Trojaner-Board - Avira durch gruppenrichtlinie blokiert

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Avira durch gruppenrichtlinie blokiert (https://www.trojaner-board.de/163763-avira-gruppenrichtlinie-blokiert.html)

Avira durch gruppenrichtlinie blokiert

Hi hab hier den Rechner einer bekannten welcher die besagte Meldung bringt eigentlich mit allen Fehlern wäre eine neu Installation in Relation zum zeitlichen Aufwand nur konsequent aber da man auch etwas lernen will bin ich hier

ich hatte die ssd bereits draußen und hab avira und mwb an einem anderen Rechner drüber laufen lassen da die Bootdatei von Windows fehlerhaft war und sich ominöser weise auch nicht mit der DVD wiederhergestellt werden konnte sondern erst nach händischem löschen an einem anderen pc (jaja Linux usw war aber für mich die schnellste Lösung so)
Wie ihr vielleicht sehen könnt lese ich schon lange bei euch mit und habe mich bisher immer an ähnlichen Fällen durchhangeln können
Deshalb hab ich auch auf gut Glück noch 2 eurer häufiger verwendeten Programme laufen lassen einmal combofix und jdt wobei ich an FRST scheitere oder um es direkt zu sagen kein plan davon habe wie das mit den FIXES funktioniert woher ihr die Information bezieht was alles gefixt werden muss.
Mein sorgloses Vorgehen ist einfach zu begründen ich hab die ssd nochmal und mir einen clon gezogen auf dem ich “arbeite/experimentiere”

Code:

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by ludewig (administrator) on LUDEWIG-PC on 09-02-2015 00:01:14

Running from C:\Users\ludewig\Downloads

Loaded Profiles: ludewig (Available profiles: ludewig)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\System32\wbengine.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)

HKLM\...\Run: [Ubanq] => "C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe"

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\cmjahae-x32: C:\Users\ludewig\AppData\Local\cmjahae.dll [X]

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0

HKLM\...\Policies\Explorer: [HideSCAHealth] 0

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-05]

FF HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\qzjwg8tw.default\extensions\cliqz@cliqz.com
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638

CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638"

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Profile: C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]

CHR Extension: (YouTube) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]

CHR Extension: (Google-Suche) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]

CHR Extension: (Avira Browser Safety) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-05]

CHR Extension: (AdBlock) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]

CHR Extension: (Google Wallet) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]

CHR Extension: (Google Mail) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)

S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

S0 ccmcn; C:\Windows\System32\drivers\fslx.sys [79064 2014-12-18] (Malwarebytes Corporation)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()

S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-17] (Intel(R) Corporation) [File not signed]

S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-16] ()

S3 BS4177028450; \??\C:\Users\ludewig\AppData\Local\Temp\NTFS.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-09 00:01 - 2015-02-09 00:01 - 00016349 _____ () C:\Users\ludewig\Downloads\FRST.txt

2015-02-09 00:01 - 2015-02-09 00:01 - 00000000 ____D () C:\FRST

2015-02-09 00:00 - 2015-02-09 00:00 - 02132992 _____ (Farbar) C:\Users\ludewig\Downloads\FRST64.exe

2015-02-08 23:37 - 2015-02-08 23:37 - 00001502 _____ () C:\Users\ludewig\Desktop\JRT.txt

2015-02-08 23:34 - 2015-02-08 23:34 - 00000000 ___SD () C:\ComboFix

2015-02-08 23:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-02-08 23:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-02-08 23:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-02-08 23:28 - 2015-02-08 23:28 - 00003136 _____ () C:\Windows\System32\Tasks\{13B6374C-B668-460C-B4BC-2E1DF30FA87D}

2015-02-08 23:27 - 2015-02-08 23:34 - 00000000 ____D () C:\Qoobox

2015-02-08 23:27 - 2015-02-08 23:32 - 00000000 ____D () C:\Windows\erdnt

2015-02-08 23:27 - 2015-02-08 23:22 - 01388274 _____ (Thisisu) C:\Users\ludewig\Desktop\JRT.exe

2015-02-08 23:27 - 2015-02-08 23:21 - 05609947 ____R (Swearware) C:\Users\ludewig\Desktop\ComboFix.exe

2015-01-15 13:37 - 2015-01-15 13:37 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-01-14 06:47 - 2015-02-08 22:02 - 00000000 ____D () C:\Users\ludewig\AppData\Roaming\Olevmiy

2015-01-14 06:47 - 2015-01-14 06:47 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 2068250175

2015-01-13 16:40 - 2015-01-13 16:41 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\ludewig\Downloads\avira_de_av_5780127680__ws.exe

2015-01-13 16:31 - 2015-01-13 16:31 - 00896280 _____ () C:\Users\ludewig\Downloads\Norton_Removal_Tool.exe

2015-01-13 16:25 - 2015-01-13 16:26 - 02191360 _____ () C:\Users\ludewig\Downloads\adwcleaner_4.107.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-09 00:00 - 2013-11-29 15:31 - 01952495 _____ () C:\Windows\WindowsUpdate.log

2015-02-08 23:56 - 2014-04-27 17:43 - 00000000 ____D () C:\Users\ludewig\AppData\Roaming\Skype

2015-02-08 23:47 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-08 23:47 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-08 23:39 - 2014-11-05 16:10 - 00012625 _____ () C:\Windows\setupact.log

2015-02-08 23:39 - 2014-04-05 17:46 - 00000306 _____ () C:\Windows\Tasks\Obivs.job

2015-02-08 23:39 - 2013-11-29 16:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-08 23:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-08 23:35 - 2013-12-29 10:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-08 23:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-02-08 23:32 - 2014-11-05 16:10 - 00219888 _____ () C:\Windows\PFRO.log

2015-02-08 23:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-02-08 21:42 - 2009-07-14 18:58 - 00732820 _____ () C:\Windows\system32\perfh007.dat

2015-02-08 21:42 - 2009-07-14 18:58 - 00159854 _____ () C:\Windows\system32\perfc007.dat

2015-02-08 21:42 - 2009-07-14 06:13 - 00927188 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-08 21:41 - 2013-11-29 16:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-29 14:57 - 2013-11-29 16:27 - 00000773 _____ () C:\Users\ludewig\Desktop\Daten alter PC November 2013 - Verknüpfung.lnk

2015-01-16 20:26 - 2014-11-05 15:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-16 19:37 - 2013-11-29 16:10 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys

2015-01-15 13:37 - 2013-12-29 10:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-15 13:37 - 2013-12-29 10:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-15 13:37 - 2013-12-29 10:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-15 06:39 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-14 06:57 - 2014-01-28 20:33 - 00000000 ____D () C:\Users\ludewig\AppData\Local\CrashDumps

2015-01-13 16:41 - 2014-11-05 15:26 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-01-13 16:41 - 2014-11-05 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-01-13 16:27 - 2014-11-05 16:00 - 00000000 ____D () C:\AdwCleaner
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-06 19:49
 

==================== End Of Log ============================

Code:

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by ludewig at 2015-02-09 00:01:28

Running from C:\Users\ludewig\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)

ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)

Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)

Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{1EF24D7D-7B14-4EBA-A686-9E91C9C6763D}) (Version: 4.1.40.2143 - Intel)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 365 Small Business Premium - de-de (HKLM\...\O365SmallBusPremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.68.201.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\rdpencom.dll No File
 

==================== Restore Points  =========================
 

ATTENTION: System Restore is disabled.
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2015-02-08 23:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {1A28098B-DB6F-45B4-BCCE-E595ACCC3270} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {56B51F9B-63CF-49F1-970A-35D4DFFEF625} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6B4A8F01-4F0C-4C50-9199-60E915E3DF76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {84FDC769-09F8-4270-B510-19973EF6A907} - System32\Tasks\Obivs => Rundll32.exe "C:\Windows\SysWOW64\wfapigp3.dll",wkka

Task: {8E1156D8-A8CA-4208-A292-74200229245C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {994F3E13-3515-477D-B6F6-BDE0FEDBBD4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {A542370F-D932-4FBD-84C5-405401F1AAA1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

Task: {BC78E112-71B9-4710-822C-39F5003422CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)

Task: {C85DAF38-5C30-40DA-9A2E-D345D0F98A2B} - System32\Tasks\{13B6374C-B668-460C-B4BC-2E1DF30FA87D} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE

Task: {D985CB3A-E913-4F54-B104-50582FA02941} - System32\Tasks\Security Center Update - 2068250175 => C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe <==== ATTENTION

Task: {E3BDE60E-40E9-47B2-AF98-D32AD3227457} - System32\Tasks\{2D1F7944-6B69-495C-8A35-1BCAEE88FB2D} => pcalua.exe -a C:\Users\ludewig\Desktop\avm_fritz!wlan_usb_stick_build_100906.exe -d C:\Users\ludewig\Desktop

Task: {FB047328-EB6E-4389-A64A-B5FA0A516DEB} - System32\Tasks\{257022A6-B368-48D0-9680-4B02447A2EFD} => pcalua.exe -a C:\Users\ludewig\Desktop\PUSHINST.EXE -d C:\Users\ludewig\Desktop

Task: {FF88981E-F59E-4B7F-B612-1F43A0CC1B8F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Obivs.job => C:\Windows\SysWOW64\wfapigp3.dll
 

==================== Loaded Modules (whitelisted) ==============
 

2014-03-19 18:58 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-11-29 16:06 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2014-11-10 18:56 - 2014-12-11 07:33 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Registry Areas =====================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ludewig\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iSCTsysTray.lnk => C:\Windows\pss\iSCTsysTray.lnk.CommonStartup

MSCONFIG\startupreg: HogaZexi => regsvr32.exe "

MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"

MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60

MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"

MSCONFIG\startupreg: megxlay => rundll32 ",megxlay

MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"

MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-4283835491-3418897640-3424372083-500 - Administrator - Disabled)

Gast (S-1-5-21-4283835491-3418897640-3424372083-501 - Limited - Disabled)

ludewig (S-1-5-21-4283835491-3418897640-3424372083-1000 - Administrator - Enabled) => C:\Users\ludewig
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/08/2015 11:49:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
 

Error: (02/08/2015 11:44:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)

Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
 

Error: (02/08/2015 11:39:50 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - CISCTPnpDriverApi::CreateInstance   *****Unable to open the ISCT device driver
 

Error: (02/08/2015 11:37:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)

Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
 
 

System errors:

=============

Error: (02/08/2015 11:39:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

ccmcn
 

Error: (02/08/2015 11:39:46 PM) (Source: Application Popup) (EventID: 875) (User: )

Description: Treiber fslx.sys konnte nicht geladen werden.
 
 

Microsoft Office Sessions:

=========================

Error: (02/08/2015 11:49:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
 

Error: (02/08/2015 11:44:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)

Description:  16000000007B3100007B310000980B0000
 

Error: (02/08/2015 11:39:50 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - CISCTPnpDriverApi::CreateInstance   *****Unable to open the ISCT device driver
 

Error: (02/08/2015 11:37:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)

Description:  16000000007B3100007B310000980B0000
 
 

CodeIntegrity Errors:

===================================

  Date: 2015-02-08 23:31:36.148

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-02-08 23:31:36.116

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz

Percentage of memory in use: 62%

Total physical RAM: 3768.4 MB

Available physical RAM: 1396.33 MB

Total Pagefile: 7534.98 MB

Available Pagefile: 5123.11 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:119.14 GB) (Free:78.87 GB) NTFS

Drive d: (GRMCULXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 2EAFD577)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

JTR:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 7 Home Premium x64

Ran by ludewig on 08.02.2015 at 23:35:22,98

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4283835491-3418897640-3424372083-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\ludewig\AppData\Roaming\mozilla\firefox\profiles\iofmr8mm.default-1415199366866\minidumps [9 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08.02.2015 at 23:37:11,77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix

Code:

ComboFix 15-02-08.01 - ludewig 08.02.2015  23:29:56.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3768.2538 [GMT 1:00]

ausgeführt von:: c:\users\ludewig\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\update.exe

c:\users\ludewig\AppData\Local\nsr23C7.tmp

c:\windows\Tasks\Security Center Update - 2068250175.job

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_SecurityCenterServer2068250175

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-01-08 bis 2015-02-08  ))))))))))))))))))))))))))))))

.

.

2015-02-08 22:31 . 2015-02-08 22:31        --------        d-----w-        c:\users\Default\AppData\Local\temp

2015-01-15 12:37 . 2015-01-15 12:37        5013680        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2015-01-14 05:47 . 2015-02-08 21:02        --------        d-----w-        c:\users\ludewig\AppData\Roaming\Olevmiy

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-01-16 19:26 . 2014-11-05 14:25        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-01-16 18:37 . 2013-11-29 15:10        34752        ----a-w-        c:\windows\system32\drivers\WPRO_41_2001.sys

2015-01-15 12:37 . 2013-12-29 09:36        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2015-01-15 12:37 . 2013-12-29 09:36        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-12-18 21:12 . 2014-12-18 21:12        79064        ----a-w-        c:\windows\system32\drivers\fslx.sys

2014-11-21 05:14 . 2014-11-05 14:25        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-11-21 05:14 . 2014-11-05 14:25        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-11-21 05:14 . 2014-11-05 14:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-11-20 05:00 . 2014-11-20 05:01        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2014-11-13 17:25 . 2013-12-07 17:28        103374192        ----a-w-        c:\windows\system32\MRT.exe

2014-11-11 03:08 . 2014-11-19 19:16        241152        ----a-w-        c:\windows\system32\pku2u.dll

2014-11-11 03:08 . 2014-11-19 19:16        728064        ----a-w-        c:\windows\system32\kerberos.dll

2014-11-11 02:44 . 2014-11-19 19:16        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll

2014-11-11 02:44 . 2014-11-19 19:16        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-11-12 00:41        1729744        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-11-12 00:41        1729744        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-11-12 00:41        1729744        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30872168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-07-04 191528]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]

"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

"HideSCAHealth"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

"HideSCAHealth"= 0 (0x0)

.

R0 ccmcn;ccmcn;c:\windows\System32\drivers\fslx.sys;c:\windows\SYSNATIVE\drivers\fslx.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]

R2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]

R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 BS4177028450;BS4177028450;c:\users\ludewig\AppData\Local\Temp\NTFS.sys;c:\users\ludewig\AppData\Local\Temp\NTFS.sys [x]

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]

R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]

S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]

S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]

S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-12-12 19:05        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-29 12:37]

.

2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-29 15:53]

.

2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-29 15:53]

.

2015-02-08 c:\windows\Tasks\Obivs.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-11-12 08:07        2334928        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-11-12 08:07        2334928        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-11-12 08:07        2334928        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mDefault_Search_URL = www.google.com

mDefault_Page_URL = www.google.com

mStart Page = www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = www.google.com

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-cmjahae - c:\users\ludewig\AppData\Local\cmjahae.dll

Wow6432Node-HKCU-Run-Ubanq - c:\users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe

Wow6432Node-HKLM-Run-Ubanq - c:\users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe

Wow6432Node-HKU-Default-Run-AviraSpeedup - c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

Notify-cmjahae - c:\users\ludewig\AppData\Local\cmjahae.dll

Notify-megxlay - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-Ubanq - c:\users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\avmwlanstick\WlanNetService.exe

c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2015-02-08  23:33:18 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2015-02-08 22:33

.

Vor Suchlauf: 8 Verzeichnis(se), 85.152.497.664 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 84.960.030.720 Bytes frei

.

- - End Of File - - 7F3797F4D0A6F2A63BD5FD82AC5837CB

A36C5E4F47E84449FF07ED3517B43A31

hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

und ein frisches FRST log bitte.

Kleine anmerkung ich hab nach dem fix bereits die zusatz festplatte wieder angeschlossen und lass diese immer mit durchsuchen

fixlog

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015

Ran by ludewig at 2015-02-09 10:15:32 Run:1

Running from C:\Users\ludewig\Downloads

Loaded Profiles: ludewig (Available profiles: ludewig)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

*****************
 

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.
 

==== End of Fixlog 10:15:32 ====

Mwb

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Scan Date: 09.02.2015

Scan Time: 16:32:31

Logfile: mbm.txt

Administrator: Yes
 

Version: 2.00.4.1028

Malware Database: v2015.02.09.04

Rootkit Database: v2015.02.03.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled
 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: ludewig
 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 592802

Time Elapsed: 1 hr, 0 min, 1 sec
 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled
 

Processes: 0

(No malicious items detected)
 

Modules: 0

(No malicious items detected)
 

Registry Keys: 0

(No malicious items detected)
 

Registry Values: 0

(No malicious items detected)
 

Registry Data: 0

(No malicious items detected)
 

Folders: 0

(No malicious items detected)
 

Files: 12

PUP.Optional.Spigot.A, D:\Programme\Application Updater\ApplicationUpdater.exe, Quarantined, [97d168b4800a4de9fcfa1692679a0df3], 

PUP.Optional.Spigot.A, D:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe, Quarantined, [6dfb50cc6d1d39fd6cbc6a683cc540c0], 

PUP.Optional.Spigot.A, D:\Programme\Gemeinsame Dateien\Spigot\Search Settings\wth172.dll, Quarantined, [a1c7dc40385265d164c416bc847d6c94], 

PUP.Optional.Spigot.A, D:\Programme\Gemeinsame Dateien\Spigot\Search Settings\wthx172.dll, Quarantined, [3e2a968690fae1558b9d17bbaf52fc04], 

PUP.Optional.Spigot.A, D:\Programme\pdfforge Toolbar\WidgiHelper.exe, Quarantined, [6008b5670a800036ac4ba701a25f10f0], 

PUP.Optional.Spigot.A, D:\Programme\pdfforge Toolbar\IE\8.2\pdfforgeToolbarIE64.dll, Quarantined, [9dcb8e8e7e0c072f7aae567c4bb607f9], 

PUP.Optional.Spigot.A, D:\System Volume Information\_restore{132ACFC5-9372-4D41-80A7-E79405BBEE1C}\RP560\A0258760.old, Quarantined, [9ecace4e6f1b2313f830785aba47e020], 

PUP.Optional.Spigot.A, D:\WINDOWS\Installer\5b9c2.msi, Quarantined, [d98f0c10a4e68aac0b1d6f634db4847c], 

PUP.Optional.Vitruvian.A, C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\!vitruvian-autoenable.js, Quarantined, [e187041862281c1a785014742fd403fd], 

PUP.Optional.Vitruvian.A, C:\Program Files (x86)\Mozilla Firefox\defaults\preferences\!vitruvian-autoenable.js, Quarantined, [de8a6eaeacde16207c4d2f593dc68779], 

PUP.Optional.Vitruvian.A, C:\Program Files (x86)\Mozilla Firefox\vitruvian-autoenable.cfg, Quarantined, [b4b49488bad04ee8ba10c4c463a0b848], 

PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNew_01009.Wdf, Quarantined, [0464bb61682266d0710f216a38cb24dc], 
 

Physical Sectors: 0

(No malicious items detected)
 
 

(end)

Avira - hatte sich gestartet hab ee erst bei der 3 partition abgebrochen (müssen)

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Montag, 9. Februar 2015  10:24
 
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira Antivirus Free

Seriennummer   : 0000149996-AVHOE-0000001

Plattform      : Windows 7 Home Premium

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : LUDEWIG-PC
 

Versionsinformationen:

BUILD.DAT      : 14.0.7.468     91859 Bytes  24.11.2014 10:23:00

AVSCAN.EXE     : 14.0.7.462   1015544 Bytes  16.12.2014 18:07:07

AVSCANRC.DLL   : 14.0.7.308     64304 Bytes  23.10.2014 13:02:09

LUKE.DLL       : 14.0.7.462     60664 Bytes  16.12.2014 18:08:34

AVSCPLR.DLL    : 14.0.7.440     93488 Bytes  16.12.2014 18:07:07

REPAIR.DLL     : 14.0.7.412    366328 Bytes  16.12.2014 18:07:00

REPAIR.RDF     : 1.0.4.60      704786 Bytes  09.02.2015 09:13:03

AVREG.DLL      : 14.0.7.310    264952 Bytes  23.10.2014 13:02:05

AVLODE.DLL     : 14.0.7.440    561456 Bytes  16.12.2014 18:06:57

AVLODE.RDF     : 14.0.4.54      78895 Bytes  05.12.2014 16:53:09

XBV00015.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00016.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00017.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00018.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00019.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30

XBV00078.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:57

XBV00079.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:57

XBV00080.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00081.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00082.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00083.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00084.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00085.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00086.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00087.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00088.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00089.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00090.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00091.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00092.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00093.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00094.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00095.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00096.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00097.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00098.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00099.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00100.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00101.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00102.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00103.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00104.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00105.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00106.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00107.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00108.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00109.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00110.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00111.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00112.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00113.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00114.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00115.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:58

XBV00116.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00117.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00118.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00119.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00120.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00121.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00122.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00123.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00124.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00125.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00126.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00127.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00128.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00129.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00130.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00131.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00132.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00133.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00134.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00135.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00136.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00137.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00138.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00139.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00140.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00141.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00142.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00143.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00144.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00145.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:12:59

XBV00146.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00147.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00148.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00149.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00150.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00151.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00152.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00153.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00154.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00155.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00156.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00157.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00158.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00159.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00160.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00161.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00162.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00163.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00164.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00165.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00166.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00167.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00168.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00169.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00170.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00171.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00172.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00173.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00174.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00175.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00176.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00177.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00178.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00179.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00180.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00181.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:00

XBV00182.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00183.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00184.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00185.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00186.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00187.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00188.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00189.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00190.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00191.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00192.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00193.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00194.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00195.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00196.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00197.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00198.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00199.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00200.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00201.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00202.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00203.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00204.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00205.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00206.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00207.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00208.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00209.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00210.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00211.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00212.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00213.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00214.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00215.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00216.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00217.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:01

XBV00218.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00219.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00220.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00221.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00222.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00223.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00224.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00225.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00226.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00227.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00228.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00229.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00230.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00231.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00232.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00233.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00234.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00235.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00236.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00237.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00238.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00239.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00240.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00241.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00242.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00243.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00244.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00245.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00246.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00247.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00248.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00249.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00250.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00251.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00252.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00253.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:02

XBV00254.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:03

XBV00255.VDF   : 8.11.206.252     2048 Bytes  04.02.2015 09:13:03

XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 13:02:30

XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 13:02:30

XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 13:02:30

XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 13:02:30

XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 13:02:30

XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 13:02:30

XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 13:02:30

XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 13:02:30

XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 13:02:30

XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 13:02:30

XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 13:02:30

XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 06:26:49

XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 15:06:24

XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 16:24:30

XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 09:12:56

XBV00042.VDF   : 8.11.207.24    43520 Bytes  04.02.2015 09:12:56

XBV00043.VDF   : 8.11.207.50     2048 Bytes  04.02.2015 09:12:56

XBV00044.VDF   : 8.11.207.52     2048 Bytes  04.02.2015 09:12:56

XBV00045.VDF   : 8.11.207.78    20480 Bytes  04.02.2015 09:12:56

XBV00046.VDF   : 8.11.207.104     5632 Bytes  04.02.2015 09:12:56

XBV00047.VDF   : 8.11.207.106     2048 Bytes  05.02.2015 09:12:56

XBV00048.VDF   : 8.11.207.108    23040 Bytes  05.02.2015 09:12:56

XBV00049.VDF   : 8.11.207.110    34304 Bytes  05.02.2015 09:12:56

XBV00050.VDF   : 8.11.207.112     2048 Bytes  05.02.2015 09:12:56

XBV00051.VDF   : 8.11.207.134    15360 Bytes  05.02.2015 09:12:56

XBV00052.VDF   : 8.11.207.154     9728 Bytes  05.02.2015 09:12:56

XBV00053.VDF   : 8.11.207.178    39936 Bytes  05.02.2015 09:12:56

XBV00054.VDF   : 8.11.207.200    32256 Bytes  05.02.2015 09:12:56

XBV00055.VDF   : 8.11.207.204     2560 Bytes  05.02.2015 09:12:56

XBV00056.VDF   : 8.11.207.208    57856 Bytes  06.02.2015 09:12:57

XBV00057.VDF   : 8.11.207.210     2048 Bytes  06.02.2015 09:12:57

XBV00058.VDF   : 8.11.207.212     5120 Bytes  06.02.2015 09:12:57

XBV00059.VDF   : 8.11.207.232    18944 Bytes  06.02.2015 09:12:57

XBV00060.VDF   : 8.11.207.252    24576 Bytes  06.02.2015 09:12:57

XBV00061.VDF   : 8.11.208.16     9216 Bytes  06.02.2015 09:12:57

XBV00062.VDF   : 8.11.208.18     4096 Bytes  06.02.2015 09:12:57

XBV00063.VDF   : 8.11.208.20     2560 Bytes  06.02.2015 09:12:57

XBV00064.VDF   : 8.11.208.42    54272 Bytes  06.02.2015 09:12:57

XBV00065.VDF   : 8.11.208.62     2048 Bytes  06.02.2015 09:12:57

XBV00066.VDF   : 8.11.208.84    28160 Bytes  06.02.2015 09:12:57

XBV00067.VDF   : 8.11.208.86     2048 Bytes  06.02.2015 09:12:57

XBV00068.VDF   : 8.11.208.88     2048 Bytes  07.02.2015 09:12:57

XBV00069.VDF   : 8.11.208.92    61440 Bytes  07.02.2015 09:12:57

XBV00070.VDF   : 8.11.208.112     2048 Bytes  07.02.2015 09:12:57

XBV00071.VDF   : 8.11.208.130    40448 Bytes  07.02.2015 09:12:57

XBV00072.VDF   : 8.11.208.148     2048 Bytes  07.02.2015 09:12:57

XBV00073.VDF   : 8.11.208.166    62976 Bytes  08.02.2015 09:12:57

XBV00074.VDF   : 8.11.208.184     2048 Bytes  08.02.2015 09:12:57

XBV00075.VDF   : 8.11.208.204    32768 Bytes  08.02.2015 09:12:57

XBV00076.VDF   : 8.11.208.206    49664 Bytes  09.02.2015 09:12:57

XBV00077.VDF   : 8.11.208.224     5120 Bytes  09.02.2015 09:12:57

LOCAL000.VDF   : 8.11.208.224 120727040 Bytes  09.02.2015 09:13:16

Engineversion  : 8.3.28.16 

AEVDF.DLL      : 8.3.1.6       133992 Bytes  23.10.2014 13:01:55

AESCRIPT.DLL   : 8.2.2.54      550824 Bytes  09.02.2015 09:12:54

AESCN.DLL      : 8.3.2.2       139456 Bytes  23.10.2014 13:01:55

AESBX.DLL      : 8.2.20.24    1409224 Bytes  23.10.2014 13:01:55

AERDL.DLL      : 8.2.1.16      743328 Bytes  05.11.2014 15:32:59

AEPACK.DLL     : 8.4.0.58      789360 Bytes  16.01.2015 18:44:22

AEOFFICE.DLL   : 8.3.1.10      351088 Bytes  16.01.2015 18:44:14

AEMOBILE.DLL   : 8.1.2.0       277360 Bytes  16.12.2014 18:06:44

AEHEUR.DLL     : 8.1.4.1522   8071080 Bytes  09.02.2015 09:12:54

AEHELP.DLL     : 8.3.1.0       278728 Bytes  23.10.2014 13:01:55

AEGEN.DLL      : 8.1.7.40      456608 Bytes  19.12.2014 14:50:07

AEEXP.DLL      : 8.4.2.70      255904 Bytes  09.02.2015 09:12:54

AEEMU.DLL      : 8.1.3.4       399264 Bytes  23.10.2014 13:01:55

AEDROID.DLL    : 8.4.3.6       850800 Bytes  16.12.2014 18:06:43

AECORE.DLL     : 8.3.4.0       243624 Bytes  16.12.2014 18:06:40

AEBB.DLL       : 8.1.2.0        60448 Bytes  23.10.2014 13:01:55

AVWINLL.DLL    : 14.0.7.308     25904 Bytes  23.10.2014 13:02:19

AVPREF.DLL     : 14.0.7.308     52016 Bytes  23.10.2014 13:02:05

AVREP.DLL      : 14.0.7.308    220976 Bytes  23.10.2014 13:02:05

AVARKT.DLL     : 14.0.7.308    227632 Bytes  23.10.2014 13:01:55

AVEVTLOG.DLL   : 14.0.7.440    184112 Bytes  16.12.2014 18:06:52

SQLITE3.DLL    : 14.0.7.308    453936 Bytes  23.10.2014 13:02:29

AVSMTP.DLL     : 14.0.7.308     79096 Bytes  23.10.2014 13:02:12

NETNT.DLL      : 14.0.7.308     15152 Bytes  23.10.2014 13:02:27

RCIMAGE.DLL    : 14.0.7.308   4865328 Bytes  23.10.2014 13:02:27

RCTEXT.DLL     : 14.0.7.318     77048 Bytes  23.10.2014 13:02:28
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: Vollständige Systemprüfung

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20141126-235725-ADF4BBF4.avp

Protokollierung.......................: standard

Primäre Aktion........................: Interaktiv

Sekundäre Aktion......................: Ignorieren

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, D:, F:, 

Durchsuche aktive Programme...........: ein

Laufende Programme erweitert..........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: ein

Integritätsprüfung von Systemdateien..: aus

Prüfe alle Dateien....................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: erweitert
 

Beginn des Suchlaufs: Montag, 9. Februar 2015  10:24
 

Der Suchlauf über die Bootsektoren wird begonnen:

Bootsektor 'HDD1(C:)'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'HDD0(D:, F:)'

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf nach versteckten Objekten wird begonnen.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\VolumeInfoCache\D:\VolumeLabel

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

HKEY_LOCAL_MACHINE\System\ControlSet001\services\Tcpip\Parameters\Interfaces\{ED48F63F-3767-470C-81BE-6C34B1D36DB1}\DhcpInterfaceOptions

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

HKEY_USERS\S-1-5-21-4283835491-3418897640-3424372083-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{a63df14b-5906-11e3-9b30-806e6f6e6963}

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '150' Modul(e) wurden durchsucht

Durchsuche Prozess 'UMVPFSrv.exe' - '29' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '76' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskhost.exe' - '57' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '171' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '63' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '140' Modul(e) wurden durchsucht

Durchsuche Prozess 'WlanNetService.exe' - '48' Modul(e) wurden durchsucht

Durchsuche Prozess 'OfficeClickToRun.exe' - '90' Modul(e) wurden durchsucht

Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'Updater.exe' - '35' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht

Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '126' Modul(e) wurden durchsucht

Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht

Durchsuche Prozess 'RAVCpl64.exe' - '46' Modul(e) wurden durchsucht

Durchsuche Prozess 'WLanGUI.exe' - '46' Modul(e) wurden durchsucht

Durchsuche Prozess 'pdf24.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '103' Modul(e) wurden durchsucht

Durchsuche Prozess 'Avira.OE.Systray.exe' - '121' Modul(e) wurden durchsucht

Durchsuche Prozess 'GoogleCrashHandler64.exe' - '29' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '124' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '120' Modul(e) wurden durchsucht

Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '48' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '55' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskhost.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'WMIADAP.EXE' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht

Durchsuche Prozess 'firefox.exe' - '124' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '1528' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\'

Beginne mit der Suche in 'D:\' <HDD1_alt>

Beginne mit der Suche in 'F:\' <HDD2>
 
 

Ende des Suchlaufs: Montag, 9. Februar 2015  12:02

Benötigte Zeit:  1:37:55 Stunde(n)
 

Der Suchlauf wurde abgebrochen!
 

  36635 Verzeichnisse wurden überprüft

 1293524 Dateien wurden geprüft

      0 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      0 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

 1293524 Dateien ohne Befall

  58418 Archive wurden durchsucht

      0 Warnungen

      3 Hinweise

 867891 Objekte wurden beim Rootkitscan durchsucht

      3 Versteckte Objekte wurden gefunden

adwcleaner

Code:

# AdwCleaner v4.110 - Bericht erstellt 09/02/2015 um 12:06:25

# Aktualisiert 05/02/2015 von Xplode

# Datenbank : 2015-02-08.1 [Server]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : ludewig - LUDEWIG-PC

# Gestarted von : C:\Users\ludewig\Downloads\adwcleaner_4.110.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gelöscht : C:\Windows\patsearch.bin
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17496
 
 

-\\ Mozilla Firefox v35.0.1 (x86 de)
 
 

-\\ Google Chrome v40.0.2214.111
 
 

*************************
 

AdwCleaner[R0].txt - [3514 Bytes] - [05/11/2014 16:00:36]

AdwCleaner[R1].txt - [1386 Bytes] - [13/01/2015 16:26:54]

AdwCleaner[R2].txt - [1174 Bytes] - [09/02/2015 12:04:44]

AdwCleaner[R3].txt - [1175 Bytes] - [09/02/2015 12:05:08]

AdwCleaner[S0].txt - [4015 Bytes] - [05/11/2014 16:01:25]

AdwCleaner[S1].txt - [1447 Bytes] - [13/01/2015 16:27:56]

AdwCleaner[S2].txt - [1098 Bytes] - [09/02/2015 12:06:25]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1157  Bytes] ##########

Fixlist

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by ludewig (administrator) on LUDEWIG-PC on 09-02-2015 18:12:30

Running from C:\Users\ludewig\Downloads

Loaded Profiles: ludewig (Available profiles: ludewig)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)

HKLM\...\Run: [Ubanq] => "C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe"

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\cmjahae-x32: C:\Users\ludewig\AppData\Local\cmjahae.dll [X]

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0

HKLM\...\Policies\Explorer: [HideSCAHealth] 0

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-05]

FF HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\qzjwg8tw.default\extensions\cliqz@cliqz.com
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638

CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638"

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Profile: C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]

CHR Extension: (YouTube) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]

CHR Extension: (Google-Suche) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]

CHR Extension: (Avira Browser Safety) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-05]

CHR Extension: (AdBlock) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]

CHR Extension: (Google Wallet) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]

CHR Extension: (Google Mail) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)

S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

S0 ccmcn; C:\Windows\System32\drivers\fslx.sys [79064 2014-12-18] (Malwarebytes Corporation)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()

S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-17] (Intel(R) Corporation) [File not signed]

S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-16] ()

S3 BS4177028450; \??\C:\Users\ludewig\AppData\Local\Temp\NTFS.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-09 18:09 - 2015-02-09 18:09 - 00002742 _____ () C:\Users\ludewig\Desktop\mbm.txt

2015-02-09 12:04 - 2015-02-09 12:04 - 02112512 _____ () C:\Users\ludewig\Downloads\adwcleaner_4.110.exe

2015-02-09 10:56 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2015-02-09 10:56 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-02-09 10:56 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-02-09 10:56 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2015-02-09 10:56 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2015-02-09 10:56 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2015-02-09 10:56 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2015-02-09 10:56 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2015-02-09 10:56 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2015-02-09 10:56 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2015-02-09 10:56 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-02-09 10:56 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2015-02-09 10:56 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2015-02-09 10:56 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2015-02-09 10:56 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2015-02-09 10:56 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2015-02-09 10:56 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-02-09 10:56 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2015-02-09 10:51 - 2015-02-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-02-09 10:51 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-02-09 10:51 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2015-02-09 10:51 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-02-09 10:51 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2015-02-09 10:51 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2015-02-09 10:51 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-02-09 10:50 - 2015-02-09 10:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2015-02-09 10:50 - 2015-02-09 10:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2015-02-09 10:44 - 2015-02-09 10:44 - 03650152 _____ (AVM GmbH) C:\Users\ludewig\Downloads\avm_fritz!wlan_usb_stick_x64_build_100906e.exe

2015-02-09 10:44 - 2015-02-09 10:44 - 00023607 _____ () C:\Windows\avmacc.log

2015-02-09 10:44 - 2015-02-09 10:44 - 00010039 _____ () C:\Windows\avmsetup.log

2015-02-09 10:44 - 2015-02-09 10:44 - 00007897 _____ () C:\Windows\AVMInstall.Log

2015-02-09 10:44 - 2015-02-09 10:44 - 00000502 _____ () C:\Windows\avmadd32.log

2015-02-09 10:20 - 2015-02-09 10:20 - 00035004 _____ () C:\Users\ludewig\Downloads\FRSTafter fix.txt

2015-02-09 10:14 - 2015-02-09 10:14 - 00000607 _____ () C:\Users\ludewig\Desktop\Fixlist.txt

2015-02-09 01:02 - 2015-02-09 17:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-09 00:49 - 2015-02-09 00:49 - 02347384 _____ (ESET) C:\Users\ludewig\Downloads\esetsmartinstaller_deu.exe

2015-02-09 00:49 - 2015-02-09 00:49 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-02-09 00:39 - 2015-02-09 00:39 - 02785665 _____ (PortableApps.com) C:\Users\ludewig\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe

2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Users\ludewig\Downloads\RevoUninstallerPortable

2015-02-09 00:30 - 2015-02-09 00:30 - 00000000 ___SD () C:\ComboFix

2015-02-09 00:06 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-02-09 00:06 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-02-09 00:01 - 2015-02-09 18:12 - 00016162 _____ () C:\Users\ludewig\Downloads\FRST.txt

2015-02-09 00:01 - 2015-02-09 18:12 - 00000000 ____D () C:\FRST

2015-02-09 00:01 - 2015-02-09 00:01 - 00016347 _____ () C:\Users\ludewig\Downloads\Addition.txt

2015-02-09 00:00 - 2015-02-09 00:00 - 02132992 _____ (Farbar) C:\Users\ludewig\Downloads\FRST64.exe

2015-02-08 23:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-02-08 23:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-02-08 23:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-02-08 23:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-02-08 23:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-02-08 23:59 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-08 23:59 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-02-08 23:59 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-08 23:59 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-08 23:59 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-02-08 23:59 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-08 23:59 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-02-08 23:59 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-08 23:59 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-02-08 23:59 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-02-08 23:59 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-08 23:59 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-02-08 23:59 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-08 23:59 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-08 23:59 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-02-08 23:59 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-08 23:59 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-02-08 23:59 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-02-08 23:59 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-02-08 23:59 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-08 23:59 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-02-08 23:59 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-02-08 23:59 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-02-08 23:59 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-08 23:59 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-02-08 23:59 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-02-08 23:59 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-02-08 23:59 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-08 23:59 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-02-08 23:59 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-02-08 23:59 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-02-08 23:59 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-02-08 23:59 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-02-08 23:59 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-02-08 23:59 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-02-08 23:59 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-08 23:59 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-08 23:59 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-02-08 23:59 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-08 23:59 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-02-08 23:59 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-08 23:59 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-02-08 23:59 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-02-08 23:59 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-02-08 23:59 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-02-08 23:59 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-02-08 23:59 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-08 23:59 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-02-08 23:59 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-02-08 23:59 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-02-08 23:59 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-08 23:59 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-02-08 23:59 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-02-08 23:59 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-02-08 23:59 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-02-08 23:59 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-02-08 23:59 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-08 23:59 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-02-08 23:59 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-02-08 23:58 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-02-08 23:58 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-02-08 23:58 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-02-08 23:58 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-02-08 23:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-02-08 23:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-02-08 23:58 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-02-08 23:58 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-02-08 23:58 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-02-08 23:58 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2015-02-08 23:58 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2015-02-08 23:58 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2015-02-08 23:58 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2015-02-08 23:58 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2015-02-08 23:58 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2015-02-08 23:58 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2015-02-08 23:58 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2015-02-08 23:58 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2015-02-08 23:58 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2015-02-08 23:58 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2015-02-08 23:58 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2015-02-08 23:37 - 2015-02-08 23:37 - 00001502 _____ () C:\Users\ludewig\Desktop\JRT.txt

2015-02-08 23:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-02-08 23:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-02-08 23:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-02-08 23:28 - 2015-02-08 23:28 - 00003136 _____ () C:\Windows\System32\Tasks\{13B6374C-B668-460C-B4BC-2E1DF30FA87D}

2015-02-08 23:27 - 2015-02-08 23:34 - 00000000 ____D () C:\Qoobox

2015-02-08 23:27 - 2015-02-08 23:32 - 00000000 ____D () C:\Windows\erdnt

2015-02-08 23:27 - 2015-02-08 23:22 - 01388274 _____ (Thisisu) C:\Users\ludewig\Desktop\JRT.exe

2015-02-08 23:27 - 2015-02-08 23:21 - 05609947 ____R (Swearware) C:\Users\ludewig\Desktop\ComboFix.exe

2015-01-15 13:37 - 2015-01-15 13:37 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-01-14 06:47 - 2015-02-08 22:02 - 00000000 ____D () C:\Users\ludewig\AppData\Roaming\Olevmiy

2015-01-14 06:47 - 2015-01-14 06:47 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 2068250175

2015-01-13 16:40 - 2015-01-13 16:41 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\ludewig\Downloads\avira_de_av_5780127680__ws.exe

2015-01-13 16:31 - 2015-01-13 16:31 - 00896280 _____ () C:\Users\ludewig\Downloads\Norton_Removal_Tool.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-09 18:09 - 2013-11-29 16:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-09 18:08 - 2014-11-05 15:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-09 17:56 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-09 17:56 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-09 17:49 - 2014-11-05 15:26 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-09 17:49 - 2014-11-05 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-09 17:49 - 2014-11-05 15:26 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-09 17:49 - 2014-04-05 17:46 - 00000306 _____ () C:\Windows\Tasks\Obivs.job

2015-02-09 17:49 - 2013-11-29 16:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-09 17:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-09 17:48 - 2014-11-05 16:10 - 00223248 _____ () C:\Windows\PFRO.log

2015-02-09 17:48 - 2014-11-05 16:10 - 00012849 _____ () C:\Windows\setupact.log

2015-02-09 17:48 - 2013-11-29 15:31 - 01501842 _____ () C:\Windows\WindowsUpdate.log

2015-02-09 17:35 - 2013-12-29 10:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-09 16:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-09 12:06 - 2014-11-05 16:00 - 00000000 ____D () C:\AdwCleaner

2015-02-09 12:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-02-09 10:24 - 2013-12-21 10:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-02-09 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-02-09 00:11 - 2014-04-27 17:43 - 00000000 ____D () C:\Users\ludewig\AppData\Roaming\Skype

2015-02-09 00:11 - 2013-11-29 16:10 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-09 00:06 - 2013-12-07 18:28 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-09 00:04 - 2013-11-29 16:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-09 00:04 - 2013-11-29 16:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-08 23:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-02-08 23:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-02-08 21:42 - 2009-07-14 18:58 - 00732820 _____ () C:\Windows\system32\perfh007.dat

2015-02-08 21:42 - 2009-07-14 18:58 - 00159854 _____ () C:\Windows\system32\perfc007.dat

2015-02-08 21:42 - 2009-07-14 06:13 - 00927188 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-29 14:57 - 2013-11-29 16:27 - 00000773 _____ () C:\Users\ludewig\Desktop\Daten alter PC November 2013 - Verknüpfung.lnk

2015-01-16 19:37 - 2013-11-29 16:10 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys

2015-01-15 13:37 - 2013-12-29 10:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-15 13:37 - 2013-12-29 10:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-15 13:37 - 2013-12-29 10:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-15 06:39 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-14 06:57 - 2014-01-28 20:33 - 00000000 ____D () C:\Users\ludewig\AppData\Local\CrashDumps
 

Some content of TEMP:

====================

C:\Users\ludewig\AppData\Local\Temp\avgnt.exe

C:\Users\ludewig\AppData\Local\Temp\Quarantine.exe

C:\Users\ludewig\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-09 03:51
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

3 funde auf der alten xp partioion

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=e750f231405d47429263f122950bcb4c

# engine=22368

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-02-09 12:06:50

# local_time=2015-02-09 01:06:50 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 99 15929 9371095 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 66 85 35659794 175070260 0 0

# scanned=204946

# found=12

# cleaned=12

# scan_time=965

sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"

sh=B15A434AE40B4CED2909FB4D594E0462CA6F6A1F ft=1 fh=8a5d7637a7695568 vn="Win32/Agent.WGA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\update.exe.vir"

sh=08B9ED4BFB7867D66EB71A435C43F05C2027ED45 ft=1 fh=060f4b37f9084dc7 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\ludewig\AppData\Local\nsr23C7.tmp.vir"

sh=249F1430244EE6527F8F430EB1BE23A63D795F17 ft=1 fh=a973f01c97a629a5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\_restore{132ACFC5-9372-4D41-80A7-E79405BBEE1C}\RP566\A0266601.exe"

sh=BED08E844276D13F76BFA83C3100F6A0BCACA89D ft=1 fh=13ecb6a865ebf35b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\_restore{132ACFC5-9372-4D41-80A7-E79405BBEE1C}\RP566\A0266602.exe"

sh=00B7590264312AAECFAB96FD630C9FE2FE32F688 ft=1 fh=7e400afd60fb4973 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\_restore{132ACFC5-9372-4D41-80A7-E79405BBEE1C}\RP566\A0266603.exe"

sh=FB915889E457B9C6C0FFFF49529CC2A95EC270CF ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHY Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\ludewig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WLPCN9B\o2cx60jy1o[1].htm"

sh=360C5140D47B8DE2A2AF066671F7BFA269A590DD ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NID Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\ludewig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1D2LSJ8Y\qex2vcf0ga[1].htm"

sh=19F86EEC562110BCF2D76A1C1DCBD54FA3B42FAA ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NID Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\ludewig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQAB9LB9\th7ceofc3k[1].htm"

sh=D14E56329724B7108447C03297985FF9EEE8EC65 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\prefs.js"

sh=E2A0B933276F29F1ED4826A5CEFABEDD6F593648 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\prefs.js.BAK"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/TrojanDownloader.FakeAlert.AQI Trojaner" ac=C fn="${Memory}"

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=e750f231405d47429263f122950bcb4c

# engine=22368

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-02-09 02:34:51

# local_time=2015-02-09 03:34:51 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 99 24810 9379976 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 66 85 35668675 175079141 0 0

# scanned=190776

# found=2

# cleaned=2

# scan_time=1354

sh=239D10B89237E30F962E29687F15B1752A77F853 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\prefs.js"

sh=5A4ADCA5CEFDEACCC9C4D2D197213E606014FDB4 ft=1 fh=63ae2f886e7f5dcc vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\ludewig\Downloads\ccsetup419.exe"

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internet# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=e750f231405d47429263f122950bcb4c

# engine=22386

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-02-09 09:11:14

# local_time=2015-02-09 10:11:14 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 99 42391 9446959 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 66 85 35732058 175146124 0 0

# scanned=273479

# found=3

# cleaned=3

# scan_time=2308

sh=41EB8328DBE6D4E658A1A4449EA1909FE1B76E92 ft=1 fh=a66ca388308e1d04 vn="Variante von Win64/Toolbar.Widgi.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings64.exe"

sh=B0224CC2232FB9C613576401207A471EEC135A33 ft=1 fh=b77db3140c77ac60 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/TrojanDownloader.FakeAlert.AQI Trojaner" ac=C fn="${Memory}"

frst scan

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by ludewig (administrator) on LUDEWIG-PC on 09-02-2015 22:16:41

Running from C:\Users\ludewig\Downloads

Loaded Profiles: ludewig (Available profiles: ludewig)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)

HKLM\...\Run: [Ubanq] => "C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe"

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\cmjahae-x32: C:\Users\ludewig\AppData\Local\cmjahae.dll [X]

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0

HKLM\...\Policies\Explorer: [HideSCAHealth] 0

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-05]

FF HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\qzjwg8tw.default\extensions\cliqz@cliqz.com
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638

CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638"

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Profile: C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]

CHR Extension: (YouTube) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]

CHR Extension: (Google-Suche) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]

CHR Extension: (Avira Browser Safety) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-05]

CHR Extension: (AdBlock) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]

CHR Extension: (Google Wallet) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]

CHR Extension: (Google Mail) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)

S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

S0 ccmcn; C:\Windows\System32\drivers\fslx.sys [79064 2014-12-18] (Malwarebytes Corporation)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()

S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-17] (Intel(R) Corporation) [File not signed]

S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-16] ()

S3 BS4177028450; \??\C:\Users\ludewig\AppData\Local\Temp\NTFS.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-09 21:19 - 2015-02-09 21:19 - 02347384 _____ (ESET) C:\Users\ludewig\Downloads\esetsmartinstaller_deu(1).exe

2015-02-09 21:16 - 2015-02-09 21:16 - 00000000 ___SD () C:\Uninstal

2015-02-09 18:54 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-02-09 18:54 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2015-02-09 18:54 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-02-09 18:54 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-02-09 18:09 - 2015-02-09 18:09 - 00002742 _____ () C:\Users\ludewig\Desktop\mbm.txt

2015-02-09 12:04 - 2015-02-09 12:04 - 02112512 _____ () C:\Users\ludewig\Downloads\adwcleaner_4.110.exe

2015-02-09 10:56 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2015-02-09 10:56 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-02-09 10:56 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-02-09 10:56 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2015-02-09 10:56 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2015-02-09 10:56 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2015-02-09 10:56 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2015-02-09 10:56 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2015-02-09 10:56 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2015-02-09 10:56 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2015-02-09 10:56 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-02-09 10:56 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2015-02-09 10:56 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2015-02-09 10:56 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2015-02-09 10:56 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2015-02-09 10:56 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2015-02-09 10:51 - 2015-02-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-02-09 10:51 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-02-09 10:51 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2015-02-09 10:51 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2015-02-09 10:51 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2015-02-09 10:50 - 2015-02-09 10:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2015-02-09 10:50 - 2015-02-09 10:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2015-02-09 10:44 - 2015-02-09 10:44 - 03650152 _____ (AVM GmbH) C:\Users\ludewig\Downloads\avm_fritz!wlan_usb_stick_x64_build_100906e.exe

2015-02-09 10:44 - 2015-02-09 10:44 - 00023607 _____ () C:\Windows\avmacc.log

2015-02-09 10:44 - 2015-02-09 10:44 - 00010039 _____ () C:\Windows\avmsetup.log

2015-02-09 10:44 - 2015-02-09 10:44 - 00007897 _____ () C:\Windows\AVMInstall.Log

2015-02-09 10:44 - 2015-02-09 10:44 - 00000502 _____ () C:\Windows\avmadd32.log

2015-02-09 10:20 - 2015-02-09 10:20 - 00035004 _____ () C:\Users\ludewig\Downloads\FRSTafter fix.txt

2015-02-09 10:14 - 2015-02-09 10:14 - 00000607 _____ () C:\Users\ludewig\Desktop\Fixlist.txt

2015-02-09 01:02 - 2015-02-09 17:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-09 00:49 - 2015-02-09 00:49 - 02347384 _____ (ESET) C:\Users\ludewig\Downloads\esetsmartinstaller_deu.exe

2015-02-09 00:49 - 2015-02-09 00:49 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-02-09 00:39 - 2015-02-09 00:39 - 02785665 _____ (PortableApps.com) C:\Users\ludewig\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe

2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Users\ludewig\Downloads\RevoUninstallerPortable

2015-02-09 00:06 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-02-09 00:06 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-02-09 00:01 - 2015-02-09 22:16 - 00016238 _____ () C:\Users\ludewig\Downloads\FRST.txt

2015-02-09 00:01 - 2015-02-09 22:16 - 00000000 ____D () C:\FRST

2015-02-09 00:01 - 2015-02-09 00:01 - 00016347 _____ () C:\Users\ludewig\Downloads\Addition.txt

2015-02-09 00:00 - 2015-02-09 00:00 - 02132992 _____ (Farbar) C:\Users\ludewig\Downloads\FRST64.exe

2015-02-08 23:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-02-08 23:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-02-08 23:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-02-08 23:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-02-08 23:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-02-08 23:59 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-08 23:59 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-02-08 23:59 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-08 23:59 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-08 23:59 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-02-08 23:59 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-08 23:59 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-02-08 23:59 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-08 23:59 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-02-08 23:59 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-02-08 23:59 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-08 23:59 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-02-08 23:59 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-08 23:59 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-08 23:59 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-02-08 23:59 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-08 23:59 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-02-08 23:59 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-02-08 23:59 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-02-08 23:59 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-08 23:59 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-02-08 23:59 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-02-08 23:59 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-02-08 23:59 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-08 23:59 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-02-08 23:59 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-02-08 23:59 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-02-08 23:59 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-08 23:59 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-02-08 23:59 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-02-08 23:59 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-02-08 23:59 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-02-08 23:59 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-02-08 23:59 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-02-08 23:59 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-02-08 23:59 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-08 23:59 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-08 23:59 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-02-08 23:59 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-08 23:59 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-02-08 23:59 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-08 23:59 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-02-08 23:59 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-02-08 23:59 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-02-08 23:59 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-02-08 23:59 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-02-08 23:59 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-08 23:59 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-02-08 23:59 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-02-08 23:59 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-02-08 23:59 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-08 23:59 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-02-08 23:59 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-02-08 23:59 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-02-08 23:59 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-02-08 23:59 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-02-08 23:59 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-08 23:59 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-02-08 23:59 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-02-08 23:58 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-02-08 23:58 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-02-08 23:58 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-02-08 23:58 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-02-08 23:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-02-08 23:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-02-08 23:58 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-02-08 23:58 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-02-08 23:58 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-02-08 23:58 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2015-02-08 23:58 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2015-02-08 23:58 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2015-02-08 23:58 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2015-02-08 23:58 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2015-02-08 23:58 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2015-02-08 23:58 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2015-02-08 23:58 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2015-02-08 23:58 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2015-02-08 23:58 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2015-02-08 23:58 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2015-02-08 23:58 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2015-02-08 23:37 - 2015-02-08 23:37 - 00001502 _____ () C:\Users\ludewig\Desktop\JRT.txt

2015-02-08 23:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-02-08 23:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-02-08 23:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-02-08 23:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-02-08 23:28 - 2015-02-08 23:28 - 00003136 _____ () C:\Windows\System32\Tasks\{13B6374C-B668-460C-B4BC-2E1DF30FA87D}

2015-02-08 23:27 - 2015-02-09 21:16 - 00000000 ____D () C:\Qoobox

2015-02-08 23:27 - 2015-02-09 18:20 - 05611930 ____R (Swearware) C:\Users\ludewig\Desktop\Uninstal.exe

2015-02-08 23:27 - 2015-02-08 23:32 - 00000000 ____D () C:\Windows\erdnt

2015-02-08 23:27 - 2015-02-08 23:22 - 01388274 _____ (Thisisu) C:\Users\ludewig\Desktop\JRT.exe

2015-01-15 13:37 - 2015-01-15 13:37 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-01-14 06:47 - 2015-02-08 22:02 - 00000000 ____D () C:\Users\ludewig\AppData\Roaming\Olevmiy

2015-01-14 06:47 - 2015-01-14 06:47 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 2068250175

2015-01-13 16:40 - 2015-01-13 16:41 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\ludewig\Downloads\avira_de_av_5780127680__ws.exe

2015-01-13 16:31 - 2015-01-13 16:31 - 00896280 _____ () C:\Users\ludewig\Downloads\Norton_Removal_Tool.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-09 22:09 - 2013-11-29 16:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-09 21:38 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-09 21:38 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-09 21:35 - 2013-12-29 10:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-09 21:35 - 2013-11-29 15:31 - 01720857 _____ () C:\Windows\WindowsUpdate.log

2015-02-09 21:30 - 2014-11-05 16:10 - 00225168 _____ () C:\Windows\PFRO.log

2015-02-09 21:30 - 2014-11-05 16:10 - 00012961 _____ () C:\Windows\setupact.log

2015-02-09 21:30 - 2014-04-05 17:46 - 00000306 _____ () C:\Windows\Tasks\Obivs.job

2015-02-09 21:30 - 2013-11-29 16:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-09 21:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-09 19:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-02-09 18:26 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-02-09 18:08 - 2014-11-05 15:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-09 17:49 - 2014-11-05 15:26 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-09 17:49 - 2014-11-05 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-09 17:49 - 2014-11-05 15:26 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-09 16:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-09 12:06 - 2014-11-05 16:00 - 00000000 ____D () C:\AdwCleaner

2015-02-09 12:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-02-09 10:24 - 2013-12-21 10:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-02-09 00:11 - 2014-04-27 17:43 - 00000000 ____D () C:\Users\ludewig\AppData\Roaming\Skype

2015-02-09 00:11 - 2013-11-29 16:10 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-09 00:06 - 2013-12-07 18:28 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-09 00:04 - 2013-11-29 16:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-09 00:04 - 2013-11-29 16:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-08 23:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-02-08 21:42 - 2009-07-14 18:58 - 00732820 _____ () C:\Windows\system32\perfh007.dat

2015-02-08 21:42 - 2009-07-14 18:58 - 00159854 _____ () C:\Windows\system32\perfc007.dat

2015-02-08 21:42 - 2009-07-14 06:13 - 00927188 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-29 14:57 - 2013-11-29 16:27 - 00000773 _____ () C:\Users\ludewig\Desktop\Daten alter PC November 2013 - Verknüpfung.lnk

2015-01-16 19:37 - 2013-11-29 16:10 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys

2015-01-15 13:37 - 2013-12-29 10:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-15 13:37 - 2013-12-29 10:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-15 13:37 - 2013-12-29 10:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-15 06:39 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-14 06:57 - 2014-01-28 20:33 - 00000000 ____D () C:\Users\ludewig\AppData\Local\CrashDumps
 

Some content of TEMP:

====================

C:\Users\ludewig\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-09 03:51
 

==================== End Of Log ============================

--- --- ---

also ssd läuft top alles was ich bei den letzten scans gefunden hatte befand sich in der lahmen altlasten hdd
und ah da ist noch die meldung "windows sicherheits center aktivieren" was dann aber nicht möglich ist
--- --- ---

Alle Passwörter ändern.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKLM\...\Run: [Ubanq] => "C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe"

C:\Users\ludewig\AppData\Roaming\Olevmiy

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638

CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638"

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

http://www.deeprybka.trojaner-board....r/wraioneu.PNG

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

http://deeprybka.trojaner-board.de/b...srepair271.png

sorry so spät alles laufen lassen noch ein fix log ?

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02

Ran by ludewig at 2015-02-12 13:25:29 Run:1

Running from C:\Users\ludewig\Downloads

Loaded Profiles: ludewig (Available profiles: ludewig)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

HKLM\...\Run: [Ubanq] => "C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe"

C:\Users\ludewig\AppData\Roaming\Olevmiy

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638

CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638"

Emptytemp:

         

*****************
 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ubanq => value deleted successfully.

C:\Users\ludewig\AppData\Roaming\Olevmiy => Moved successfully.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 

"HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

Chrome HomePage deleted successfully.

Chrome StartupUrls deleted successfully.

EmptyTemp: => Removed 2.6 GB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog 13:25:56 ====

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02

Ran by ludewig (administrator) on LUDEWIG-PC on 12-02-2015 17:13:22

Running from C:\Users\ludewig\Downloads

Loaded Profiles: ludewig (Available profiles: ludewig)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\cmjahae-x32: C:\Users\ludewig\AppData\Local\cmjahae.dll [X]

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0

HKLM\...\Policies\Explorer: [HideSCAHealth] 0

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\gl78v74m.default-1423518193295

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\gl78v74m.default-1423518193295\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-09]

FF HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\qzjwg8tw.default\extensions\cliqz@cliqz.com
 

Chrome: 

=======

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Profile: C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]

CHR Extension: (YouTube) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]

CHR Extension: (Google-Suche) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]

CHR Extension: (Avira Browser Safety) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-05]

CHR Extension: (AdBlock) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]

CHR Extension: (Google Wallet) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]

CHR Extension: (Google Mail) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)

S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

S0 ccmcn; C:\Windows\System32\drivers\fslx.sys [79064 2014-12-18] (Malwarebytes Corporation)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()

S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-17] (Intel(R) Corporation) [File not signed]

S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-16] ()

S3 BS4177028450; \??\C:\Users\ludewig\AppData\Local\Temp\NTFS.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-12 17:13 - 2015-02-12 17:13 - 00016038 _____ () C:\Users\ludewig\Downloads\FRST.txt

2015-02-12 16:14 - 2015-02-12 16:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUDEWIG-PC-Windows-7-Home-Premium-(64-bit).dat

2015-02-12 16:14 - 2015-02-12 16:14 - 00000000 ____D () C:\RegBackup

2015-02-12 14:51 - 2015-02-12 14:51 - 00002163 _____ () C:\Users\ludewig\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2015-02-12 14:51 - 2015-02-12 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2015-02-12 14:51 - 2015-02-12 14:51 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2015-02-12 14:50 - 2015-02-12 14:50 - 11834264 _____ () C:\Users\ludewig\Downloads\tweaking.com_windows_repair_aio_setup.exe

2015-02-12 13:25 - 2015-02-12 17:13 - 00000000 ____D () C:\FRST

2015-02-12 13:25 - 2015-02-12 13:25 - 02134016 _____ (Farbar) C:\Users\ludewig\Downloads\FRST64.exe

2015-02-12 13:24 - 2015-02-12 13:24 - 01125376 _____ (Farbar) C:\Users\ludewig\Downloads\FRST.exe

2015-02-09 22:39 - 2015-02-09 22:39 - 00001003 _____ () C:\DelFix.txt

2015-02-09 21:35 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-09 21:35 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-02-09 21:35 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-02-09 18:54 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-02-09 18:54 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2015-02-09 18:54 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-02-09 18:54 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-02-09 18:09 - 2015-02-09 18:09 - 00002742 _____ () C:\Users\ludewig\Desktop\mbm.txt

2015-02-09 10:56 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2015-02-09 10:56 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-02-09 10:56 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-02-09 10:56 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2015-02-09 10:56 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2015-02-09 10:56 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2015-02-09 10:56 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2015-02-09 10:56 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2015-02-09 10:56 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2015-02-09 10:56 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2015-02-09 10:56 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2015-02-09 10:56 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2015-02-09 10:56 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2015-02-09 10:56 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2015-02-09 10:56 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2015-02-09 10:51 - 2015-02-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-02-09 10:51 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-02-09 10:51 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2015-02-09 10:51 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2015-02-09 10:51 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2015-02-09 10:50 - 2015-02-09 10:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2015-02-09 10:50 - 2015-02-09 10:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2015-02-09 10:44 - 2015-02-09 10:44 - 03650152 _____ (AVM GmbH) C:\Users\ludewig\Downloads\avm_fritz!wlan_usb_stick_x64_build_100906e.exe

2015-02-09 10:44 - 2015-02-09 10:44 - 00023607 _____ () C:\Windows\avmacc.log

2015-02-09 10:44 - 2015-02-09 10:44 - 00010039 _____ () C:\Windows\avmsetup.log

2015-02-09 10:44 - 2015-02-09 10:44 - 00007897 _____ () C:\Windows\AVMInstall.Log

2015-02-09 10:44 - 2015-02-09 10:44 - 00000502 _____ () C:\Windows\avmadd32.log

2015-02-09 01:02 - 2015-02-09 17:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-09 00:49 - 2015-02-09 00:49 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-02-09 00:39 - 2015-02-09 00:39 - 02785665 _____ (PortableApps.com) C:\Users\ludewig\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe

2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Users\ludewig\Downloads\RevoUninstallerPortable

2015-02-09 00:06 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-02-09 00:06 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-02-08 23:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-02-08 23:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-02-08 23:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-02-08 23:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-02-08 23:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-02-08 23:59 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-08 23:59 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-02-08 23:59 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-08 23:59 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-08 23:59 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-02-08 23:59 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-08 23:59 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-02-08 23:59 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-08 23:59 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-02-08 23:59 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-02-08 23:59 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-08 23:59 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-02-08 23:59 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-08 23:59 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-02-08 23:59 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-08 23:59 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-02-08 23:59 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-02-08 23:59 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-02-08 23:59 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-08 23:59 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-02-08 23:59 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-02-08 23:59 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-02-08 23:59 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-08 23:59 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-02-08 23:59 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-02-08 23:59 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-02-08 23:59 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-08 23:59 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-02-08 23:59 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-02-08 23:59 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-02-08 23:59 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-02-08 23:59 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-02-08 23:59 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-02-08 23:59 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-08 23:59 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-08 23:59 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-02-08 23:59 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-08 23:59 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-02-08 23:59 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-08 23:59 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-02-08 23:59 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-02-08 23:59 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-02-08 23:59 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-02-08 23:59 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-02-08 23:59 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-08 23:59 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-02-08 23:59 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-02-08 23:59 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-02-08 23:59 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-08 23:59 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-02-08 23:59 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-02-08 23:59 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-02-08 23:59 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-02-08 23:59 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-02-08 23:59 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-08 23:59 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-02-08 23:59 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-02-08 23:58 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-02-08 23:58 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-02-08 23:58 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-02-08 23:58 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-02-08 23:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-02-08 23:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-02-08 23:58 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-02-08 23:58 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-02-08 23:58 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-02-08 23:58 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2015-02-08 23:58 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2015-02-08 23:58 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2015-02-08 23:58 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2015-02-08 23:58 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2015-02-08 23:58 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2015-02-08 23:58 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2015-02-08 23:58 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2015-02-08 23:58 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2015-02-08 23:58 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2015-02-08 23:58 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2015-02-08 23:58 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2015-02-08 23:28 - 2015-02-08 23:28 - 00003136 _____ () C:\Windows\System32\Tasks\{13B6374C-B668-460C-B4BC-2E1DF30FA87D}

2015-02-08 23:27 - 2015-02-09 22:34 - 00000000 ____D () C:\Windows\erdnt

2015-01-14 06:47 - 2015-01-14 06:47 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 2068250175

2015-01-13 16:40 - 2015-01-13 16:41 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\ludewig\Downloads\avira_de_av_5780127680__ws.exe

2015-01-13 16:31 - 2015-01-13 16:31 - 00896280 _____ () C:\Users\ludewig\Downloads\Norton_Removal_Tool.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-12 17:11 - 2013-11-29 15:31 - 01999742 _____ () C:\Windows\WindowsUpdate.log

2015-02-12 17:10 - 2013-11-29 16:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-12 16:37 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-12 16:37 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-12 16:35 - 2013-12-29 10:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-12 16:30 - 2014-11-05 16:10 - 00226556 _____ () C:\Windows\PFRO.log

2015-02-12 16:30 - 2014-11-05 16:10 - 00013577 _____ () C:\Windows\setupact.log

2015-02-12 16:30 - 2014-04-05 17:46 - 00000306 _____ () C:\Windows\Tasks\Obivs.job

2015-02-12 16:30 - 2013-11-29 16:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-12 16:30 - 2013-11-29 15:57 - 00113488 _____ () C:\Users\ludewig\AppData\Local\GDIPFONTCACHEV1.DAT

2015-02-12 16:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-12 16:30 - 2009-07-14 05:45 - 00437576 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-12 16:27 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini

2015-02-12 13:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-02-12 13:35 - 2013-12-29 10:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-02-12 13:35 - 2013-12-29 10:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-12 13:35 - 2013-12-29 10:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-09 22:43 - 2014-11-05 15:56 - 00000000 ____D () C:\Users\ludewig\Desktop\Alte Firefox-Daten

2015-02-09 18:26 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-02-09 18:26 - 2009-07-14 03:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_190

2015-02-09 18:08 - 2014-11-05 15:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-09 17:49 - 2014-11-05 15:26 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-09 17:49 - 2014-11-05 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-09 17:49 - 2014-11-05 15:26 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-09 16:15 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-09 12:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-02-09 10:24 - 2013-12-21 10:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-02-09 00:11 - 2014-04-27 17:43 - 00000000 ____D () C:\Users\ludewig\AppData\Roaming\Skype

2015-02-09 00:11 - 2013-11-29 16:10 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-09 00:06 - 2013-12-07 18:28 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-09 00:04 - 2013-11-29 16:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-09 00:04 - 2013-11-29 16:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-08 23:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-02-08 21:42 - 2009-07-14 18:58 - 00732820 _____ () C:\Windows\system32\perfh007.dat

2015-02-08 21:42 - 2009-07-14 18:58 - 00159854 _____ () C:\Windows\system32\perfc007.dat

2015-02-08 21:42 - 2009-07-14 06:13 - 00927188 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-29 14:57 - 2013-11-29 16:27 - 00000773 _____ () C:\Users\ludewig\Desktop\Daten alter PC November 2013 - Verknüpfung.lnk

2015-01-16 19:37 - 2013-11-29 16:10 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys

2015-01-15 06:39 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-14 06:57 - 2014-01-28 20:33 - 00000000 ____D () C:\Users\ludewig\AppData\Local\CrashDumps
 

Some content of TEMP:

====================

C:\Users\ludewig\AppData\Local\Temp\avgnt.exe

C:\Users\ludewig\AppData\Local\Temp\Bd6u.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-09 03:51
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02

Ran by ludewig at 2015-02-12 17:14:02

Running from C:\Users\ludewig\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)

ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)

Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)

Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{1EF24D7D-7B14-4EBA-A686-9E91C9C6763D}) (Version: 4.1.40.2143 - Intel)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 365 Small Business Premium - de-de (HKLM\...\O365SmallBusPremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.68.201.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.0 - Tweaking.com)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\rdpencom.dll No File
 

==================== Restore Points  =========================
 

09-02-2015 22:34:29 ComboFix created restore point
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2015-02-12 16:27 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {1A28098B-DB6F-45B4-BCCE-E595ACCC3270} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {56B51F9B-63CF-49F1-970A-35D4DFFEF625} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6B4A8F01-4F0C-4C50-9199-60E915E3DF76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {84FDC769-09F8-4270-B510-19973EF6A907} - System32\Tasks\Obivs => Rundll32.exe "C:\Windows\SysWOW64\wfapigp3.dll",wkka

Task: {8E1156D8-A8CA-4208-A292-74200229245C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {994F3E13-3515-477D-B6F6-BDE0FEDBBD4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {BC78E112-71B9-4710-822C-39F5003422CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)

Task: {C85DAF38-5C30-40DA-9A2E-D345D0F98A2B} - System32\Tasks\{13B6374C-B668-460C-B4BC-2E1DF30FA87D} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE

Task: {D985CB3A-E913-4F54-B104-50582FA02941} - System32\Tasks\Security Center Update - 2068250175 => C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe <==== ATTENTION

Task: {DAF853AC-EA0D-4EF0-A5CC-F6D5CC07B6C3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

Task: {E3BDE60E-40E9-47B2-AF98-D32AD3227457} - System32\Tasks\{2D1F7944-6B69-495C-8A35-1BCAEE88FB2D} => pcalua.exe -a C:\Users\ludewig\Desktop\avm_fritz!wlan_usb_stick_build_100906.exe -d C:\Users\ludewig\Desktop

Task: {FB047328-EB6E-4389-A64A-B5FA0A516DEB} - System32\Tasks\{257022A6-B368-48D0-9680-4B02447A2EFD} => pcalua.exe -a C:\Users\ludewig\Desktop\PUSHINST.EXE -d C:\Users\ludewig\Desktop

Task: {FF88981E-F59E-4B7F-B612-1F43A0CC1B8F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Obivs.job => C:\Windows\SysWOW64\wfapigp3.dll
 

==================== Loaded Modules (whitelisted) ==============
 

2014-03-19 18:58 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-11-29 16:06 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2015-02-09 01:02 - 2015-02-09 01:02 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ludewig\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iSCTsysTray.lnk => C:\Windows\pss\iSCTsysTray.lnk.CommonStartup

MSCONFIG\startupreg: HogaZexi => regsvr32.exe "

MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"

MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60

MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"

MSCONFIG\startupreg: megxlay => rundll32 ",megxlay

MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"

MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-4283835491-3418897640-3424372083-500 - Administrator - Disabled)

Gast (S-1-5-21-4283835491-3418897640-3424372083-501 - Limited - Disabled)

ludewig (S-1-5-21-4283835491-3418897640-3424372083-1000 - Administrator - Enabled) => C:\Users\ludewig
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/12/2015 04:34:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)

Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
 

Error: (02/12/2015 04:30:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (02/12/2015 04:30:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (02/12/2015 04:30:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - CISCTPnpDriverApi::CreateInstance   *****Unable to open the ISCT device driver
 

Error: (02/12/2015 04:27:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)

Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
 

Error: (02/12/2015 04:26:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: ludewig-PC)

Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "ꅐF". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
 

Error: (02/12/2015 04:22:55 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (02/12/2015 04:22:55 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (02/12/2015 04:22:47 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - CISCTPnpDriverApi::CreateInstance   *****Unable to open the ISCT device driver
 

Error: (02/12/2015 04:18:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: ludewig-PC)

Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "ꅐ!". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
 
 

System errors:

=============

Error: (02/12/2015 04:30:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

ccmcn
 

Error: (02/12/2015 04:30:45 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
 

Error: (02/12/2015 04:30:27 PM) (Source: Application Popup) (EventID: 875) (User: )

Description: Treiber fslx.sys konnte nicht geladen werden.
 

Error: (02/12/2015 04:28:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (02/12/2015 04:22:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

ccmcn
 

Error: (02/12/2015 04:22:55 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
 

Error: (02/12/2015 04:22:40 PM) (Source: Application Popup) (EventID: 875) (User: )

Description: Treiber fslx.sys konnte nicht geladen werden.
 

Error: (02/12/2015 04:20:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (02/12/2015 03:56:03 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung empfangen: 20.
 

Error: (02/12/2015 02:56:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

ccmcn
 
 

Microsoft Office Sessions:

=========================

Error: (02/12/2015 04:34:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)

Description: 16000000004D3300004D330000980B0000
 

Error: (02/12/2015 04:30:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (02/12/2015 04:30:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (02/12/2015 04:30:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - CISCTPnpDriverApi::CreateInstance   *****Unable to open the ISCT device driver
 

Error: (02/12/2015 04:27:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)

Description: 16000000004D3300004D330000980B0000
 

Error: (02/12/2015 04:26:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: ludewig-PC)

Description: ꅐF16000000004D3300004D330000980B0000
 

Error: (02/12/2015 04:22:55 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (02/12/2015 04:22:55 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (02/12/2015 04:22:47 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - CISCTPnpDriverApi::CreateInstance   *****Unable to open the ISCT device driver
 

Error: (02/12/2015 04:18:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: ludewig-PC)

Description: ꅐ!16000000004D3300004D330000980B0000
 
 

CodeIntegrity Errors:

===================================

  Date: 2015-02-09 18:26:17.862

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-02-09 18:26:17.846

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-02-09 18:26:17.815

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-02-09 18:26:17.784

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-02-08 23:31:36.148

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-02-08 23:31:36.116

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz

Percentage of memory in use: 35%

Total physical RAM: 3768.4 MB

Available physical RAM: 2433.54 MB

Total Pagefile: 7534.99 MB

Available Pagefile: 5574.16 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:119.14 GB) (Free:79.38 GB) NTFS

Drive d: (HDD1_alt) (Fixed) (Total:78.54 GB) (Free:40.06 GB) NTFS

Drive f: (HDD2) (Fixed) (Total:154.34 GB) (Free:53.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: CDD40047)

Partition 1: (Active) - (Size=78.5 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=154.3 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 2EAFD577)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

Winlogon\Notify\cmjahae-x32: C:\Users\ludewig\AppData\Local\cmjahae.dll [X]

C:\Users\ludewig\AppData\Local\cmjahae.dll

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

Task: {D985CB3A-E913-4F54-B104-50582FA02941} - System32\Tasks\Security Center Update - 2068250175 => C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe <==== ATTENTION

C:\Users\ludewig\AppData\Roaming\Olevmiy

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST Log bitte. Noch Probleme?

Hi
Wie dringend oder gefährlich sind die reste bzw fehlenden Funktionen?

Komme erst nächste woche wieder an den pc da er benötigt wurde

Mit freundlichen Grüßen teuro

Naja. MUss dann warten. Passwörter ändern ist danach auch PFlicht.

tja PC kam heute wieder hat sich alles verschoben da ich Vorkurs hatte und dadurch jetzt auch noch die Grippe verschleppt :/ habe (leichte lungenentzündung )
sihe da wäre nichts wäre er nicht so schnell gekommen nun mit einem Verschlüsselungsvirus.
Ich Würde sagen das ist eine Steigerung der Herausforderung vielleicht auch unüberwindbar selbst mit aller Rechen Leistung der Welt so werden doch Verschlüsslungen gemessen

Konnte es der Schadsoftware erleichtert worden sein dass ich abgebrochen habe?
Diese Frage quält mich muss ich ehrlich zugeben. Und ist auch das einzige was mich brennend interesiert.
Und ist es möglich einigermaßen heraus zu finden wie die Person sich so häufig Schad Software einfängt?
Meine Vermutung ist das sie alle Emails öffnet auf WEB.de und das der Haupt infektionsweg ist.
Log Files und alles dauert kommt aber bis morgen Vormittag je nach meiner gesundheitlichen Verfassung
Sorry für meinen Spaß bis jetzt sollte die Spannung gesteigert werden iwi so hatte man das in Deutsch in der schule und jetzt der Schluss
zum Glück ging das backup noch nicht in die Versenkung in der Regel überlass ich jedem pc Nutzer selbst seine Daten Sicherung. Da ich eure Anweisungen hier aber noch nicht fertig hatte wurde sie behalten. (normalerweise ist mir mein Speicher zu kostbar) deshalb predige ich ja schon immer dass sie es sichern müssen

Möglich, aber ich glaube nicht dass es daran liegt?
Verschlüsselungstrojaner? Welcher? Welche Dateiendung? Welche Meldung kommt?

Aber in der Regel ist da gar nix zu machen.

Warum die Kiste immer wieder verseucht ist? Das Problem, und auch einzige Problem, sitzt vor dem Rechner.

ich lieg flach ... :/ also kanns mit dem letzten log etwas dauern erstmal :dankeschoen: für die auskunft

der den es in V1 V2 V3 gibt in V3 kann man nichts machen schon rescherschiert ist v3 killt dann auch diese 2 andere wege mit denen daten gerettet werden konnten geht nurnoch per backup

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by ludewig at 2015-03-13 13:51:49 Run:2

Running from C:\Users\ludewig\Downloads

Loaded Profiles: ludewig &  (Available profiles: ludewig)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

Winlogon\Notify\cmjahae-x32: C:\Users\ludewig\AppData\Local\cmjahae.dll [X]

C:\Users\ludewig\AppData\Local\cmjahae.dll

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

Task: {D985CB3A-E913-4F54-B104-50582FA02941} - System32\Tasks\Security Center Update - 2068250175 => C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe <==== ATTENTION

C:\Users\ludewig\AppData\Roaming\Olevmiy

Emptytemp:

*****************
 

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cmjahae" => Key deleted successfully.

"C:\Users\ludewig\AppData\Local\cmjahae.dll" => File/Directory not found.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 

"HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D985CB3A-E913-4F54-B104-50582FA02941}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D985CB3A-E913-4F54-B104-50582FA02941}" => Key deleted successfully.

C:\Windows\System32\Tasks\Security Center Update - 2068250175 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2068250175" => Key deleted successfully.

C:\Users\ludewig\AppData\Roaming\Olevmiy => Moved successfully.

EmptyTemp: => Removed 2.7 GB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog 13:52:28 ====

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by ludewig (administrator) on LUDEWIG-PC on 13-03-2015 13:54:15

Running from C:\Users\ludewig\Downloads

Loaded Profiles: ludewig (Available profiles: ludewig)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)

HKLM\...\Run: [Ubanq] => "C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe"

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0

HKLM\...\Policies\Explorer: [HideSCAHealth] 0

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-11-04] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-11-12] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-10-14] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-11-12] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-28] (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2015-01-15] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2015-01-15] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-12-17] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-17] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-05]

FF HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\qzjwg8tw.default\extensions\cliqz@cliqz.com
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638

CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638"

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Profile: C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]

CHR Extension: (YouTube) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]

CHR Extension: (Google Search) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]

CHR Extension: (Avira Browser Safety) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-05]

CHR Extension: (AdBlock) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]

CHR Extension: (Google Wallet) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]

CHR Extension: (Gmail) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)

S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()

S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

S0 ccmcn; C:\Windows\System32\drivers\fslx.sys [79064 2014-12-18] (Malwarebytes Corporation)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()

S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-17] (Intel(R) Corporation) [File not signed]

S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-16] ()

S3 BS4177028450; \??\C:\Users\ludewig\AppData\Local\Temp\NTFS.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-13 13:51 - 2015-03-13 13:51 - 00000000 ____D () C:\Users\ludewig\Downloads\FRST-OlderVersion

2015-03-13 12:13 - 2015-03-13 12:13 - 02347384 _____ (ESET) C:\Users\ludewig\Downloads\esetsmartinstaller_deu(1).exe

2015-03-13 12:12 - 2015-03-13 12:12 - 00001659 _____ () C:\mwb13315.txt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-13 13:54 - 2015-02-09 00:01 - 00015272 _____ () C:\Users\ludewig\Downloads\FRST.txt

2015-03-13 13:54 - 2015-02-09 00:01 - 00000000 ____D () C:\FRST

2015-03-13 13:52 - 2014-11-05 16:10 - 00221652 _____ () C:\Windows\PFRO.log

2015-03-13 13:52 - 2014-11-05 16:10 - 00012973 _____ () C:\Windows\setupact.log

2015-03-13 13:52 - 2014-04-05 17:46 - 00000306 _____ () C:\Windows\Tasks\Obivs.job

2015-03-13 13:52 - 2013-11-29 16:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-13 13:52 - 2013-11-29 15:31 - 01886599 _____ () C:\Windows\WindowsUpdate.log

2015-03-13 13:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-13 13:51 - 2015-02-09 00:00 - 02095616 _____ (Farbar) C:\Users\ludewig\Downloads\FRST64.exe

2015-03-13 13:35 - 2013-12-29 10:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-13 13:09 - 2013-11-29 16:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-13 12:27 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-13 12:27 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-13 12:13 - 2015-02-09 01:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-13 10:44 - 2014-11-05 15:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-12 12:40 - 2013-11-29 15:32 - 00000000 ____D () C:\Users\ludewig

2015-03-12 12:39 - 2013-12-22 18:40 - 00000000 ____D () C:\Windows\Minidump

2015-03-12 12:39 - 2013-11-29 15:32 - 00000000 ____D () C:\Recovery

2015-03-12 12:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Msdtc
 

Some content of TEMP:

====================

C:\Users\ludewig\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-13 11:23
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ADW cleaner

AdwCleaner Logfile:

Code:

# AdwCleaner v4.112 - Bericht erstellt 13/03/2015 um 14:02:07

# Aktualisiert 09/03/2015 von Xplode

# Datenbank : 2015-03-05.1 [Server]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : ludewig - LUDEWIG-PC

# Gestarted von : C:\Users\ludewig\Downloads\adwcleaner_4.112.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17496
 
 

-\\ Mozilla Firefox v35.0.1 (x86 de)
 
 

-\\ Google Chrome v40.0.2214.111
 
 

*************************
 

AdwCleaner[R0].txt - [3514 Bytes] - [05/11/2014 16:00:36]

AdwCleaner[R1].txt - [1386 Bytes] - [13/01/2015 16:26:54]

AdwCleaner[R2].txt - [1072 Bytes] - [13/03/2015 14:00:33]

AdwCleaner[S0].txt - [4015 Bytes] - [05/11/2014 16:01:25]

AdwCleaner[S1].txt - [1447 Bytes] - [13/01/2015 16:27:56]

AdwCleaner[S2].txt - [996 Bytes] - [13/03/2015 14:02:07]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1054  Bytes] ##########

--- --- ---