Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   delta-homes als Startseite (https://www.trojaner-board.de/167301-delta-homes-startseite.html)

schrauber 02.06.2015 18:49
Nee, da ist wohl eher nur das Shortcut noch bissl befallen :)

Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste den Inhalt mit deiner nächsten Antwort.

manuausruben 02.06.2015 21:48
das war es wohl nicht ?!

Code:
Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Professional Service Pack 1
Program started at: 06/02/2015 10:48:03 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Katja\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 06/02/2015 10:48:15 PM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)

schrauber 03.06.2015 19:36
Öffne FRST, setz nen Haken bei Addition und bei Shortcut und scanne, poste alle 3 Logfiles bitte.

manuausruben 03.06.2015 22:04
im Moment passt es wieder mit der Startseite im IE.

Kann es sein , dass delta-homes einfach nur die letzte geöffnete seite war ?! von den einstellungen "registerkarte der letzten sitzunge wieder herstellen" her würde es passen ^^


Code:
Users shortcut scan result (x64) Version: 26-05-2015
Ran by Katja at 2015-06-03 22:59:18
Running from D:\Downloads
Boot Mode: Normal
==================== shortcuts =============================

(shortcuts.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> D:\Programme\winrar 5\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> D:\Programme\winrar 5\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> D:\Programme\winrar 5\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> D:\Programme\winrar 5\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\WinFF entfernen.lnk -> D:\Programme\WinFF\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\WinFF.lnk -> D:\Programme\WinFF\winff.exe (WinFF.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\Change Log.lnk -> D:\Programme\WinFF\Docs\changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\Docs - Catalan.lnk -> D:\Programme\WinFF\Docs\WinFF.ca.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\Docs - Dutch.lnk -> D:\Programme\WinFF\Docs\WinFF.nl.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\Docs - English.lnk -> D:\Programme\WinFF\Docs\WinFF.en.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\Docs - French.lnk -> D:\Programme\WinFF\Docs\WinFF.fr.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\Docs - Spanish.lnk -> D:\Programme\WinFF\Docs\WinFF.es.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\FFmpeg Documentation.lnk -> D:\Programme\WinFF\Docs\ffmpeg-doc.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\FFPlay Documentation.lnk -> D:\Programme\WinFF\Docs\ffplay-doc.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\License.lnk -> D:\Programme\WinFF\Docs\License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\README FFmpeg.lnk -> D:\Programme\WinFF\Docs\README-FFmpeg.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\README Presets.lnk -> D:\Programme\WinFF\Docs\README-Presets.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\Docs\README.lnk -> D:\Programme\WinFF\Docs\README.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY\Pageant.lnk -> D:\Programme\PuTTY\pageant.exe (Simon Tatham)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY\PSFTP.lnk -> D:\Programme\PuTTY\psftp.exe (Simon Tatham)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY\PuTTY Manual.lnk -> D:\Programme\PuTTY\putty.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY\PuTTY Web Site.lnk -> D:\Programme\PuTTY\website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY\PuTTY.lnk -> D:\Programme\PuTTY\putty.exe (Simon Tatham)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY\PuTTYgen.lnk -> D:\Programme\PuTTY\puttygen.exe (Simon Tatham)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU\Network Status.lnk -> D:\Programme\Pokerstars\Tracer.exe (PokerStars)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU\PokerStars.eu.lnk -> D:\Programme\Pokerstars\PokerStarsUpdate.exe (PokerStars)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digitale Signatur für VBA-Projekte.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Spracheinstellungen.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes Anti-Malware entfernen.lnk -> D:\Programme\Malwarebytes\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes Anti-Malware.lnk -> D:\Programme\Malwarebytes\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> D:\Programme\Malwarebytes\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility\Intel(R) Driver Update Utility 2.0.lnk -> C:\Program Files (x86)\Intel Driver Update Utility\DriverUpdateUI.exe (Intel)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandGrabber\HandGrabber.lnk -> D:\Programme\HandGrabber\handgrabber.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo\devolo Cockpit.lnk -> C:\Program Files (x86)\devolo\dlan\frontend\plcnetui.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Biet-O-Matic Dokumentation.lnk -> D:\Programme\Biet-O-Matic\BOM_DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Biet-O-Matic.lnk -> D:\Programme\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Lizenz.lnk -> D:\Programme\Biet-O-Matic\Lizenz.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\What's New.lnk -> D:\Programme\Biet-O-Matic\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Support\Auto Updater.lnk -> D:\Programme\Biet-O-Matic\BOMUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Support\BOM Logging Config Tool.lnk -> D:\Programme\Biet-O-Matic\BOM Logging Config Tool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Support\HTML Log Viewer.lnk -> D:\Programme\Biet-O-Matic\HTMLLogViewer.exe (Wave)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Audiograbber.lnk -> C:\Program Files (x86)\Audiograbber\audiograbber.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Deinstallieren.lnk -> C:\Program Files (x86)\Audiograbber\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Erste Schritte.lnk -> C:\Program Files (x86)\Audiograbber\Erste_Schritte.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Hilfe.lnk -> C:\Program Files (x86)\Audiograbber\German.hlp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Line In Aufnahme.lnk -> C:\Program Files (x86)\Audiograbber\Line-In.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\Links\Desktop.lnk -> C:\Users\Katja\Desktop ()
Shortcut: C:\Users\Katja\Links\Downloads.lnk -> C:\Users\Katja\Downloads ()
Shortcut: C:\Users\Katja\Desktop\CBH Captcha Solver.lnk -> C:\Program Files (x86)\Brotherhood Software\Captcha Brotherhood\captchaSolver.exe (Brotherhood Software)
Shortcut: C:\Users\Katja\Desktop\Desktop.lnk -> D:\Desktop ()
Shortcut: C:\Users\Katja\Desktop\Haushaltsbuch4.lnk -> D:\Programme\Haushaltsbuch4\hausbuch4.exe (Softwarenetz)
Shortcut: C:\Users\Katja\Desktop\Mozart.lnk -> D:\Musik\Mozart zum Wohlfühlen ()
Shortcut: C:\Users\Katja\Desktop\Theorie.lnk -> D:\Desktop\Theorie.txt ()
Shortcut: C:\Users\Katja\Desktop\Verbrauch.lnk -> D:\Verbrauch.xls ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> D:\Programme\winrar 5\Rar.txt ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> D:\Programme\winrar 5\WhatsNew.txt ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> D:\Programme\winrar 5\WinRAR.chm ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> D:\Programme\winrar 5\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool\Windows 7 USB DVD Download Tool.lnk -> C:\Users\Katja\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftwareNetz\Haushaltsbuch4.lnk -> D:\Programme\Haushaltsbuch4\hausbuch4.exe (Softwarenetz)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Deinstallationsprogramm.lnk -> D:\Programme\JDownloader v2.0\Uninstall JDownloader.exe (AppWork GmbH)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk -> D:\Programme\JDownloader v2.0\JDownloader2Update.exe (AppWork GmbH)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk -> D:\Programme\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\EUROTOOL.LNK -> D:\Programme\Microsoft Office\OFFICE11\Makro\EUROTOOL.XLA ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\EUROTOOL.XLA.LNK -> D:\Programme\Microsoft Office\OFFICE11\Makro\EUROTOOL.XLA ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Goya_Befunde.LNK -> C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VL6MW8B3\Goya_Befunde.xls (No File)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Jedes Kind Kann Schlafen Lernen - Annette Kast-Zahn.LNK -> Z:\JedesKindschläft\Jedes Kind Kann Schlafen Lernen - Annette Kast-Zahn.rtf (No File)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\JedesKindschläft.LNK -> Z:\JedesKindschläft (No File)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Makro.LNK -> D:\Programme\Microsoft Office\OFFICE11\Makro ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Programme (D).LNK -> D:\ ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\StillTabelle.LNK -> D:\StillTabelle.xls ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Verbrauch.LNK -> D:\Verbrauch.xls ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Verbrauch.xls.LNK -> D:\Verbrauch.xls ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\VL6MW8B3.LNK -> C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VL6MW8B3 (No File)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Vorlagen.LNK -> C:\Users\Katja\AppData\Roaming\Microsoft\Vorlagen ()
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk -> D:\Programme\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f966724577ef19eb\PokerStars.EU.lnk -> D:\Programme\Pokerstars\PokerStarsUpdate.exe (PokerStars)
Shortcut: C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\HandGrabber.lnk -> D:\Programme\HandGrabber\handgrabber.exe ()
Shortcut: C:\Users\Public\Desktop\PokerStars.eu.lnk -> D:\Programme\Pokerstars\PokerStarsUpdate.exe (PokerStars)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU\Uninstall PokerStars.eu.lnk -> D:\Programme\Pokerstars\PokerStarsUninstall.exe () -> /u:PokerStars.eu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Assistent zum Speichern eigener Einstellungen.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Anwendungswiederherstellung.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool\Uninstall Windows 7 USB DVD Download Tool.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {CCF298AF-9CE1-4B26-B251-486E98A34789}
ShortcutWithArgument: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF\WinFF im Internet.url -> hxxp://www.winff.org/
InternetURL: C:\Users\Katja\Favorites\boost.url -> https://www.boost-project.com/de/shops?charity_id=3013&tag=bb
InternetURL: C:\Users\Katja\Favorites\gooding.url -> https://www.gooding.de/shop/list?select=far-from-fear-e-v-2154&help=1
InternetURL: C:\Users\Katja\Favorites\Tierschutzverein Far from Fear e.V.  Zona de Galgos.url -> hxxp://www.zona-de-galgos.de/
InternetURL: C:\Users\Katja\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Katja\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Katja\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Katja\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Katja\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Katja\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Katja\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Katja\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Katja\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Katja\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Katja\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Katja\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Katja\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Katja\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Katja\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Katja\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\Katja\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893

==================== End of log =============================
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2015
Ran by Katja at 2015-06-03 22:58:13
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1921073570-4093855959-3464169332-500 - Administrator - Disabled)
Gast (S-1-5-21-1921073570-4093855959-3464169332-501 - Limited - Disabled)
Katja (S-1-5-21-1921073570-4093855959-3464169332-1000 - Administrator - Enabled) => C:\Users\Katja

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Captcha Brotherhood (HKLM-x32\...\{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}) (Version: 1.2.0 - Brotherhood Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.0.0 - devolo AG)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HandGrabber Version 1.1.9 (HKLM-x32\...\{414F2345-CA0E-41B1-ABC3-54DFC54ACFCF}_is1) (Version: 1.1.9 - TriconSoft.com)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PuTTY release 0.64 (HKLM-x32\...\PuTTY_is1) (Version: 0.64 - Simon Tatham)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Softwarenetz Haushaltsbuch4 (HKLM-x32\...\Haushaltsbuch4) (Version:  - Softwarenetz)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.19.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFF 1.5.4 (Codename EMMA) (HKLM-x32\...\WinFF_is1) (Version:  - WinFF.org)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-05-2015 23:05:10 Ende der Bereinigung

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-27 15:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {29A13E9D-C933-46DC-ABA9-64A4CB6CCCBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {480AA33B-C0CE-4117-ACD5-128B3DBBDED1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (Avast Software s.r.o.)
Task: {C8CF51A9-1256-4ECA-8A15-91390D123B74} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D381302E-8264-4945-A2FC-8E6029CB07F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {D9AD08B6-8D3E-4232-9F04-C86018D76AA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-29] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2006-12-04 02:26 - 2006-12-04 02:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2015-05-05 13:58 - 2014-05-01 20:26 - 00065536 _____ () D:\Programme\HandGrabber\handgrabber.exe
2015-05-05 14:13 - 2015-05-05 14:13 - 02344216 _____ () D:\Programme\Pokerstars\gameutil1.exe
2015-05-05 14:13 - 2015-05-05 14:13 - 00262936 _____ () D:\Programme\PokerStars\br\PokerStarsBr.exe
2015-05-26 22:38 - 2015-05-26 22:38 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-26 22:38 - 2015-05-26 22:38 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-03 20:44 - 2015-06-03 20:44 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060301\algo.dll
2015-05-26 22:38 - 2015-05-26 22:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-05 13:58 - 2013-08-16 12:49 - 00147509 _____ () D:\Programme\HandGrabber\JNativeCpp.dll
2015-05-05 14:13 - 2015-05-05 14:13 - 40627480 _____ () D:\Programme\PokerStars\br\libcef.dll
2015-05-05 14:13 - 2015-05-05 14:13 - 00955160 _____ () D:\Programme\PokerStars\br\ffmpegsumo.dll
2015-01-25 22:29 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Katja\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-01-25 22:29 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Katja\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1921073570-4093855959-3464169332-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DFABE49B-2DD9-4DC5-AA67-C4C0C0406FF2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FB29B17A-DF1B-4303-B419-750286918E7C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CAD12871-8568-4F67-A791-82CDBB021B24}] => (Allow) LPort=2869
FirewallRules: [{1F030885-40F8-43F6-85E4-65A6681362EA}] => (Allow) LPort=1900
FirewallRules: [{FAC44222-B835-4A33-88DB-3E6128268DB6}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{07182C4F-D285-46F9-82ED-538F235EAD87}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{BA732AEB-264B-4A56-8373-2C6E877DC217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: My Book Live Network Storage
Description: My Book Live Network Storage
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 01:38:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/03/2015 00:40:36 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (3192) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk konnte nicht geschrieben werden. Fehler -1032.

Error: (06/03/2015 00:40:36 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3192) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (06/03/2015 00:40:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 08:15:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2015 05:13:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2015 04:34:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/01/2015 08:13:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 01:07:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/31/2015 00:30:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (06/03/2015 00:39:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/03/2015 00:39:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (06/03/2015 00:39:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/03/2015 00:39:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.

Error: (06/02/2015 08:15:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/02/2015 08:15:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (06/02/2015 08:15:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/02/2015 08:15:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.

Error: (06/01/2015 05:13:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/01/2015 05:13:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058


Microsoft Office:
=========================
Error: (06/03/2015 01:38:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/03/2015 00:40:36 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows3192Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032

Error: (06/03/2015 00:40:36 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows3192Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (06/03/2015 00:40:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 08:15:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2015 05:13:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2015 04:34:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/01/2015 08:13:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 01:07:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/31/2015 00:30:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
Percentage of memory in use: 81%
Total physical RAM: 2038.18 MB
Available physical RAM: 374.84 MB
Total Pagefile: 4076.36 MB
Available Pagefile: 2284.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:73.14 GB) (Free:47.45 GB) NTFS
Drive d: (Programme) (Fixed) (Total:75.8 GB) (Free:63.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 08D570D8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75.8 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015 (ATTENTION: ====> FRSTversion is 8 days old and could be outdated)
Ran by Katja (administrator) on LAPTOP on 03-06-2015 22:57:02
Running from D:\Downloads
Loaded Profiles: Katja (Available Profiles: Katja)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() D:\Programme\HandGrabber\handgrabber.exe
(PokerStars) D:\Programme\Pokerstars\PokerStars.exe
() D:\Programme\Pokerstars\gameutil1.exe
() D:\Programme\Pokerstars\br\PokerStarsBr.exe
() D:\Programme\Pokerstars\br\PokerStarsBr.exe
() D:\Programme\Pokerstars\br\PokerStarsBr.exe
() D:\Programme\Pokerstars\br\PokerStarsBr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2015-01-01] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-26] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1921073570-4093855959-3464169332-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28919936 2015-05-14] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1921073570-4093855959-3464169332-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1921073570-4093855959-3464169332-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1921073570-4093855959-3464169332-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1921073570-4093855959-3464169332-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1921073570-4093855959-3464169332-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-05] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-05] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-05] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-29] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Programme\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-25]

Chrome:
=======
CHR Profile: C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-27]
CHR Extension: (YouTube) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-27]
CHR Extension: (uBlock Origin) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-30]
CHR Extension: (Google Search) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-27]
CHR Extension: (Google Sheets) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Bookmark Manager) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27]
CHR Extension: (Gmail) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-26] (Avast Software s.r.o.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3736520 2015-01-29] (devolo AG)
S2 MBAMService; D:\Programme\Malwarebytes\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-26] ()
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 22:48 - 2015-06-02 22:48 - 00001876 _____ () C:\Users\Katja\Desktop\sc-cleaner.txt
2015-06-02 22:46 - 2015-06-02 22:47 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Katja\Downloads\sc-cleaner.exe
2015-06-01 13:29 - 2015-06-03 22:57 - 00000000 ____D () C:\FRST
2015-05-30 23:12 - 2015-05-30 23:12 - 03020968 _____ (Malwarebytes ) C:\Users\Katja\Downloads\mbae-setup-1.06.1.1019.exe
2015-05-30 23:04 - 2015-05-30 23:05 - 00001503 _____ () C:\DelFix.txt
2015-05-30 23:04 - 2015-05-30 23:04 - 00000000 ____D () C:\Windows\ERUNT
2015-05-29 13:00 - 2015-06-03 22:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-29 13:00 - 2015-05-29 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-29 13:00 - 2015-05-29 13:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-27 15:26 - 2015-05-27 15:44 - 00000000 ____D () C:\Windows\erdnt
2015-05-27 08:30 - 2015-05-27 08:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-27 08:22 - 2015-05-27 07:43 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-27 08:20 - 2015-05-27 08:20 - 00000000 ____D () C:\Users\Katja\AppData\Local\VirtualStore
2015-05-26 22:38 - 2015-05-26 22:38 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-26 22:38 - 2015-05-26 22:38 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-26 22:35 - 2015-05-26 22:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LAPTOP-Windows-7-Professional-(64-bit).dat
2015-05-26 09:21 - 2015-05-28 12:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-26 09:20 - 2015-05-26 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2015-05-26 09:20 - 2015-05-26 09:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-26 09:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-26 09:20 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-26 09:20 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-25 21:43 - 2015-05-25 21:43 - 00000000 _____ () C:\autoexec.bat
2015-05-20 15:29 - 2015-05-20 15:29 - 00276280 _____ () C:\Windows\Minidump\052015-29140-01.dmp
2015-05-14 22:31 - 2015-05-20 15:29 - 00000000 ____D () C:\Windows\Minidump
2015-05-14 22:31 - 2015-05-20 15:28 - 231037135 _____ () C:\Windows\MEMORY.DMP
2015-05-14 22:31 - 2015-05-14 22:31 - 00276272 _____ () C:\Windows\Minidump\051415-23150-01.dmp
2015-05-05 14:37 - 2015-05-05 14:37 - 00000000 ____D () C:\Users\Katja\Triconsoft
2015-05-05 14:35 - 2015-05-05 14:35 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-05 14:14 - 2015-06-03 12:42 - 00000000 ____D () C:\Users\Katja\AppData\Local\PokerStars.EU
2015-05-05 14:14 - 2015-05-05 14:14 - 00000783 _____ () C:\Users\Public\Desktop\PokerStars.eu.lnk
2015-05-05 14:14 - 2015-05-05 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
2015-05-05 14:04 - 2015-05-05 14:04 - 00000000 ____D () C:\ProgramData\Sun
2015-05-05 14:03 - 2015-05-05 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-05 14:03 - 2015-05-05 14:02 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-05 14:02 - 2015-05-05 14:37 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-05 14:02 - 2015-05-05 14:02 - 00000000 ____D () C:\Program Files\Java
2015-05-05 13:58 - 2015-05-05 13:58 - 00000695 _____ () C:\Users\Public\Desktop\HandGrabber.lnk
2015-05-05 13:58 - 2015-05-05 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandGrabber

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 22:56 - 2009-07-14 06:51 - 00333743 _____ () C:\Windows\setupact.log
2015-06-03 22:20 - 2015-01-25 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 16:20 - 2015-01-25 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 12:47 - 2009-07-14 06:45 - 00025808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 12:47 - 2009-07-14 06:45 - 00025808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 12:43 - 2015-01-25 14:34 - 01579084 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 12:42 - 2015-02-13 21:29 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\Skype
2015-06-03 12:39 - 2015-01-25 14:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-03 12:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 09:00 - 2015-03-19 14:19 - 00000000 ____D () C:\Users\Katja\AppData\Local\Captcha_Brotherhood
2015-05-31 22:19 - 2015-02-15 21:36 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\vlc
2015-05-29 14:12 - 2015-03-19 21:31 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\WinFF
2015-05-29 13:08 - 2015-02-13 21:28 - 00000000 ____D () C:\ProgramData\Skype
2015-05-29 13:00 - 2015-02-20 14:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-29 10:52 - 2015-01-25 15:33 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-05-27 15:46 - 2015-03-19 14:13 - 00000000 ____D () C:\Users\Admin
2015-05-27 15:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-27 15:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-27 15:39 - 2010-11-21 05:47 - 00183524 _____ () C:\Windows\PFRO.log
2015-05-26 22:38 - 2015-01-25 14:55 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-26 22:38 - 2015-01-25 14:55 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-26 22:38 - 2015-01-25 14:55 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-26 22:38 - 2015-01-25 14:55 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-26 22:38 - 2015-01-25 14:55 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-26 22:38 - 2015-01-25 14:55 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-26 22:38 - 2015-01-25 14:55 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-26 22:38 - 2015-01-25 14:55 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-26 10:40 - 2015-01-25 14:43 - 00000995 _____ () C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-26 10:39 - 2015-01-25 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-26 09:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2015-05-26 09:31 - 2010-11-21 09:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-25 21:41 - 2015-01-25 14:42 - 00000000 ____D () C:\Users\Katja
2015-05-20 16:15 - 2015-01-25 14:55 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 16:15 - 2015-01-25 14:55 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 20:54 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 15:27 - 2015-03-24 14:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2015-04-07 12:41 - 2015-04-08 10:14 - 0003584 _____ () C:\Users\Katja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-07 21:23 - 2015-04-08 09:42 - 0000600 _____ () C:\Users\Katja\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\Katja\AppData\Local\Temp\proxy_vole772534174849057650.dll
C:\Users\Katja\AppData\Local\Temp\Quarantine.exe
C:\Users\Katja\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Katja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 13:37

==================== End of log ============================
--- --- ---

schrauber 04.06.2015 20:19
wäre auch möglich :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:38 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131