16:57 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 16:57 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 16:57 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 16:56 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 16:56 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 15:07 - 2014-08-20 15:07 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 21:12 - 2014-09-16 21:12 - 00000000 ____D () C:\FRST
2014-09-16 20:30 - 2014-09-16 20:30 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 20:29 - 2014-09-16 19:29 - 00000007 _____ () C:\Users\user\Desktop\cc cleaner.txt
2014-09-16 20:26 - 2009-07-14 06:34 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-16 20:26 - 2009-07-14 06:34 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-16 20:23 - 2013-05-08 22:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\FileZilla
2014-09-16 20:23 - 2012-07-16 17:15 - 01525239 ____N () C:\Windows\WindowsUpdate.log
2014-09-16 20:19 - 2013-05-07 19:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 20:18 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 18:52 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 18:46 - 2014-07-20 17:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 18:39 - 2013-10-31 15:33 - 00000000 ___RD () C:\Users\user\Desktop\TO DO'S
2014-09-16 18:25 - 2014-08-15 01:21 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-16 18:15 - 2014-09-16 18:15 - 00000000 ____D () C:\Users\user\Documents\TubeBox
2014-09-16 18:12 - 2014-09-16 18:12 - 00000000 ____D () C:\Program Files\SoftwareUpdater
2014-09-16 18:10 - 2014-09-16 18:10 - 00000000 ____D () C:\Program Files\SearchProtect
2014-09-16 18:10 - 2014-09-16 18:10 - 00000000 _____ () C:\END
2014-09-16 17:37 - 2014-08-25 17:26 - 00000000 ____D () C:\Users\user\Desktop\HA
2014-09-16 17:06 - 2014-09-16 17:06 - 00000000 _____ () C:\Users\user\Desktop\<<<auf wunsch entfernt>>>.txt
2014-09-15 21:23 - 2014-09-15 21:23 - 00026156 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-15 21:23 - 2013-05-07 21:52 - 00000000 ____D () C:\Users\user\.gimp-2.8
2014-09-14 14:04 - 2013-05-07 19:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-13 16:31 - 2013-05-08 22:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-13 16:31 - 2013-05-08 22:35 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-09-13 10:05 - 2014-09-02 21:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 18:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 16:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 23:32 - 2013-05-07 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 23:29 - 2013-10-03 11:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:26 - 2014-04-30 00:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 23:26 - 2012-07-16 17:39 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-11 16:50 - 2014-09-10 19:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-10 22:06 - 2012-07-17 11:30 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 22:06 - 2012-07-17 11:30 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-10 22:06 - 2012-07-17 11:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 00:19 - 2012-07-17 11:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 00:19 - 2012-07-17 11:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-07 21:59 - 2014-08-25 14:09 - 00007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-09-07 15:12 - 2014-08-25 14:17 - 00001714 _____ () C:\Windows\Sandboxie.ini
2014-09-05 03:52 - 2014-09-11 21:28 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 21:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-27 19:00 - 2013-05-07 19:23 - 00000000 ____D () C:\Users\user\AppData\Local\Thunderbird
2014-08-25 17:26 - 2014-01-21 21:31 - 00000831 _____ () C:\Users\user\Desktop\UNI.lnk
2014-08-25 17:18 - 2013-10-31 13:07 - 00002054 _____ () C:\Users\user\Desktop\SPD.lnk
2014-08-25 14:20 - 2014-08-25 14:20 - 00000000 ___RD () C:\Sandbox
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-24 20:58 - 2013-05-07 21:06 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2014-08-24 16:47 - 2013-11-18 00:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-24 16:46 - 2014-08-24 16:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-24 16:46 - 2013-05-07 19:17 - 00000000 ____D () C:\Program Files\Java
2014-08-24 16:41 - 2013-05-07 22:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-08-24 16:01 - 2014-08-24 16:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-24 16:01 - 2014-06-10 16:07 - 00000000 ___RD () C:\Program Files\Skype
2014-08-24 16:01 - 2013-05-07 22:14 - 00000000 ____D () C:\ProgramData\Skype
2014-08-23 03:46 - 2014-08-28 14:14 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 14:14 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 15:07 - 2014-08-20 15:07 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-08-19 19:39 - 2014-09-11 23:30 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-11 23:30 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-11 23:30 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-11 23:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-11 23:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-11 23:30 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-11 23:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-11 23:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 23:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 23:30 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-11 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 23:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-11 23:30 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-11 23:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-11 23:30 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-11 23:30 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-11 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-11 23:30 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-11 23:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 23:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-11 23:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 23:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-11 23:30 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-11 23:30 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 23:30 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-11 23:30 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-11 23:30 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-11 23:30 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-11 23:30 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-11 23:30 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 14:17

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by user at 2014-09-16 21:13:24
Running from C:\Users\user\Desktop\DOWNLOADS
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Avira (HKLM\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.9.0.5 (HKCU\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Books Downloader version 2.3 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Softpaq SP46134  (HKLM\...\SP46134) (Version:  - )
HP Softpaq SP46137  (HKLM\...\SP46137) (Version:  - )
Imperia OneClickEdit (remove only) (HKLM\...\OneClickEdit) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Joulemeter (HKLM\...\{E043568C-1745-4C69-9D52-43F6E79EB03B}) (Version: 1.2.0 - Microsoft Research)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pidgin (HKLM\...\Pidgin) (Version: 2.10.9 - )
PKR (HKLM\...\PKR) (Version:  - PKR Ltd)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerTH (HKLM\...\PokerTH 1.1.1) (Version: 1.1.1 - www.pokerth.net)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.12 (32-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6595 - Analog Devices)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3074792076-4256691818-3474749184-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3074792076-4256691818-3474749184-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3074792076-4256691818-3474749184-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3074792076-4256691818-3474749184-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3074792076-4256691818-3474749184-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3074792076-4256691818-3474749184-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-09-2014 07:24:35 Windows Update
09-09-2014 21:19:03 Windows Update
10-09-2014 20:05:23 Windows Update
11-09-2014 21:22:01 Windows Update
16-09-2014 14:53:47 Windows Update
16-09-2014 16:11:50 TubeBox
16-09-2014 16:24:33 TubeBox

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11E4E4ED-BA3A-42F4-8727-FF3466B3CCA0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {213C39D1-D624-4925-B931-CFAF85DBCD12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {2E3BA499-89D1-4203-86E0-D447D1286773} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {592E09FF-CFF5-494F-838B-9F8216C596EF} - System32\Tasks\{3C050036-0B95-4243-97FD-88C703E12D03} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {F53B2C0C-6655-4325-AF90-5EFE77D72A58} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2014-03-10] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-06 18:44 - 2014-09-06 18:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2014-08-15 01:21 - 2014-07-14 16:49 - 00049744 ____N () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-02-13 00:38 - 2014-02-13 00:38 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\21871ce315d4257cfe2052454e583368\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-13 00:39 - 2014-02-13 00:39 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\c94e1e76e67ad518b4310a539f072832\Kies.Theme.ni.dll
2014-02-13 00:38 - 2014-02-13 00:38 - 01842688 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\0107366ee1ddeb3e9873c6fac6344bc1\Kies.UI.ni.dll
2014-02-13 00:38 - 2014-02-13 00:38 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8375369d3ac9c732c2ec8f6b5c9f2bb8\Kies.MVVM.ni.dll
2014-02-13 00:39 - 2014-02-13 00:39 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2014-09-02 21:42 - 2014-09-13 10:05 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-09-10 00:19 - 2014-09-10 00:19 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: icq => C:\Users\user\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2014 08:21:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/16/2014 08:20:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/16/2014 08:20:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/16/2014 08:20:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 08:18:38 PM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (09/16/2014 08:16:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 14.0.6.548 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2cec

Startzeit: 01cfd1d1bbc2b112

Endzeit: 60000

Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: 681f8569-3dcd-11e4-bc53-001fd04ec986

Error: (09/16/2014 04:43:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/16/2014 04:42:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/16/2014 04:42:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/16/2014 04:42:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/16/2014 08:21:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (09/16/2014 08:20:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/16/2014 08:20:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/16/2014 06:26:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (09/16/2014 04:43:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (09/16/2014 04:42:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/16/2014 04:42:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/15/2014 09:32:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (09/15/2014 09:32:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (09/15/2014 09:32:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (12/02/2013 01:05:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 75%
Total physical RAM: 1884.24 MB
Available physical RAM: 454.64 MB
Total Pagefile: 3768.48 MB
Available Pagefile: 2026.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:80.24 GB) (Free:46.77 GB) NTFS
Drive e: (Sonstiges & Backup) (Fixed) (Total:48.83 GB) (Free:16.16 GB) NTFS
Drive f: (Wichtige Dateien) (Fixed) (Total:19.53 GB) (Free:12.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 234FA5EC)
Partition 1: (Active) - (Size=462 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Hmm und nun?

schrauber 18.09.2014 08:26
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

JamesH85 18.09.2014 17:00
Danke :) anbei der Log:

Code:
ComboFix 14-09-18.01 - user 18.09.2014  17:22:22.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1884.1164 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-18 bis 2014-09-18  ))))))))))))))))))))))))))))))
.
.
2014-09-18 15:30 . 2014-09-18 15:32        --------        d-----w-        c:\users\user\AppData\Local\temp
2014-09-17 20:44 . 2014-09-09 01:24        8806800        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F85E774-F1C0-4E3F-9DC5-AD59F30F38C1}\mpengine.dll
2014-09-16 19:12 . 2014-09-16 19:14        --------        d-----w-        C:\FRST
2014-09-16 16:12 . 2014-09-16 16:12        --------        d-----w-        c:\program files\SoftwareUpdater
2014-09-16 16:10 . 2014-09-16 16:10        --------        d-----w-        c:\program files\SearchProtect
2014-09-16 14:56 . 2014-09-16 14:54        908840        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74114408-BBCA-493F-8C2E-42C6D8A264B5}\gapaengine.dll
2014-09-16 14:55 . 2014-09-09 01:24        8806800        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-11 21:29 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-09-11 19:28 . 2014-07-07 01:40        1059840        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-11 19:28 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-11 19:28 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-09-11 19:28 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-09-11 19:28 . 2014-09-05 01:52        445952        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-11 19:28 . 2014-09-05 01:47        302592        ----a-w-        c:\windows\system32\aeinv.dll
2014-09-10 17:48 . 2014-09-11 14:50        --------        d-----w-        c:\program files\Mozilla Thunderbird
2014-08-28 12:14 . 2014-08-23 00:42        2352640        ----a-w-        c:\windows\system32\win32k.sys
2014-08-28 12:14 . 2014-08-23 01:46        305152        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-25 12:20 . 2014-08-25 12:20        --------        d-----r-        C:\Sandbox
2014-08-25 12:16 . 2014-08-25 12:16        --------        d-----w-        c:\program files\Sandboxie
2014-08-24 14:46 . 2014-08-24 14:46        --------        d-----w-        c:\program files\Common Files\Java
2014-08-24 14:46 . 2014-08-24 14:46        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2014-08-24 14:01 . 2014-08-24 14:01        --------        d-----w-        c:\program files\Common Files\Skype
2014-08-23 14:57 . 2014-05-14 16:23        45536        ----a-w-        c:\windows\system32\wups2.dll
2014-08-23 14:57 . 2014-05-14 16:23        54240        ----a-w-        c:\windows\system32\wuauclt.exe
2014-08-23 14:57 . 2014-05-14 16:23        1973728        ----a-w-        c:\windows\system32\wuaueng.dll
2014-08-23 14:57 . 2014-05-14 16:17        2425856        ----a-w-        c:\windows\system32\wucltux.dll
2014-08-23 14:57 . 2014-05-14 16:23        36320        ----a-w-        c:\windows\system32\wups.dll
2014-08-23 14:57 . 2014-05-14 16:23        581600        ----a-w-        c:\windows\system32\wuapi.dll
2014-08-23 14:57 . 2014-05-14 16:17        92672        ----a-w-        c:\windows\system32\wudriver.dll
2014-08-23 14:56 . 2014-05-14 07:23        179656        ----a-w-        c:\windows\system32\wuwebv.dll
2014-08-23 14:56 . 2014-05-14 07:17        33792        ----a-w-        c:\windows\system32\wuapp.exe
2014-08-20 13:07 . 2014-08-20 13:07        --------        d-----w-        c:\users\user\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-18 14:32 . 2014-07-20 15:39        110296        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-09 22:19 . 2012-07-17 09:39        701104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-09-09 22:19 . 2012-07-17 09:39        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-22 11:24 . 2012-11-01 19:01        893248        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-25 05:24 . 2013-05-07 23:13        35848        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-23 12:30 . 2014-07-23 12:30        110296        ----a-w-        c:\windows\system32\drivers\48230029.sys
2014-07-17 16:05 . 2014-07-17 16:05        231800        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2014-07-17 16:05 . 2012-03-20 18:44        95920        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-16 02:46 . 2014-08-13 00:29        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-07-14 01:42 . 2014-08-13 00:29        654336        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-07-09 01:29 . 2014-08-13 00:28        6144        ----a-w-        c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29 . 2014-08-13 00:28        6144        ----a-w-        c:\windows\system32\KBDBASH.DLL
2014-07-05 09:37 . 2013-05-07 17:08        97648        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-06-30 22:14 . 2014-08-13 00:52        8856        ----a-w-        c:\windows\system32\icardres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-07 19:58        220632        ----a-w-        c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-07 19:58        220632        ----a-w-        c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-07 19:58        220632        ----a-w-        c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-12-11 1564528]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-05-29 631816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-12-01 401408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-14 751184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 311152]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-14 190032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-09-12 14:07        4272640        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-07-14 141392]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 S6U12Scanner;MUSTEK 1200 CU Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-10-28 182680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-14 37352]
S1 MpKsl86c35dfe;MpKsl86c35dfe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F85E774-F1C0-4E3F-9DC5-AD59F30F38C1}\MpKsl86c35dfe.sys [2014-09-18 39464]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-08-14 430160]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2009-12-01 2519040]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-05-04 266408]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 22:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://***/imperia/index.php
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{1ACF5175-77C5-4E90-9AD1-3DE07C84CE84}: NameServer = 62.109.121.2 62.109.121.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-icq - c:\users\user\AppData\Roaming\ICQM\icq.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\scrnsave.scr
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-18  17:39:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-18 15:39
.
Vor Suchlauf: 11 Verzeichnis(se), 50.704.310.272 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 50.476.892.160 Bytes frei
.
- - End Of File - - 4CCD7F3AD65E3FBB7C361865FED4F46C
A36C5E4F47E84449FF07ED3517B43A31

schrauber 19.09.2014 09:38
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

JamesH85 19.09.2014 16:08
Alles erledigt :)

Malwarebytes hatte ich schon auf dem Rechner installiert. Hier der Log:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.09.2014
Suchlauf-Zeit: 15:57:46
Logdatei: MB_Protokoll.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.19.03
Rootkit Datenbank: v2014.09.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: user

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 295679
Verstrichene Zeit: 13 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Log AdwCleaner:

Code:
# AdwCleaner v3.310 - Bericht erstellt am 19/09/2014 um 16:36:34
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 1 (32 bits)
# Benutzername : user - USER-PC
# Gestartet von : C:\Users\user\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\SearchProtect
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Datei Gelöscht : C:\users\user\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\users\user\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792\user.js

***** [ Tasks ] *****

Task Gelöscht : Software Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 de)

[ Datei : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792\prefs.js ]


*************************

AdwCleaner[R0].txt - [3416 octets] - [25/02/2014 23:07:34]
AdwCleaner[R1].txt - [2296 octets] - [25/02/2014 23:17:37]
AdwCleaner[R2].txt - [1762 octets] - [19/09/2014 16:33:37]
AdwCleaner[S0].txt - [2226 octets] - [25/02/2014 23:18:14]
AdwCleaner[S1].txt - [1683 octets] - [19/09/2014 16:36:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1743 octets] ##########
Log Junkware Removal Tool:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.7 (09.18.2014:2)
OS: Microsoft Windows XP x86
Ran by user on 19.09.2014 at 16:54:47,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\zldfhosn.default-1399244451792\minidumps [60 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2014 at 16:57:47,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und das frische FRST Log ;)


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by user (administrator) on USER-PC on 19-09-2014 17:04:11
Running from C:\Users\user\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3074792076-4256691818-3474749184-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-3074792076-4256691818-3474749184-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://***/imperia/index.php
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3F01B86A6D63CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Imperia OneClickEdit - {D14BBB5D-6857-4959-A586-82ABD4BD8BBA} - C:\Program Files\Imperia\OneClickEdit\LiveEdit0.dll (Imperia AG)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{1ACF5175-77C5-4E90-9AD1-3DE07C84CE84}: [NameServer] 62.109.121.2 62.109.121.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792
FF NewTab: https://www.google.de
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HootBar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792\Extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}.xpi [2014-05-05]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-07] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 S6U12Scanner; system32\drivers\usbscan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 17:04 - 2014-09-19 17:04 - 00010091 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-19 17:03 - 2014-09-19 17:03 - 01097728 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-09-19 16:57 - 2014-09-19 16:57 - 00000767 _____ () C:\Users\user\Desktop\JRT.txt
2014-09-19 16:39 - 2014-09-19 16:39 - 00001823 _____ () C:\Users\user\Desktop\AdwCleaner[S1].txt
2014-09-19 16:13 - 2014-09-19 16:13 - 00001161 _____ () C:\Users\user\Desktop\MB_Protokoll.txt
2014-09-19 15:45 - 2014-09-19 15:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 17:39 - 2014-09-18 17:39 - 00014046 _____ () C:\ComboFix.txt
2014-09-18 17:31 - 2014-09-19 16:38 - 00000856 _____ () C:\Windows\PFRO.log
2014-09-18 17:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-18 17:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-18 17:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-18 17:19 - 2014-09-18 17:39 - 00000000 ____D () C:\Qoobox
2014-09-18 17:19 - 2014-09-18 17:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 10:40 - 2014-09-19 16:59 - 00000448 _____ () C:\Windows\setupact.log
2014-09-17 10:40 - 2014-09-17 10:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-17 10:39 - 2014-09-17 10:40 - 00406304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-16 21:12 - 2014-09-19 17:04 - 00000000 ____D () C:\FRST
2014-09-16 20:30 - 2014-09-16 20:30 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 18:15 - 2014-09-16 18:15 - 00000000 ____D () C:\Users\user\Documents\TubeBox
2014-09-15 21:23 - 2014-09-15 21:23 - 00026156 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-11 23:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 23:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 23:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 23:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 23:30 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 23:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 23:30 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 23:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 23:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 23:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 23:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 23:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 23:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 23:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 23:30 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 23:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 23:30 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 23:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 23:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 23:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 23:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 23:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 23:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 23:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 23:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 23:30 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 23:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 23:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 23:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 23:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 23:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 21:28 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:28 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:28 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:28 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:28 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 19:48 - 2014-09-11 16:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-08-28 14:14 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:14 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 14:20 - 2014-08-25 14:20 - 00000000 ___RD () C:\Sandbox
2014-08-25 14:17 - 2014-09-17 22:32 - 00001714 _____ () C:\Windows\Sandboxie.ini
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-25 14:09 - 2014-09-07 21:59 - 00007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-08-24 16:46 - 2014-08-24 16:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-24 16:01 - 2014-08-24 16:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-23 16:57 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 16:57 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 16:57 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 16:57 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 16:57 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 16:57 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 16:57 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 16:56 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 16:56 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 15:07 - 2014-08-20 15:07 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 17:05 - 2014-09-19 17:04 - 00010091 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-19 17:04 - 2014-09-16 21:12 - 00000000 ____D () C:\FRST
2014-09-19 17:03 - 2014-09-19 17:03 - 01097728 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-09-19 16:59 - 2014-09-17 10:40 - 00000448 _____ () C:\Windows\setupact.log
2014-09-19 16:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 16:58 - 2012-07-16 17:15 - 01694988 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 16:57 - 2014-09-19 16:57 - 00000767 _____ () C:\Users\user\Desktop\JRT.txt
2014-09-19 16:47 - 2013-05-07 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-19 16:47 - 2013-05-07 19:08 - 00000000 ____D () C:\ProgramData\Avira
2014-09-19 16:47 - 2013-05-07 19:08 - 00000000 ____D () C:\Program Files\Avira
2014-09-19 16:45 - 2009-07-14 06:34 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 16:45 - 2009-07-14 06:34 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 16:39 - 2014-09-19 16:39 - 00001823 _____ () C:\Users\user\Desktop\AdwCleaner[S1].txt
2014-09-19 16:38 - 2014-09-18 17:31 - 00000856 _____ () C:\Windows\PFRO.log
2014-09-19 16:38 - 2013-05-07 19:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 16:36 - 2014-02-25 23:07 - 00000000 ____D () C:\AdwCleaner
2014-09-19 16:19 - 2013-05-07 19:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 16:13 - 2014-09-19 16:13 - 00001161 _____ () C:\Users\user\Desktop\MB_Protokoll.txt
2014-09-19 15:57 - 2014-07-20 17:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 15:55 - 2013-10-31 15:33 - 00000000 ___RD () C:\Users\user\Desktop\TO DO'S
2014-09-19 15:46 - 2014-09-19 15:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 17:39 - 2014-09-18 17:39 - 00014046 _____ () C:\ComboFix.txt
2014-09-18 17:39 - 2014-09-18 17:19 - 00000000 ____D () C:\Qoobox
2014-09-18 17:39 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-18 17:39 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-18 17:35 - 2014-09-18 17:19 - 00000000 ____D () C:\Windows\erdnt
2014-09-18 17:32 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-17 22:32 - 2014-08-25 14:17 - 00001714 _____ () C:\Windows\Sandboxie.ini
2014-09-17 20:53 - 2012-07-17 11:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-17 10:40 - 2014-09-17 10:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-17 10:40 - 2014-09-17 10:39 - 00406304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 00:29 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 20:30 - 2014-09-16 20:30 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 20:23 - 2013-05-08 22:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\FileZilla
2014-09-16 18:15 - 2014-09-16 18:15 - 00000000 ____D () C:\Users\user\Documents\TubeBox
2014-09-15 21:23 - 2014-09-15 21:23 - 00026156 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-15 21:23 - 2013-05-07 21:52 - 00000000 ____D () C:\Users\user\.gimp-2.8
2014-09-13 16:31 - 2013-05-08 22:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-13 16:31 - 2013-05-08 22:35 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-09-12 18:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 16:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 23:32 - 2013-05-07 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 23:29 - 2013-10-03 11:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:26 - 2014-04-30 00:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 23:26 - 2012-07-16 17:39 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-11 16:50 - 2014-09-10 19:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-10 22:06 - 2012-07-17 11:30 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 22:06 - 2012-07-17 11:30 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-10 22:06 - 2012-07-17 11:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 00:19 - 2012-07-17 11:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 00:19 - 2012-07-17 11:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-07 21:59 - 2014-08-25 14:09 - 00007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-09-05 03:52 - 2014-09-11 21:28 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 21:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-27 19:00 - 2013-05-07 19:23 - 00000000 ____D () C:\Users\user\AppData\Local\Thunderbird
2014-08-25 17:26 - 2014-01-21 21:31 - 00000831 _____ () C:\Users\user\Desktop\UNI.lnk
2014-08-25 17:18 - 2013-10-31 13:07 - 00002054 _____ () C:\Users\user\Desktop\SPD.lnk
2014-08-25 14:20 - 2014-08-25 14:20 - 00000000 ___RD () C:\Sandbox
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-24 20:58 - 2013-05-07 21:06 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2014-08-24 16:47 - 2013-11-18 00:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-24 16:46 - 2014-08-24 16:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-24 16:46 - 2013-05-07 19:17 - 00000000 ____D () C:\Program Files\Java
2014-08-24 16:41 - 2013-05-07 22:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-08-24 16:01 - 2014-08-24 16:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-24 16:01 - 2014-06-10 16:07 - 00000000 ___RD () C:\Program Files\Skype
2014-08-24 16:01 - 2013-05-07 22:14 - 00000000 ____D () C:\ProgramData\Skype
2014-08-23 03:46 - 2014-08-28 14:14 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 14:14 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 15:07 - 2014-08-20 15:07 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\user\AppData\Local\temp\avgnt.exe
C:\Users\user\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-17 12:42

==================== End Of Log ============================
--- --- ---

--- --- ---


Noch einmal herzlichen Dank!

schrauber 20.09.2014 15:02

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

JamesH85 20.09.2014 20:33
Hoffe bald nicht mehr ;) Also:

ESET-Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7d19924e73816f44b999ac31b4a2d61e
# engine=20235
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-20 07:19:16
# local_time=2014-09-20 09:19:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 14297 43294403 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 861189 82534378 0 0
# scanned=154090
# found=8
# cleaned=0
# scan_time=8664
sh=9BA6DC699104472080E202066F9A6194C861BBC4 ft=1 fh=644180d9ce5cd441 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=8A4644E4EF17395A33C1DA02004243C480FB093D ft=0 fh=0000000000000000 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="E:\USER-PC\Backup Set 2014-04-30 190003\Backup Files 2014-05-31 190003\Backup files 1.zip"
sh=8F75D6904F37598B71383758643E8FCA9DE9597B ft=0 fh=0000000000000000 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="E:\USER-PC\Backup Set 2014-06-30 192020\Backup Files 2014-06-30 192020\Backup files 1.zip"
sh=6DFBED093AAD6E2ACCB60A00487A57A4F5509A93 ft=0 fh=0000000000000000 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="E:\USER-PC\Backup Set 2014-08-31 190001\Backup Files 2014-08-31 190001\Backup files 1.zip"
SecurityCheck Log:

Code:
Results of screen317's Security Check version 0.99.87 
 Windows XP Service Pack 1 x86 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
 Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner   
 Java 7 Update 67 
 Adobe Flash Player        15.0.0.152 
 Adobe Reader 10.1.12 Adobe Reader out of Date! 
 Mozilla Firefox (32.0.2)
 Mozilla Thunderbird (31.1.1)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 
````````````````````End of Log``````````````````````
und last but not least das neue FRST Log:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by user (administrator) on USER-PC on 20-09-2014 21:26:22
Running from C:\Users\user\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3074792076-4256691818-3474749184-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-3074792076-4256691818-3474749184-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://***/imperia/index.php
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3F01B86A6D63CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Imperia OneClickEdit - {D14BBB5D-6857-4959-A586-82ABD4BD8BBA} - C:\Program Files\Imperia\OneClickEdit\LiveEdit0.dll (Imperia AG)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{1ACF5175-77C5-4E90-9AD1-3DE07C84CE84}: [NameServer] 62.109.121.2 62.109.121.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792
FF NewTab: https://www.google.de
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HootBar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zldfhosn.default-1399244451792\Extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}.xpi [2014-05-05]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-07] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 S6U12Scanner; system32\drivers\usbscan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 21:26 - 2014-09-20 21:26 - 00009688 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-20 21:26 - 2014-09-19 17:03 - 01097728 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-09-20 21:25 - 2014-09-20 21:25 - 00001158 _____ () C:\Users\user\Desktop\SecurityCheck_checkup.txt
2014-09-19 15:45 - 2014-09-19 15:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 17:39 - 2014-09-18 17:39 - 00014046 _____ () C:\ComboFix.txt
2014-09-18 17:31 - 2014-09-19 16:38 - 00000856 _____ () C:\Windows\PFRO.log
2014-09-18 17:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-18 17:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-18 17:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-18 17:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-18 17:19 - 2014-09-18 17:39 - 00000000 ____D () C:\Qoobox
2014-09-18 17:19 - 2014-09-18 17:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 10:40 - 2014-09-20 18:49 - 00000560 _____ () C:\Windows\setupact.log
2014-09-17 10:40 - 2014-09-17 10:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-17 10:39 - 2014-09-17 10:40 - 00406304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-16 21:12 - 2014-09-20 21:26 - 00000000 ____D () C:\FRST
2014-09-16 20:30 - 2014-09-16 20:30 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 18:15 - 2014-09-16 18:15 - 00000000 ____D () C:\Users\user\Documents\TubeBox
2014-09-15 21:23 - 2014-09-15 21:23 - 00026156 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-11 23:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 23:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 23:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 23:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 23:30 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 23:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 23:30 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 23:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 23:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 23:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 23:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 23:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 23:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 23:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 23:30 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 23:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 23:30 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 23:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 23:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 23:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 23:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 23:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 23:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 23:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 23:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 23:30 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 23:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 23:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 23:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 23:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 23:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 21:28 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:28 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:28 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:28 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:28 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 19:48 - 2014-09-11 16:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-08-28 14:14 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:14 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 17:26 - 2014-09-17 17:53 - 00000000 ____D () C:\Users\user\Desktop\HA
2014-08-25 14:20 - 2014-08-25 14:20 - 00000000 ___RD () C:\Sandbox
2014-08-25 14:17 - 2014-09-17 22:32 - 00001714 _____ () C:\Windows\Sandboxie.ini
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-25 14:09 - 2014-09-07 21:59 - 00007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-08-24 16:46 - 2014-08-24 16:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-24 16:01 - 2014-08-24 16:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-23 16:57 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 16:57 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 16:57 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 16:57 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 16:57 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 16:57 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 16:57 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 16:56 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 16:56 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 21:27 - 2014-09-20 21:26 - 00009688 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-20 21:26 - 2014-09-16 21:12 - 00000000 ____D () C:\FRST
2014-09-20 21:25 - 2014-09-20 21:25 - 00001158 _____ () C:\Users\user\Desktop\SecurityCheck_checkup.txt
2014-09-20 21:19 - 2013-05-07 19:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 19:08 - 2012-07-16 17:15 - 01765018 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 18:57 - 2009-07-14 06:34 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 18:57 - 2009-07-14 06:34 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 18:49 - 2014-09-17 10:40 - 00000560 _____ () C:\Windows\setupact.log
2014-09-20 18:49 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 17:35 - 2013-10-31 15:33 - 00000000 ___RD () C:\Users\user\Desktop\TO DO'S
2014-09-20 17:28 - 2014-07-20 17:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 17:03 - 2014-09-20 21:26 - 01097728 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-09-19 16:47 - 2013-05-07 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-19 16:47 - 2013-05-07 19:08 - 00000000 ____D () C:\ProgramData\Avira
2014-09-19 16:47 - 2013-05-07 19:08 - 00000000 ____D () C:\Program Files\Avira
2014-09-19 16:38 - 2014-09-18 17:31 - 00000856 _____ () C:\Windows\PFRO.log
2014-09-19 16:38 - 2013-05-07 19:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 16:36 - 2014-02-25 23:07 - 00000000 ____D () C:\AdwCleaner
2014-09-19 15:46 - 2014-09-19 15:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 17:39 - 2014-09-18 17:39 - 00014046 _____ () C:\ComboFix.txt
2014-09-18 17:39 - 2014-09-18 17:19 - 00000000 ____D () C:\Qoobox
2014-09-18 17:39 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-18 17:39 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-18 17:35 - 2014-09-18 17:19 - 00000000 ____D () C:\Windows\erdnt
2014-09-18 17:32 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-17 22:32 - 2014-08-25 14:17 - 00001714 _____ () C:\Windows\Sandboxie.ini
2014-09-17 20:53 - 2012-07-17 11:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-17 17:53 - 2014-08-25 17:26 - 00000000 ____D () C:\Users\user\Desktop\HA
2014-09-17 10:40 - 2014-09-17 10:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-17 10:40 - 2014-09-17 10:39 - 00406304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 00:29 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 20:30 - 2014-09-16 20:30 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 20:23 - 2013-05-08 22:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\FileZilla
2014-09-16 18:15 - 2014-09-16 18:15 - 00000000 ____D () C:\Users\user\Documents\TubeBox
2014-09-15 21:23 - 2014-09-15 21:23 - 00026156 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-15 21:23 - 2013-05-07 21:52 - 00000000 ____D () C:\Users\user\.gimp-2.8
2014-09-13 16:31 - 2013-05-08 22:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-13 16:31 - 2013-05-08 22:35 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-09-12 18:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 16:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 23:32 - 2013-05-07 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 23:29 - 2013-10-03 11:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:26 - 2014-04-30 00:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 23:26 - 2012-07-16 17:39 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-11 16:50 - 2014-09-10 19:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-10 22:06 - 2012-07-17 11:30 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 22:06 - 2012-07-17 11:30 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-10 22:06 - 2012-07-17 11:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 00:19 - 2012-07-17 11:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 00:19 - 2012-07-17 11:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-07 21:59 - 2014-08-25 14:09 - 00007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-09-05 03:52 - 2014-09-11 21:28 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 21:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-27 19:00 - 2013-05-07 19:23 - 00000000 ____D () C:\Users\user\AppData\Local\Thunderbird
2014-08-25 17:26 - 2014-01-21 21:31 - 00000831 _____ () C:\Users\user\Desktop\UNI.lnk
2014-08-25 17:18 - 2013-10-31 13:07 - 00002054 _____ () C:\Users\user\Desktop\SPD.lnk
2014-08-25 14:20 - 2014-08-25 14:20 - 00000000 ___RD () C:\Sandbox
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-24 20:58 - 2013-05-07 21:06 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2014-08-24 16:47 - 2013-11-18 00:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-24 16:46 - 2014-08-24 16:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-24 16:46 - 2014-08-24 16:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-24 16:46 - 2014-08-24 16:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-24 16:46 - 2013-05-07 19:17 - 00000000 ____D () C:\Program Files\Java
2014-08-24 16:41 - 2013-05-07 22:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-08-24 16:01 - 2014-08-24 16:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-24 16:01 - 2014-06-10 16:07 - 00000000 ___RD () C:\Program Files\Skype
2014-08-24 16:01 - 2013-05-07 22:14 - 00000000 ____D () C:\ProgramData\Skype
2014-08-23 03:46 - 2014-08-28 14:14 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 14:14 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\user\AppData\Local\temp\avgnt.exe
C:\Users\user\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-17 12:42

==================== End Of Log ============================
--- --- ---

--- --- ---


Thanks!

schrauber 21.09.2014 09:52
Adobe updaten. Backup auf E löschen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

JamesH85 21.09.2014 20:26
Dankeschön :) ich habe allerdings entdeckt, dass Teile meiner Beiträge persönliche Informationen über mich (u.a. Namen von Desktop-Verknüpfungen) enthalten, weswegen ich dich bitte die entsprechenden Posts (Codes) oder den gesamten Thread zu löschen. Danke ;)

schrauber 22.09.2014 10:51
wurde schon erledigt denke ich.

Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55