Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Verdacht auf Torpig: Mit MBAM massenweise Maleware u.ä. gefunden nach "Sinkhole-Warnung" des Providers (https://www.trojaner-board.de/145129-verdacht-torpig-mbam-massenweise-maleware-u-ae-gefunden-sinkhole-warnung-providers.html)

Firewolf_08 25.11.2013 01:20
Verdacht auf Torpig: Mit MBAM massenweise Maleware u.ä. gefunden nach "Sinkhole-Warnung" des Providers
 
Hallo,
nach einer Warnung des Internet-Providers (Info: Es wurde von einem PC am Anschluss aus ein Sinkhole kontaktiert, Verdacht auf Botnetz Torpig) habe ich alle PCs überprüft und bei einem mit MBAM massenweise Einträge gefunden. Allerdings bekomme ich einfach nicht alles weg.

Aktuelles FRST Log:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2013
Ran by Evi (administrator) on EVI-LAPTOP on 25-11-2013 00:46:49
Running from C:\Users\Evi\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(ClickMeIn Limited) C:\Program Files\VuuPC\Connectivity.exe
(ClickMeIn Limited) C:\Program Files\VuuPC\RemoteEngine.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(ClickMeIn Limited) C:\Program Files\VuuPC\RemoteEngineHelper.exe
(ClickMeIn Limited) C:\Program Files\VuuPC\RemoteEngineHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [VeriFaceManager] - C:\Program Files\Lenovo\VeriFace\PManage.exe [3122440 2010-02-22] (Lenovo)
HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [Rxncnt] - C:\Users\Evi\AppData\Roaming\Rxncnt.exe
MountPoints2: {c88338e8-2da2-11e1-b465-705ab65a6707} - F:\iStudio.exe
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk ->  (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk ->  (No File)
Startup: C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153&q={searchTerms}
URLSearchHook: HKLM - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.22.11.1

FireFox:
========
FF ProfilePath: C:\Users\Evi\AppData\Roaming\Mozilla\Firefox\Profiles\7giu4rtz.default
FF NewTab: hxxp://aartemis.com/newtab/?type=nt&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
FF DefaultSearchEngine: aartemis
FF SearchEngineOrder.1: Delta Search
FF SelectedSearchEngine: aartemis
FF Homepage: hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=DE&userid=227b4f00-a25f-86d6-324f-95d8bbfd1700&searchtype=ds&installDate=18/10/2013&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\aartemis.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft Menu - C:\Users\Evi\AppData\Roaming\Mozilla\Firefox\Profiles\7giu4rtz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://aartemis.com/?type=sc&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153

========================== Services (Whitelisted) =================

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-11-24] (SurfRight B.V.)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.0.13\diMaster.dll [262584 2011-04-01] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 RemoteEngineService; C:\Program Files\VuuPC\remoteengine.exe [2967568 2013-11-19] (ClickMeIn Limited)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)
R2 VuuPCConnectivity; C:\Program Files\VuuPC\Connectivity.exe [4747280 2013-11-19] (ClickMeIn Limited)

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [820856 2012-03-02] (Symantec Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-05] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-05] (Symantec Corporation)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-02-22] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120308.001\IDSvix86.sys [368248 2012-03-06] (Symantec Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\mbamswissarmy.sys [40776 2013-11-25] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.002\NAVENG.SYS [86136 2011-08-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.002\NAVEX15.SYS [1576312 2011-08-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1207000.00D\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1207000.00D\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1207000.00D\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-10-15] (TeamViewer GmbH)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [168704 2009-06-19] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-25 00:46 - 2013-11-25 00:48 - 00018398 _____ C:\Users\Evi\Desktop\FRST.txt
2013-11-25 00:46 - 2013-11-25 00:46 - 00000000 ____D C:\FRST
2013-11-25 00:45 - 2013-11-25 00:46 - 01091583 _____ (Farbar) C:\Users\Evi\Desktop\FRST.exe
2013-11-25 00:45 - 2013-11-25 00:45 - 00000000 ____D C:\Users\Evi\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2013-11-25 00:44 - 2013-11-25 00:44 - 00001103 _____ C:\Users\Evi\Desktop\Continue AnyProtect Installation.lnk
2013-11-25 00:42 - 2013-11-25 00:42 - 00001120 _____ C:\Users\Evi\Desktop\My VuuPC.lnk
2013-11-25 00:42 - 2013-11-25 00:42 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC
2013-11-25 00:41 - 2013-11-25 00:43 - 00000000 ____D C:\Program Files\VuuPC
2013-11-25 00:41 - 2013-11-25 00:41 - 00000000 ____D C:\Users\Evi\AppData\Roaming\aartemis
2013-11-25 00:36 - 2013-11-25 00:36 - 00602144 _____ C:\Users\Evi\Desktop\Setup.exe
2013-11-25 00:31 - 2013-11-25 00:31 - 00040776 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2013-11-25 00:20 - 2013-10-08 07:51 - 00873384 _____ (Oracle Corporation) C:\windows\system32\npdeployJava1.dll
2013-11-25 00:20 - 2013-10-08 07:51 - 00796072 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-11-24 22:46 - 2013-11-24 22:46 - 00014126 _____ C:\Users\Evi\Desktop\HitmanPro_20131124_2245.log
2013-11-24 22:18 - 2013-11-24 22:18 - 00044588 _____ C:\Users\Evi\Desktop\HitmanPro_20131124_2218.log
2013-11-24 22:18 - 2013-11-24 22:18 - 00002192 _____ C:\windows\system32\.crusader
2013-11-24 22:03 - 2013-11-24 22:03 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-24 22:03 - 2013-11-24 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-24 21:51 - 2013-11-24 22:19 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-24 21:28 - 2013-11-24 21:28 - 00002021 _____ C:\Users\Evi\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-11-24 21:28 - 2013-11-24 21:28 - 00001965 _____ C:\Users\Evi\Desktop\Avira EU-Cleaner.lnk
2013-11-24 21:23 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2013-11-24 21:23 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2013-11-24 21:23 - 2012-08-23 15:40 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2013-11-24 21:23 - 2012-08-23 15:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-24 21:23 - 2012-08-23 15:10 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-24 21:23 - 2012-08-23 14:52 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2013-11-24 21:23 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2013-11-24 21:23 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2013-11-24 21:23 - 2012-08-23 14:32 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2013-11-24 21:23 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2013-11-24 21:23 - 2012-08-23 12:40 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2013-11-24 21:23 - 2012-08-23 12:32 - 00317440 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2013-11-24 21:23 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2013-11-24 21:23 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2013-11-24 21:23 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2013-11-24 21:23 - 2012-08-23 11:08 - 02739712 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2013-11-24 21:23 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 02166272 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01818112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01156608 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-24 21:19 - 2013-11-24 21:19 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-24 21:19 - 2013-11-24 21:19 - 00244736 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-24 21:19 - 2013-11-24 21:19 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-24 21:18 - 2013-11-24 21:19 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 17142784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 11220992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 04240384 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-24 21:18 - 2013-11-24 21:18 - 01926656 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-24 21:18 - 2013-11-24 21:18 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00238288 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-24 21:17 - 2013-11-24 21:22 - 00010128 _____ C:\windows\IE11_main.log
2013-11-24 20:39 - 2013-11-24 20:39 - 00001137 _____ C:\Users\Evi\Desktop\Diagnose & Fix.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00001123 _____ C:\Users\Evi\Desktop\ScanSpyware.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Program Files\ScanSpyware
2013-11-24 20:39 - 2008-09-07 17:22 - 00008704 _____ (ScanSpyware.net) C:\windows\system32\ssbtsr.exe
2013-11-24 20:25 - 2013-11-24 20:25 - 02209056 _____ C:\Users\Evi\Desktop\avira-eu-cleaner_de.exe
2013-11-24 16:54 - 2013-11-24 16:54 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-24 16:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-24 16:37 - 2013-11-24 16:37 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 16:36 - 2013-11-24 16:36 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-24 16:36 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-11-24 16:36 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-24 16:36 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-24 16:36 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-24 16:35 - 2013-11-24 16:36 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-11-24 16:25 - 2013-11-25 00:41 - 00002250 _____ C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-24 16:25 - 2013-11-25 00:41 - 00002188 _____ C:\Users\Evi\Desktop\Search.lnk
2013-11-17 16:59 - 2013-11-17 17:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 19:46 - 2013-11-13 19:46 - 00000000 ____D C:\dec971f0e103bc8b257a941e970667
2013-11-13 17:43 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-13 17:43 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 17:43 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-13 17:43 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:43 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 17:43 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 17:43 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 17:43 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:43 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 17:43 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 17:43 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 17:43 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 17:43 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 17:43 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 17:43 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 17:43 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 17:43 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-13 17:42 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-12 18:11 - 2013-11-12 18:11 - 00576066 _____ C:\Users\Evi\Desktop\Thumbnails.db
2013-10-26 10:11 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-26 10:11 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-26 10:11 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-26 10:11 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-26 10:11 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-26 10:11 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-26 10:11 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys

==================== One Month Modified Files and Folders =======

2013-11-25 00:48 - 2013-11-25 00:46 - 00018398 _____ C:\Users\Evi\Desktop\FRST.txt
2013-11-25 00:46 - 2013-11-25 00:46 - 00000000 ____D C:\FRST
2013-11-25 00:46 - 2013-11-25 00:45 - 01091583 _____ (Farbar) C:\Users\Evi\Desktop\FRST.exe
2013-11-25 00:45 - 2013-11-25 00:45 - 00000000 ____D C:\Users\Evi\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2013-11-25 00:44 - 2013-11-25 00:44 - 00001103 _____ C:\Users\Evi\Desktop\Continue AnyProtect Installation.lnk
2013-11-25 00:43 - 2013-11-25 00:41 - 00000000 ____D C:\Program Files\VuuPC
2013-11-25 00:42 - 2013-11-25 00:42 - 00001120 _____ C:\Users\Evi\Desktop\My VuuPC.lnk
2013-11-25 00:42 - 2013-11-25 00:42 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC
2013-11-25 00:41 - 2013-11-25 00:41 - 00000000 ____D C:\Users\Evi\AppData\Roaming\aartemis
2013-11-25 00:41 - 2013-11-24 16:25 - 00002250 _____ C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-25 00:41 - 2013-11-24 16:25 - 00002188 _____ C:\Users\Evi\Desktop\Search.lnk
2013-11-25 00:41 - 2010-10-26 20:42 - 00002083 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-25 00:41 - 2010-10-26 19:56 - 00001607 _____ C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-25 00:39 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 00:39 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 00:36 - 2013-11-25 00:36 - 00602144 _____ C:\Users\Evi\Desktop\Setup.exe
2013-11-25 00:31 - 2013-11-25 00:31 - 00040776 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2013-11-25 00:30 - 2013-05-21 15:30 - 00000278 _____ C:\windows\Tasks\DSite.job
2013-11-25 00:28 - 2010-12-24 20:58 - 00001092 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-25 00:21 - 2012-05-21 20:28 - 00000000 ____D C:\Program Files\Java
2013-11-24 23:33 - 2010-01-18 18:03 - 01631806 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-24 23:32 - 2010-02-22 09:31 - 01057552 _____ C:\windows\WindowsUpdate.log
2013-11-24 23:29 - 2012-12-22 14:54 - 02308326 _____ C:\FaceProv.log
2013-11-24 23:29 - 2010-12-24 20:58 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 23:29 - 2010-02-22 09:39 - 00000000 ____D C:\ProgramData\VeriFace
2013-11-24 23:28 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-24 23:28 - 2009-07-14 05:39 - 00206365 _____ C:\windows\setupact.log
2013-11-24 23:11 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF
2013-11-24 22:46 - 2013-11-24 22:46 - 00014126 _____ C:\Users\Evi\Desktop\HitmanPro_20131124_2245.log
2013-11-24 22:28 - 2010-01-19 01:37 - 00000000 ____D C:\windows\system32\Drivers\de-DE
2013-11-24 22:28 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-11-24 22:19 - 2013-11-24 21:51 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-24 22:18 - 2013-11-24 22:18 - 00044588 _____ C:\Users\Evi\Desktop\HitmanPro_20131124_2218.log
2013-11-24 22:18 - 2013-11-24 22:18 - 00002192 _____ C:\windows\system32\.crusader
2013-11-24 22:03 - 2013-11-24 22:03 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-24 22:03 - 2013-11-24 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-24 21:28 - 2013-11-24 21:28 - 00002021 _____ C:\Users\Evi\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-11-24 21:28 - 2013-11-24 21:28 - 00001965 _____ C:\Users\Evi\Desktop\Avira EU-Cleaner.lnk
2013-11-24 21:22 - 2013-11-24 21:17 - 00010128 _____ C:\windows\IE11_main.log
2013-11-24 21:19 - 2013-11-24 21:19 - 02166272 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01818112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01156608 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-24 21:19 - 2013-11-24 21:19 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-24 21:19 - 2013-11-24 21:19 - 00244736 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-24 21:19 - 2013-11-24 21:19 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-24 21:19 - 2013-11-24 21:18 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 17142784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 11220992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 04240384 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-24 21:18 - 2013-11-24 21:18 - 01926656 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-24 21:18 - 2013-11-24 21:18 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00238288 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-24 20:39 - 2013-11-24 20:39 - 00001137 _____ C:\Users\Evi\Desktop\Diagnose & Fix.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00001123 _____ C:\Users\Evi\Desktop\ScanSpyware.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Program Files\ScanSpyware
2013-11-24 20:25 - 2013-11-24 20:25 - 02209056 _____ C:\Users\Evi\Desktop\avira-eu-cleaner_de.exe
2013-11-24 19:42 - 2010-01-18 18:12 - 00884520 _____ C:\windows\PFRO.log
2013-11-24 19:42 - 2009-07-14 03:37 - 00000000 ____D C:\windows\SchCache
2013-11-24 19:38 - 2006-04-08 20:16 - 00000000 _RSHD C:\Users\Evi\AppData\Roaming\GooglePlugin
2013-11-24 16:59 - 2011-10-02 17:05 - 00000000 ____D C:\Users\Evi\AppData\Local\CrashDumps
2013-11-24 16:59 - 2010-10-28 20:22 - 00000000 ____D C:\Users\Evi\AppData\Roaming\TeamViewer
2013-11-24 16:54 - 2013-11-24 16:54 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-24 16:37 - 2013-11-24 16:37 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 16:36 - 2013-11-24 16:36 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-24 16:36 - 2013-11-24 16:35 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-11-24 16:34 - 2013-07-29 18:30 - 00000112 _____ C:\Users\Evi\AppData\Roaming\WB.CFG
2013-11-24 16:34 - 2013-06-16 09:30 - 00000006 _____ C:\Users\Evi\AppData\Roaming\WBPU-TTL.DAT
2013-11-19 13:41 - 2012-09-04 16:43 - 00001912 _____ C:\windows\epplauncher.mif
2013-11-19 13:40 - 2012-09-04 16:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 13:36 - 2010-10-28 20:00 - 00000000 ____D C:\Users\Evi\Desktop\songs
2013-11-19 11:21 - 2010-10-27 21:50 - 00230048 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-19 10:57 - 2012-06-20 17:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-17 17:00 - 2013-11-17 16:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 14:52 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-11-13 19:46 - 2013-11-13 19:46 - 00000000 ____D C:\dec971f0e103bc8b257a941e970667
2013-11-13 19:46 - 2013-08-22 15:12 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 19:46 - 2010-11-15 10:57 - 80340640 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-12 18:11 - 2013-11-12 18:11 - 00576066 _____ C:\Users\Evi\Desktop\Thumbnails.db
2013-11-11 18:34 - 2009-07-14 05:53 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-08 16:00 - 2012-11-21 19:27 - 00020480 ____H C:\Users\Evi\Desktop\photothumb.db
2013-11-04 20:11 - 2012-04-12 18:33 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Intelli-studio
2013-10-26 02:07 - 2010-01-18 18:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-26 02:07 - 2009-07-14 05:33 - 00443792 _____ C:\windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Evi\AppData\Local\Temp\atl100.dll
C:\Users\Evi\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Evi\AppData\Local\Temp\ICReinstall_nsi7324.tmp.exe
C:\Users\Evi\AppData\Local\Temp\IERunner.dll
C:\Users\Evi\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Evi\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Evi\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Evi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Evi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Evi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Evi\AppData\Local\Temp\msvcp100.dll
C:\Users\Evi\AppData\Local\Temp\msvcr100.dll
C:\Users\Evi\AppData\Local\Temp\nsdE55.tmp.tbDVDV.dll
C:\Users\Evi\AppData\Local\Temp\vis-de.exe
C:\Users\Evi\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-24 16:08

==================== End Of Log ============================
Addition Aktuell:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-11-2013
Ran by Evi at 2013-11-25 00:49:38
Running from C:\Users\Evi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security Online (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Norton Internet Security Online (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security Online (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

aartemis Browser Protecter
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader 9.0.1 - Deutsch (Version: 9.0.1)
ALPS Touch Pad Driver
Bing Bar (Version: 7.0.850.0)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
CDBurnerXP (Version: 4.5.2.4291)
Conexant HD Audio (Version: 4.98.4.0)
DSL-Manager
DVDVideoSoftTB DE Toolbar (HKCU Version: 10.14.0.75)
EasyCapture (Version: V4.0.09.1015)
Energy Management (Version: 4.3.1.5)
flatster Recorder (Version: 2.0)
FOTOParadies (Version: 3.5.0.1)
Free M4a to MP3 Converter 7.1
Free YouTube to MP3 Converter version 3.11.32.918 (Version: 3.11.32.918)
GIMP 2.8.2 (Version: 2.8.2)
Google Update Helper (Version: 1.3.21.165)
HitmanPro 3.7 (Version: 3.7.8.208)
ICQ7.2 (Version: 7.2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 14.0.8089.726)
Lenovo EasyCamera
Lenovo EasyCamera (Version: 5.8.0.11)
Lenovo OneKey Recovery (Version: 7.0.0723)
Lenovo ReadyComm 5 (Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 14.0.1468.721)
Norton Internet Security (Version: 18.7.0.13)
OpenOffice.org 3.2 (Version: 3.2.9502)
PC-Doctor für Windows (Version: 6.0.5426.03)
PDF Creator
PhotoScape
Power2Go (Version: 5.6.0.4809d4)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
ScanSpyware 3.9.2.2 (Version: 3.9.2.2)
Snap.Do (Version: 10.157.1.12889)
Snap.Do Engine (HKCU Version: 10.157.1.12889)
TeamViewer 5 (Version: 5.1.9385 )
VeriFace (Version: 3.6.0.0921)
VIS
VuuPC Packages
VuuPC, You're Always a Click Away! (Version: 1.0.0.260)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)

==================== Restore Points  =========================

12-11-2013 19:51:39 Windows Update
13-11-2013 18:46:06 Windows Update
14-11-2013 12:27:27 Windows Update
14-11-2013 16:31:22 Windows Update
15-11-2013 23:27:38 Windows Update
17-11-2013 17:05:08 Windows Update
18-11-2013 19:48:53 Windows Update
19-11-2013 12:40:07 Windows Update
20-11-2013 20:33:42 Windows Update
24-11-2013 15:35:20 Installed Java 7 Update 45
24-11-2013 17:56:12 Windows Update
24-11-2013 20:17:08 Windows Update
24-11-2013 23:19:58 Removed Java(TM) 6 Update 35

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4B7E5B87-499C-4C23-ABB3-5E35AAD91C25} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {4E53E54C-0479-4E3B-84A3-BCBBB66EA5E6} - \AdobeFlashPlayerUpdate No Task File
Task: {5117E297-D6F7-44B3-AB5E-FD47B8A0154A} - System32\Tasks\VuuPCUpdate => C:\Program Files\VuuPC\VuuPCUpdater.exe [2013-11-19] (VuuPC Limited)
Task: {5A50EAD9-3BCD-4293-819A-D519FDC33E4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {7BF0CEC9-29DA-4776-9183-3D6452459BD3} - System32\Tasks\DSite => C:\Users\Evi\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: {81A3E981-DE2C-452C-B6FF-6447FEC5364C} - System32\Tasks\Symantec\Norton Error Processor 18.7.0.13 => C:\Program Files\Norton Internet Security\Engine\18.7.0.13\symerr.exe [2012-01-28] (Symantec Corporation)
Task: {95EB5C05-BE71-44DC-B37E-C045F5752DC7} - \AdobeFlashPlayerUpdate 2 No Task File
Task: {A3186733-EB93-4D9C-9CBF-CE609A9649BA} - System32\Tasks\EPUpdater => C:\Users\Evi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {BA26CC88-45B1-4152-99CD-C85166146FA2} - System32\Tasks\VuuPCUpdateLogin => C:\Program Files\VuuPC\VuuPCUpdater.exe [2013-11-19] (VuuPC Limited)
Task: {DE5072EA-9E75-44D3-BA5A-A0932A91422E} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.0.13 => C:\Program Files\Norton Internet Security\Engine\18.7.0.13\symerr.exe [2012-01-28] (Symantec Corporation)
Task: {FFBA53BB-E3A5-408E-9BA0-5ADF45C8F441} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: C:\windows\Tasks\DSite.job => C:\Users\Evi\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-02-22 09:39 - 2010-02-22 09:39 - 01410312 _____ () C:\windows\system32\IcnOvrly.dll
2010-02-22 09:39 - 2010-02-22 09:39 - 00492808 _____ () C:\Program Files\Lenovo\VeriFace\ChooseLang.dll
2010-02-22 09:40 - 2008-12-20 04:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-02-22 09:40 - 2008-12-20 04:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2010-05-04 14:36 - 2010-05-04 14:36 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2013-11-17 16:59 - 2013-11-17 16:59 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-05-22 21:56 - 2013-05-22 21:56 - 16033160 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: BHDrvx86
Description: BHDrvx86
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx86
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2013 00:31:46 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:46 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:46 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:46 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:32 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:32 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:32 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:32 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:11 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bc8

Startzeit: 01cee964f0a28251

Endzeit: 80

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 6d33234d-555f-11e3-8e01-705ab65a6707

Error: (11/25/2013 00:27:32 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)


System errors:
=============
Error: (11/25/2013 00:31:46 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 18 Mal passiert.

Error: (11/25/2013 00:31:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (11/25/2013 00:31:32 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 17 Mal passiert.

Error: (11/25/2013 00:31:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (11/25/2013 00:27:32 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 16 Mal passiert.

Error: (11/25/2013 00:27:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (11/25/2013 00:18:00 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 15 Mal passiert.

Error: (11/25/2013 00:18:00 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (11/25/2013 00:17:57 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 14 Mal passiert.

Error: (11/25/2013 00:17:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2


Microsoft Office Sessions:
=========================
Error: (11/25/2013 00:31:46 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:46 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:46 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:46 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
Search.TripoliIndexer

Error: (11/25/2013 00:31:32 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:32 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:32 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 00:31:32 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)
Search.TripoliIndexer

Error: (11/25/2013 00:31:11 AM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.5064bc801cee964f0a2825180C:\Program Files\Mozilla Firefox\firefox.exe6d33234d-555f-11e3-8e01-705ab65a6707

Error: (11/25/2013 00:27:32 AM) (Source: Windows Search Service)(User: )
Description:
Details:
        Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3032.6 MB
Available physical RAM: 1534.49 MB
Total Pagefile: 6063.49 MB
Available Pagefile: 4385.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:420.55 GB) (Free:348.27 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:5.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BEC90B8D)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================
Was kann ich als nächstes machen?

Vielen Dank schon mal!

schrauber 25.11.2013 07:30
hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Firewolf_08 25.11.2013 21:30
Hallo schrauber,

vielen Dank für Deine Hilfe! :dankeschoen:

Combofix brachte mir folgendes Ergebnis:

Code:
ComboFix 13-11-23.02 - Evi 25.11.2013  20:48:35.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3033.1927 [GMT 1:00]
ausgeführt von:: c:\users\Evi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Internet Security Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Evi\Desktop\Search.lnk
c:\users\Evi\Desktop\Setup.exe
c:\windows\system32\FlashPlayerApp.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-10-25 bis 2013-11-25  ))))))))))))))))))))))))))))))
.
.
2013-11-25 19:54 . 2013-11-25 19:57        --------        d-----w-        c:\users\Evi\AppData\Local\temp
2013-11-25 19:54 . 2013-11-25 19:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-25 19:54 . 2013-11-25 19:54        --------        d-----w-        c:\users\Admin\AppData\Local\temp
2013-11-25 18:17 . 2013-11-08 01:15        7772552        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24519DFD-E715-4A19-AB22-9075368BC441}\mpengine.dll
2013-11-24 23:46 . 2013-11-24 23:46        --------        d-----w-        C:\FRST
2013-11-24 23:45 . 2013-11-24 23:45        --------        d-----w-        c:\users\Evi\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2013-11-24 23:41 . 2013-11-25 08:27        --------        d-----w-        c:\program files\VuuPC
2013-11-24 23:41 . 2013-11-24 23:41        --------        d-----w-        c:\users\Evi\AppData\Roaming\aartemis
2013-11-24 23:20 . 2013-10-08 06:51        873384        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-11-24 23:20 . 2013-10-08 06:51        796072        ----a-w-        c:\windows\system32\deployJava1.dll
2013-11-24 21:03 . 2013-11-24 21:03        --------        d-----w-        c:\program files\HitmanPro
2013-11-24 20:51 . 2013-11-24 21:19        --------        d-----w-        c:\programdata\HitmanPro
2013-11-24 20:22 . 2013-11-08 01:15        7772552        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-24 20:18 . 2013-11-24 20:18        999936        ----a-w-        c:\program files\Internet Explorer\networkinspection.dll
2013-11-24 19:39 . 2013-11-24 19:39        --------        d-----w-        c:\users\Evi\AppData\Roaming\ScanSpyware
2013-11-24 19:39 . 2008-09-07 16:22        8704        ----a-w-        c:\windows\system32\ssbtsr.exe
2013-11-24 19:39 . 2013-11-24 19:39        --------        d-----w-        c:\program files\ScanSpyware
2013-11-24 15:54 . 2013-11-24 15:54        --------        d-----w-        c:\users\Evi\AppData\Roaming\Malwarebytes
2013-11-24 15:54 . 2013-11-24 15:54        --------        d-----w-        c:\programdata\Malwarebytes
2013-11-24 15:54 . 2013-11-24 15:54        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-11-24 15:54 . 2013-04-04 13:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-11-24 15:53 . 2013-11-24 15:53        --------        d-----w-        c:\users\Evi\AppData\Local\Programs
2013-11-24 15:37 . 2013-11-24 15:37        --------        d-----w-        c:\programdata\Oracle
2013-11-24 15:36 . 2013-11-24 15:36        --------        d-----w-        c:\program files\Common Files\Java
2013-11-24 15:36 . 2013-10-08 06:50        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-11-13 18:46 . 2013-11-13 18:46        --------        d-----w-        C:\dec971f0e103bc8b257a941e970667
2013-11-13 16:42 . 2013-10-05 19:57        1168384        ----a-w-        c:\windows\system32\crypt32.dll
2013-11-06 17:39 . 2013-10-18 14:40        719224        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FE15F2F-C78C-4689-BB71-36F1D228706E}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2010-10-27 20:50        230048        ------w-        c:\windows\system32\MpSigStub.exe
2013-10-18 14:40 . 2012-10-04 04:29        719224        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-27 08:53 . 2013-09-27 08:53        214696        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2013-09-27 08:53 . 2012-03-20 18:44        104768        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-14 00:48 . 2013-10-11 08:28        338944        ----a-w-        c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-11 08:28        1294272        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-11 08:28        231424        ----a-w-        c:\windows\system32\mswsock.dll
2013-09-04 01:15 . 2013-10-26 09:11        258560        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14 . 2013-10-26 09:11        76288        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14 . 2013-10-26 09:11        284672        ----a-w-        c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14 . 2013-10-26 09:11        43008        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14 . 2013-10-26 09:11        20480        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14 . 2013-10-26 09:11        24064        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14 . 2013-10-26 09:11        6016        ----a-w-        c:\windows\system32\drivers\usbd.sys
2013-08-29 01:51 . 2013-10-11 08:28        3969472        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 08:28        3914176        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 08:28        1289096        ----a-w-        c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-11 08:28        619520        ----a-w-        c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-11 08:28        640512        ----a-w-        c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-11 08:22        2348544        ----a-w-        c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-11 08:27        434688        ----a-w-        c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-09-20 09:34        508744        ----a-w-        c:\users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-09-20 508744]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-02-22 08:39        1410312        ----a-w-        c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2010-02-22 3122440]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2010-10-26 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [2012-03-02 820856]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-05 106104]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-24 108032]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS [2011-03-15 744568]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]
S1 funfrm;funfrm; [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120308.001\IDSvix86.sys [2012-03-06 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1207000.00D\SYMNETS.SYS [2011-04-21 299640]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-11-24 106280]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 RemoteEngineService;VuuPC RemoteEngine Service;c:\program files\VuuPC\remoteengine.exe [2013-11-19 2967568]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 VuuPCConnectivity;VuuPC Connectivity;c:\program files\VuuPC\Connectivity.exe [2013-11-19 4747280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-10-15 25088]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-06-19 168704]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs        REG_MULTI_SZ          ReadyComm.DirectRouter PS_MDP
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 19:58]
.
2013-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 19:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
uDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153&q={searchTerms}
mStart Page = hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\Evi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 10.22.11.1
FF - ProfilePath - c:\users\Evi\AppData\Roaming\Mozilla\Firefox\Profiles\7giu4rtz.default\
FF - prefs.js: browser.search.selectedEngine - aartemis
FF - prefs.js: browser.startup.homepage - hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=DE&userid=227b4f00-a25f-86d6-324f-95d8bbfd1700&searchtype=ds&installDate=18/10/2013&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Rxncnt - c:\users\Evi\AppData\Roaming\Rxncnt.exe
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk - (no file)
c:\users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-CT2625848 - c:\users\Evi\AppData\Local\Conduit\CT2625848\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3050001101-202350276-4080494179-1003\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f3,f2,f9,
  63,2e,38,26,0f,85,d9,bc,f0,9f,08,0e,d5
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cd,
  04,9a,bb,ec,0e,b8,9d,b9,17,8e,6d,fa,dc
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,3b,1b,1e,c6,38,
  7c,c8,19,78,0e,97,aa,d6,9a,c6,9c,e3,17
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,3b,1b,94,f1,41,
  71,99,39,e8,0b,b3,e5,b7,22,8d,42,46,13
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,06,
  6a,c7,85,43,0a,ab,e0,97,9a,f3,9a,6a,5c
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,22,
  8c,35,1f,d0,06,93,c7,12,24,74,4b,24,d9
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,da,
  c7,72,f7,34,0f,a1,7f,df,65,c3,86,cf,b6
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"=hex:51,66,7a,6c,4c,1d,3b,1b,3d,c7,35,
  1c,c5,9a,64,07,b3,0e,a1,8d,19,98,2b,e0
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6c,d9,
  91,b1,8c,eb,0f,95,49,cc,e8,46,6a,3c,20
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,23,dc,
  ce,7d,aa,2f,0b,85,85,40,9c,2d,7b,84,50
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,26,3f,
  51,89,3a,15,0b,8d,fe,be,9b,07,76,3e,6a
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,85,9a,
  84,1a,17,b2,05,84,dc,9f,c6,69,ab,3a,a3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1324)
c:\program files\TeamViewer\Version5\tv.dll
c:\windows\system32\IcnOvrly.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TeamViewer\Version5\TeamViewer_Desktop.exe
c:\windows\system32\taskhost.exe
c:\program files\teamviewer\version5\TeamViewer.exe
c:\windows\system32\conhost.exe
c:\program files\VuuPC\RemoteEngineHelper.exe
c:\program files\VuuPC\RemoteEngineHelper.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-25  21:02:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-11-25 20:02
.
Vor Suchlauf: 20 Verzeichnis(se), 374.182.801.408 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 374.970.339.328 Bytes frei
.
- - End Of File - - 265CCF0DABAE34F4AC4D1732E3D93764
A36C5E4F47E84449FF07ED3517B43A31
P.S. Nicht wundern über die aktiven Prozesse von TeamViewer. Den verwende ich, da der betroffene Rechner aktuell nicht direkt bei mir steht.

schrauber 26.11.2013 12:25
Unsere Programme werden Dir den Teamviewer schon abschiessen ;)

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Firewolf_08 26.11.2013 13:28
Vielen Dank für den super Support!! :dankeschoen:

MBAM:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.26.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Evi :: EVI-LAPTOP [Administrator]

26.11.2013 12:38:20
mbam-log-2013-11-26 (12-38-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230297
Laufzeit: 7 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aartemis Browser Protecter (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\aartemisSoftware\aartemishp (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1K1I1U1StM0U1J -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 4
HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Aartemis.A) -> Bösartig: (hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (PUP.Optional.Aartemis) -> Bösartig: ("C:\Program Files\Mozilla Firefox\firefox.exe" hxxp://aartemis.com/?type=sc&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153) Gut: (firefox.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Aartemis) -> Bösartig: (hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Evi\AppData\Roaming\aartemis (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 5
C:\Program Files\Mozilla Firefox\searchplugins\aartemis.xml (PUP.Optional.Aartemis) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Evi\AppData\Roaming\aartemis\cor_aartemis.json (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Evi\AppData\Roaming\aartemis\aartemis.exe (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Evi\AppData\Roaming\aartemis\DataBase (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Evi\AppData\Roaming\aartemis\QQBrowserFrame.dll (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
AdwareCleaner:

Code:
# AdwCleaner v3.013 - Bericht erstellt am 26/11/2013 um 13:06:04
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Evi - EVI-LAPTOP
# Gestartet von : C:\Users\Evi\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : RemoteEngineService
Dienst Gelöscht : VuuPCConnectivity

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\VuuPC
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Evi\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Evi\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Evi\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC
Datei Gelöscht : C:\Users\Evi\AppData\Roaming\Mozilla\Firefox\Profiles\7giu4rtz.default\bProtector_extensions.rdf
Datei Gelöscht : C:\windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\windows\System32\Tasks\VuuPCUpdate
Datei Gelöscht : C:\windows\System32\Tasks\VuuPCUpdateLogin

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Evi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Evi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Evi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3186733-EB93-4D9C-9CBF-CE609A9649BA}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3186733-EB93-4D9C-9CBF-CE609A9649BA}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5117E297-D6F7-44B3-AB5E-FD47B8A0154A}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5117E297-D6F7-44B3-AB5E-FD47B8A0154A}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA26CC88-45B1-4152-99CD-C85166146FA2}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA26CC88-45B1-4152-99CD-C85166146FA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKCU\Software\532de8db538ed43
Schlüssel Gelöscht : HKLM\SOFTWARE\532de8db538ed43
Schlüssel Gelöscht : HKLM\Software\CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E44BB13-2523-468B-BF51-58D5F52A84F6}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\aartemisSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VuuPC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\Evi\AppData\Roaming\Mozilla\Firefox\Profiles\7giu4rtz.default\prefs.js ]

Zeile gelöscht : user_pref("CT2625848.1000082.isDisplayHidden", "true");
Zeile gelöscht : user_pref("CT2625848.1000082.shrinkState", "shrinked");
Zeile gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Zeile gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1", "eyJ1cGRhdGVSZXFUaW1lIjoxMzUxNzk5NzIwMzc0LCJ1cGRhdGVSZXNwVGltZSI6MTM1MTc5OTcyMzk1MCwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3[...]
Zeile gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.FirstTime", "true");
Zeile gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2625848.UserID", "UN57156742735133418");
Zeile gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Zeile gelöscht : user_pref("CT2625848.browser.search.defaultthis.engineName", true);
Zeile gelöscht : user_pref("CT2625848.defaultSearch", "true");
Zeile gelöscht : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gelöscht : user_pref("CT2625848.enableAlerts", "false");
Zeile gelöscht : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Zeile gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundError", "true");
Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.fixUrls", true);
Zeile gelöscht : user_pref("CT2625848.installId", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2625848.installType", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2625848.isNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2625848.keyword", true);
Zeile gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Zeile gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DVDVideoSoftTBDE.OurToolbar.com/\",\"E[...]
Zeile gelöscht : user_pref("CT2625848.openThankYouPage", "false");
Zeile gelöscht : user_pref("CT2625848.openUninstallPage", "true");
Zeile gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Zeile gelöscht : user_pref("CT2625848.search.searchCount", "0");
Zeile gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2625848\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTBDE.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB DE\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350983609472");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appTracking_lastUpdate", "1351247484408");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1351796201975");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350823736329");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.1.89_lastUpdate", "1351796201868");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_optimizer_lastUpdate", "1351800837001");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350823736406");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1351796202757");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1351796199678");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350823617142");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1351796208645");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1351796215081");
Zeile gelöscht : user_pref("CT2625848.settingsINI", true);
Zeile gelöscht : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Zeile gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Zeile gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2625848.smartbar.homepage", true);
Zeile gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Zeile gelöscht : user_pref("CT2625848.startPage", "userChanged");
Zeile gelöscht : user_pref("CT2625848.toolbarBornServerTime", "22-9-2012");
Zeile gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "1-11-2012");
Zeile gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1351802819825,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB DE Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://aartemis.com/newtab/?type=nt&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "aartemis");
Zeile gelöscht : user_pref("browser.search.order.1", "Delta Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "aartemis");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://aartemis.com/?type=hp&ts=1385336493&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WX80AB90615306153");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "840d141200000000000000ffb2f4b69b");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15846");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.516:35:03");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119370&tt=gc_");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "snapdosoftonicyb");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "227b4f00-a25f-86d6-324f-95d8bbfd1700");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "18/10/2013");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "snapdosoftonicyb");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=DE&userid=227b4f00-a25f-86d6-324f-95d8bbfd1700&searchtype=ds&installDate=18/10/2013&q=");

*************************

AdwCleaner[R0].txt - [17011 octets] - [26/11/2013 12:57:53]
AdwCleaner[R1].txt - [17131 octets] - [26/11/2013 13:04:42]
AdwCleaner[S0].txt - [306 octets] - [26/11/2013 13:01:11]
AdwCleaner[S1].txt - [15787 octets] - [26/11/2013 13:06:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15848 octets] ##########
JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Evi on 26.11.2013 at 13:17:28,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3050001101-202350276-4080494179-1003\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Evi\AppData\Roaming\mozilla\firefox\profiles\7giu4rtz.default\minidumps [134 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.11.2013 at 13:19:50,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01
Ran by Evi (administrator) on EVI-LAPTOP on 26-11-2013 13:22:08
Running from C:\Users\Evi\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [VeriFaceManager] - C:\Program Files\Lenovo\VeriFace\PManage.exe [3122440 2010-02-22] (Lenovo)
HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
SearchScopes: HKLM - DefaultScope value is missing.
BHO: DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.22.11.1

FireFox:
========
FF ProfilePath: C:\Users\Evi\AppData\Roaming\Mozilla\Firefox\Profiles\7giu4rtz.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft Menu - C:\Users\Evi\AppData\Roaming\Mozilla\Firefox\Profiles\7giu4rtz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

========================== Services (Whitelisted) =================

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-11-24] (SurfRight B.V.)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.0.13\diMaster.dll [262584 2011-04-01] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [820856 2012-03-02] (Symantec Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-05] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-05] (Symantec Corporation)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-02-22] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120308.001\IDSvix86.sys [368248 2012-03-06] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.002\NAVENG.SYS [86136 2011-08-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.002\NAVEX15.SYS [1576312 2011-08-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1207000.00D\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1207000.00D\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1207000.00D\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-10-15] (TeamViewer GmbH)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [168704 2009-06-19] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Evi\AppData\Local\Temp\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 13:19 - 2013-11-26 13:19 - 00000943 _____ C:\Users\Evi\Desktop\JRT.txt
2013-11-26 13:17 - 2013-11-26 13:17 - 00000000 ____D C:\windows\ERUNT
2013-11-26 13:15 - 2013-11-26 13:16 - 01034531 _____ (Thisisu) C:\Users\Evi\Desktop\JRT.exe
2013-11-26 13:11 - 2013-11-26 13:11 - 00015929 _____ C:\Users\Evi\Desktop\AdwCleaner[S1].txt
2013-11-26 13:03 - 2013-11-26 13:01 - 00000306 _____ C:\Users\Evi\Desktop\AdwCleaner[S0].txt
2013-11-26 13:03 - 2013-11-26 12:58 - 00017011 _____ C:\Users\Evi\Desktop\AdwCleaner[R0].txt
2013-11-26 12:57 - 2013-11-26 13:06 - 00000000 ____D C:\AdwCleaner
2013-11-26 12:55 - 2013-11-26 12:56 - 01091882 _____ C:\Users\Evi\Desktop\adwcleaner.exe
2013-11-26 09:41 - 2013-11-26 09:42 - 01091605 _____ (Farbar) C:\Users\Evi\Desktop\FRST.exe
2013-11-25 21:11 - 2013-11-25 21:11 - 00000000 ____D C:\Users\Evi\AppData\Local\Symantec
2013-11-25 21:02 - 2013-11-25 21:02 - 00020523 _____ C:\ComboFix.txt
2013-11-25 20:46 - 2013-11-25 21:02 - 00000000 ____D C:\Qoobox
2013-11-25 20:46 - 2013-11-25 21:01 - 00000000 ____D C:\windows\erdnt
2013-11-25 20:46 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-25 20:46 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-25 20:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-25 09:32 - 2013-11-25 09:36 - 05149261 ____R (Swearware) C:\Users\Evi\Desktop\ComboFix.exe
2013-11-25 00:49 - 2013-11-25 00:50 - 00017660 _____ C:\Users\Evi\Desktop\Addition.txt
2013-11-25 00:46 - 2013-11-26 13:22 - 00014331 _____ C:\Users\Evi\Desktop\FRST.txt
2013-11-25 00:46 - 2013-11-25 00:46 - 00000000 ____D C:\FRST
2013-11-25 00:45 - 2013-11-25 00:45 - 00000000 ____D C:\Users\Evi\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2013-11-25 00:44 - 2013-11-25 00:44 - 00001103 _____ C:\Users\Evi\Desktop\Continue AnyProtect Installation.lnk
2013-11-25 00:42 - 2013-11-25 00:42 - 00001120 _____ C:\Users\Evi\Desktop\My VuuPC.lnk
2013-11-25 00:20 - 2013-10-08 07:51 - 00873384 _____ (Oracle Corporation) C:\windows\system32\npdeployJava1.dll
2013-11-25 00:20 - 2013-10-08 07:51 - 00796072 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-11-24 22:46 - 2013-11-24 22:46 - 00014126 _____ C:\Users\Evi\Desktop\HitmanPro_20131124_2245.log
2013-11-24 22:18 - 2013-11-24 22:18 - 00044588 _____ C:\Users\Evi\Desktop\HitmanPro_20131124_2218.log
2013-11-24 22:18 - 2013-11-24 22:18 - 00002192 _____ C:\windows\system32\.crusader
2013-11-24 22:03 - 2013-11-24 22:03 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-24 22:03 - 2013-11-24 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-24 21:51 - 2013-11-24 22:19 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-24 21:28 - 2013-11-24 21:28 - 00002021 _____ C:\Users\Evi\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-11-24 21:28 - 2013-11-24 21:28 - 00001965 _____ C:\Users\Evi\Desktop\Avira EU-Cleaner.lnk
2013-11-24 21:23 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2013-11-24 21:23 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2013-11-24 21:23 - 2012-08-23 15:40 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2013-11-24 21:23 - 2012-08-23 15:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-24 21:23 - 2012-08-23 15:10 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-24 21:23 - 2012-08-23 14:52 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2013-11-24 21:23 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2013-11-24 21:23 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2013-11-24 21:23 - 2012-08-23 14:32 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2013-11-24 21:23 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2013-11-24 21:23 - 2012-08-23 12:40 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2013-11-24 21:23 - 2012-08-23 12:32 - 00317440 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2013-11-24 21:23 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2013-11-24 21:23 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2013-11-24 21:23 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2013-11-24 21:23 - 2012-08-23 11:08 - 02739712 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2013-11-24 21:23 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 02166272 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01818112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01156608 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-24 21:19 - 2013-11-24 21:19 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-24 21:19 - 2013-11-24 21:19 - 00244736 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-24 21:19 - 2013-11-24 21:19 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-24 21:18 - 2013-11-24 21:19 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 17142784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 11220992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 04240384 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-24 21:18 - 2013-11-24 21:18 - 01926656 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-24 21:18 - 2013-11-24 21:18 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00238288 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-24 21:17 - 2013-11-24 21:22 - 00010128 _____ C:\windows\IE11_main.log
2013-11-24 20:39 - 2013-11-24 20:39 - 00001137 _____ C:\Users\Evi\Desktop\Diagnose & Fix.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00001123 _____ C:\Users\Evi\Desktop\ScanSpyware.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Program Files\ScanSpyware
2013-11-24 20:39 - 2008-09-07 17:22 - 00008704 _____ (ScanSpyware.net) C:\windows\system32\ssbtsr.exe
2013-11-24 20:25 - 2013-11-24 20:25 - 02209056 _____ C:\Users\Evi\Desktop\avira-eu-cleaner_de.exe
2013-11-24 16:54 - 2013-11-24 16:54 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-24 16:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-24 16:37 - 2013-11-24 16:37 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 16:36 - 2013-11-24 16:36 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-24 16:36 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-11-24 16:36 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-24 16:36 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-24 16:36 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-24 16:35 - 2013-11-24 16:36 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-11-24 16:25 - 2013-11-26 13:06 - 00001037 _____ C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-17 16:59 - 2013-11-17 17:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 19:46 - 2013-11-13 19:46 - 00000000 ____D C:\dec971f0e103bc8b257a941e970667
2013-11-13 17:43 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-13 17:43 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 17:43 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-13 17:43 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:43 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 17:43 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 17:43 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 17:43 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:43 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 17:43 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 17:43 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 17:43 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 17:43 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 17:43 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 17:43 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 17:43 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 17:43 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-13 17:42 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-12 18:11 - 2013-11-12 18:11 - 00576066 _____ C:\Users\Evi\Desktop\Thumbnails.db

==================== One Month Modified Files and Folders =======

2013-11-26 13:22 - 2013-11-25 00:46 - 00014331 _____ C:\Users\Evi\Desktop\FRST.txt
2013-11-26 13:19 - 2013-11-26 13:19 - 00000943 _____ C:\Users\Evi\Desktop\JRT.txt
2013-11-26 13:17 - 2013-11-26 13:17 - 00000000 ____D C:\windows\ERUNT
2013-11-26 13:16 - 2013-11-26 13:15 - 01034531 _____ (Thisisu) C:\Users\Evi\Desktop\JRT.exe
2013-11-26 13:15 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 13:15 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 13:14 - 2010-01-18 18:03 - 01631806 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-26 13:11 - 2013-11-26 13:11 - 00015929 _____ C:\Users\Evi\Desktop\AdwCleaner[S1].txt
2013-11-26 13:09 - 2012-12-22 14:54 - 02360298 _____ C:\FaceProv.log
2013-11-26 13:09 - 2010-12-24 20:58 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 13:09 - 2010-02-22 09:39 - 00000000 ____D C:\ProgramData\VeriFace
2013-11-26 13:08 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-26 13:08 - 2009-07-14 05:39 - 00206813 _____ C:\windows\setupact.log
2013-11-26 13:07 - 2010-02-22 09:31 - 01378051 _____ C:\windows\WindowsUpdate.log
2013-11-26 13:06 - 2013-11-26 12:57 - 00000000 ____D C:\AdwCleaner
2013-11-26 13:06 - 2013-11-24 16:25 - 00001037 _____ C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-26 13:06 - 2010-10-26 20:42 - 00001007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-26 13:06 - 2010-10-26 19:56 - 00001144 _____ C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 13:01 - 2013-11-26 13:03 - 00000306 _____ C:\Users\Evi\Desktop\AdwCleaner[S0].txt
2013-11-26 13:01 - 2011-10-02 17:05 - 00000000 ____D C:\Users\Evi\AppData\Local\CrashDumps
2013-11-26 12:58 - 2013-11-26 13:03 - 00017011 _____ C:\Users\Evi\Desktop\AdwCleaner[R0].txt
2013-11-26 12:56 - 2013-11-26 12:55 - 01091882 _____ C:\Users\Evi\Desktop\adwcleaner.exe
2013-11-26 12:50 - 2010-01-18 18:12 - 00887226 _____ C:\windows\PFRO.log
2013-11-26 12:28 - 2010-12-24 20:58 - 00001092 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 09:42 - 2013-11-26 09:41 - 01091605 _____ (Farbar) C:\Users\Evi\Desktop\FRST.exe
2013-11-25 21:11 - 2013-11-25 21:11 - 00000000 ____D C:\Users\Evi\AppData\Local\Symantec
2013-11-25 21:02 - 2013-11-25 21:02 - 00020523 _____ C:\ComboFix.txt
2013-11-25 21:02 - 2013-11-25 20:46 - 00000000 ____D C:\Qoobox
2013-11-25 21:02 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-11-25 21:01 - 2013-11-25 20:46 - 00000000 ____D C:\windows\erdnt
2013-11-25 20:57 - 2009-07-14 03:04 - 00000215 _____ C:\windows\system.ini
2013-11-25 09:36 - 2013-11-25 09:32 - 05149261 ____R (Swearware) C:\Users\Evi\Desktop\ComboFix.exe
2013-11-25 01:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-11-25 00:50 - 2013-11-25 00:49 - 00017660 _____ C:\Users\Evi\Desktop\Addition.txt
2013-11-25 00:46 - 2013-11-25 00:46 - 00000000 ____D C:\FRST
2013-11-25 00:45 - 2013-11-25 00:45 - 00000000 ____D C:\Users\Evi\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2013-11-25 00:44 - 2013-11-25 00:44 - 00001103 _____ C:\Users\Evi\Desktop\Continue AnyProtect Installation.lnk
2013-11-25 00:42 - 2013-11-25 00:42 - 00001120 _____ C:\Users\Evi\Desktop\My VuuPC.lnk
2013-11-25 00:21 - 2012-05-21 20:28 - 00000000 ____D C:\Program Files\Java
2013-11-24 23:11 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF
2013-11-24 22:46 - 2013-11-24 22:46 - 00014126 _____ C:\Users\Evi\Desktop\HitmanPro_20131124_2245.log
2013-11-24 22:28 - 2010-01-19 01:37 - 00000000 ____D C:\windows\system32\Drivers\de-DE
2013-11-24 22:28 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-11-24 22:19 - 2013-11-24 21:51 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-24 22:18 - 2013-11-24 22:18 - 00044588 _____ C:\Users\Evi\Desktop\HitmanPro_20131124_2218.log
2013-11-24 22:18 - 2013-11-24 22:18 - 00002192 _____ C:\windows\system32\.crusader
2013-11-24 22:03 - 2013-11-24 22:03 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-24 22:03 - 2013-11-24 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-24 21:28 - 2013-11-24 21:28 - 00002021 _____ C:\Users\Evi\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-11-24 21:28 - 2013-11-24 21:28 - 00001965 _____ C:\Users\Evi\Desktop\Avira EU-Cleaner.lnk
2013-11-24 21:22 - 2013-11-24 21:17 - 00010128 _____ C:\windows\IE11_main.log
2013-11-24 21:19 - 2013-11-24 21:19 - 02166272 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01818112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01156608 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-24 21:19 - 2013-11-24 21:19 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-24 21:19 - 2013-11-24 21:19 - 00244736 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-24 21:19 - 2013-11-24 21:19 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-24 21:19 - 2013-11-24 21:18 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 17142784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 11220992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 04240384 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-24 21:18 - 2013-11-24 21:18 - 01926656 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-24 21:18 - 2013-11-24 21:18 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00238288 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-24 20:39 - 2013-11-24 20:39 - 00001137 _____ C:\Users\Evi\Desktop\Diagnose & Fix.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00001123 _____ C:\Users\Evi\Desktop\ScanSpyware.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Program Files\ScanSpyware
2013-11-24 20:25 - 2013-11-24 20:25 - 02209056 _____ C:\Users\Evi\Desktop\avira-eu-cleaner_de.exe
2013-11-24 19:42 - 2009-07-14 03:37 - 00000000 ____D C:\windows\SchCache
2013-11-24 19:38 - 2006-04-08 20:16 - 00000000 _RSHD C:\Users\Evi\AppData\Roaming\GooglePlugin
2013-11-24 16:59 - 2010-10-28 20:22 - 00000000 ____D C:\Users\Evi\AppData\Roaming\TeamViewer
2013-11-24 16:54 - 2013-11-24 16:54 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-24 16:37 - 2013-11-24 16:37 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 16:36 - 2013-11-24 16:36 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-24 16:36 - 2013-11-24 16:35 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-11-24 16:34 - 2013-07-29 18:30 - 00000112 _____ C:\Users\Evi\AppData\Roaming\WB.CFG
2013-11-24 16:34 - 2013-06-16 09:30 - 00000006 _____ C:\Users\Evi\AppData\Roaming\WBPU-TTL.DAT
2013-11-19 13:41 - 2012-09-04 16:43 - 00001912 _____ C:\windows\epplauncher.mif
2013-11-19 13:40 - 2012-09-04 16:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 13:36 - 2010-10-28 20:00 - 00000000 ____D C:\Users\Evi\Desktop\songs
2013-11-19 11:21 - 2010-10-27 21:50 - 00230048 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-19 10:57 - 2012-06-20 17:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-17 17:00 - 2013-11-17 16:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 19:46 - 2013-11-13 19:46 - 00000000 ____D C:\dec971f0e103bc8b257a941e970667
2013-11-13 19:46 - 2013-08-22 15:12 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 19:46 - 2010-11-15 10:57 - 80340640 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-12 18:11 - 2013-11-12 18:11 - 00576066 _____ C:\Users\Evi\Desktop\Thumbnails.db
2013-11-11 18:34 - 2009-07-14 05:53 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-08 16:00 - 2012-11-21 19:27 - 00020480 ____H C:\Users\Evi\Desktop\photothumb.db
2013-11-04 20:11 - 2012-04-12 18:33 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Intelli-studio

Some content of TEMP:
====================
C:\Users\Evi\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-24 16:08

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 27.11.2013 09:01

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Firewolf_08 29.11.2013 10:15
Vielen Dank schon mal. Der Rechner läuft jetzt auch schon wieder merklich schneller.
Die beiden Programme werde ich evtl. erst Anfang nächster Woche ausführen können, wenn ich die Wechseldatenträger wieder anschließen kann. Das kann Teamviewer leider noch nicht. ;-)

Hatte gestern doch geklappt, ich kam dann blos nicht mehr aus der Ferne drauf, lag aber am Router.

ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4e4fc16cb4dee74993e153489c289e22
# engine=16057
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-28 10:36:02
# local_time=2013-11-28 11:36:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777214 85 82 48012538 89527768 0 0
# compatibility_mode=5893 16776574 100 94 11987884 137266153 0 0
# scanned=84762
# found=1
# cleaned=0
# scan_time=3962
sh=B2EEBF6F913D3D3286E21FF8B7A963BFE960558C ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.Delf.AE application" ac=I fn="C:\Users\Evi\Desktop\evii\3vi\cdscherz.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4e4fc16cb4dee74993e153489c289e22
# engine=16057
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-28 11:49:41
# local_time=2013-11-28 12:49:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777214 85 82 48016957 89532187 0 0
# compatibility_mode=5893 16776574 100 94 11992303 137270572 0 0
# scanned=164351
# found=4
# cleaned=0
# scan_time=4240
sh=B2EEBF6F913D3D3286E21FF8B7A963BFE960558C ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.Delf.AE application" ac=I fn="C:\Users\Evi\Desktop\evii\3vi\cdscherz.zip"
sh=B2EEBF6F913D3D3286E21FF8B7A963BFE960558C ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.Delf.AE application" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-3050001101-202350276-4080494179-1003\$RG1BJOL\3vi\cdscherz.zip"
sh=B2EEBF6F913D3D3286E21FF8B7A963BFE960558C ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.Delf.AE application" ac=I fn="F:\evii\3vi\cdscherz.zip"
sh=948062C019DCFBBBBB9605F74337CC23B6EE1BB6 ft=1 fh=77fba84b0fb20ccb vn="Win32/Dorkbot.B worm" ac=I fn="F:\RECYCLER\13adef91.exe"
SecurityCheck:

Code:
Results of screen317's Security Check version 0.99.76 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
Norton Internet Security Online 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 ScanSpyware 3.9.2.2   
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 45 
 Adobe Flash Player        11.7.700.202 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-11-2013
Ran by Evi (administrator) on EVI-LAPTOP on 29-11-2013 10:03:06
Running from C:\Users\Evi\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [VeriFaceManager] - C:\Program Files\Lenovo\VeriFace\PManage.exe [3122440 2010-02-22] (Lenovo)
HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
SearchScopes: HKLM - DefaultScope value is missing.
BHO: DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Evi\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.22.11.1

FireFox:
========
FF ProfilePath: C:\Users\Evi\AppData\Roaming\Mozilla\Firefox\Profiles\7giu4rtz.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft Menu - C:\Users\Evi\AppData\Roaming\Mozilla\Firefox\Profiles\7giu4rtz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

========================== Services (Whitelisted) =================

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-11-24] (SurfRight B.V.)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.0.13\diMaster.dll [262584 2011-04-01] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [820856 2012-03-02] (Symantec Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-05] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-05] (Symantec Corporation)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-02-22] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120308.001\IDSvix86.sys [368248 2012-03-06] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.002\NAVENG.SYS [86136 2011-08-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120309.002\NAVEX15.SYS [1576312 2011-08-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1207000.00D\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1207000.00D\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1207000.00D\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-10-15] (TeamViewer GmbH)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [168704 2009-06-19] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Evi\AppData\Local\Temp\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-29 10:03 - 2013-11-29 10:03 - 00014275 _____ C:\Users\Evi\Desktop\FRST.txt
2013-11-29 10:02 - 2013-11-29 10:02 - 01092049 _____ (Farbar) C:\Users\Evi\Desktop\FRST.exe
2013-11-29 10:01 - 2013-11-29 10:01 - 00000962 _____ C:\Users\Evi\Desktop\checkup 29.11..txt
2013-11-28 10:22 - 2013-11-28 10:22 - 00000000 ____D C:\Program Files\ESET
2013-11-27 10:40 - 2013-11-27 10:40 - 00891184 _____ C:\Users\Evi\Desktop\SecurityCheck.exe
2013-11-26 13:17 - 2013-11-26 13:17 - 00000000 ____D C:\windows\ERUNT
2013-11-26 13:15 - 2013-11-26 13:16 - 01034531 _____ (Thisisu) C:\Users\Evi\Desktop\JRT.exe
2013-11-26 12:57 - 2013-11-26 13:06 - 00000000 ____D C:\AdwCleaner
2013-11-26 12:55 - 2013-11-26 12:56 - 01091882 _____ C:\Users\Evi\Desktop\adwcleaner.exe
2013-11-25 21:11 - 2013-11-25 21:11 - 00000000 ____D C:\Users\Evi\AppData\Local\Symantec
2013-11-25 21:02 - 2013-11-25 21:02 - 00020523 _____ C:\ComboFix.txt
2013-11-25 20:46 - 2013-11-25 21:02 - 00000000 ____D C:\Qoobox
2013-11-25 20:46 - 2013-11-25 21:01 - 00000000 ____D C:\windows\erdnt
2013-11-25 20:46 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-25 20:46 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-25 20:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-25 20:46 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-25 09:32 - 2013-11-25 09:36 - 05149261 ____R (Swearware) C:\Users\Evi\Desktop\ComboFix.exe
2013-11-25 00:46 - 2013-11-25 00:46 - 00000000 ____D C:\FRST
2013-11-25 00:44 - 2013-11-25 00:44 - 00001103 _____ C:\Users\Evi\Desktop\Continue AnyProtect Installation.lnk
2013-11-25 00:20 - 2013-10-08 07:51 - 00873384 _____ (Oracle Corporation) C:\windows\system32\npdeployJava1.dll
2013-11-25 00:20 - 2013-10-08 07:51 - 00796072 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-11-24 22:18 - 2013-11-24 22:18 - 00002192 _____ C:\windows\system32\.crusader
2013-11-24 22:03 - 2013-11-24 22:03 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-24 22:03 - 2013-11-24 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-24 21:51 - 2013-11-24 22:19 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-24 21:28 - 2013-11-24 21:28 - 00002021 _____ C:\Users\Evi\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-11-24 21:28 - 2013-11-24 21:28 - 00001965 _____ C:\Users\Evi\Desktop\Avira EU-Cleaner.lnk
2013-11-24 21:23 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2013-11-24 21:23 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2013-11-24 21:23 - 2012-08-23 15:40 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2013-11-24 21:23 - 2012-08-23 15:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-24 21:23 - 2012-08-23 15:10 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-24 21:23 - 2012-08-23 14:52 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2013-11-24 21:23 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2013-11-24 21:23 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2013-11-24 21:23 - 2012-08-23 14:32 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2013-11-24 21:23 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2013-11-24 21:23 - 2012-08-23 12:40 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2013-11-24 21:23 - 2012-08-23 12:32 - 00317440 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2013-11-24 21:23 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2013-11-24 21:23 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2013-11-24 21:23 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2013-11-24 21:23 - 2012-08-23 11:08 - 02739712 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2013-11-24 21:23 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 02166272 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01818112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01156608 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-24 21:19 - 2013-11-24 21:19 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-24 21:19 - 2013-11-24 21:19 - 00244736 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-24 21:19 - 2013-11-24 21:19 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-24 21:18 - 2013-11-24 21:19 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 17142784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 11220992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 04240384 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-24 21:18 - 2013-11-24 21:18 - 01926656 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-24 21:18 - 2013-11-24 21:18 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00238288 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-24 21:17 - 2013-11-24 21:22 - 00010128 _____ C:\windows\IE11_main.log
2013-11-24 20:39 - 2013-11-24 20:39 - 00001137 _____ C:\Users\Evi\Desktop\Diagnose & Fix.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00001123 _____ C:\Users\Evi\Desktop\ScanSpyware.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Program Files\ScanSpyware
2013-11-24 20:39 - 2008-09-07 17:22 - 00008704 _____ (ScanSpyware.net) C:\windows\system32\ssbtsr.exe
2013-11-24 20:25 - 2013-11-24 20:25 - 02209056 _____ C:\Users\Evi\Desktop\avira-eu-cleaner_de.exe
2013-11-24 16:54 - 2013-11-24 16:54 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-24 16:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-24 16:37 - 2013-11-24 16:37 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 16:36 - 2013-11-24 16:36 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-24 16:36 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-11-24 16:36 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-11-24 16:36 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-11-24 16:36 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-11-24 16:35 - 2013-11-24 16:36 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-11-24 16:25 - 2013-11-26 13:06 - 00001037 _____ C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-17 16:59 - 2013-11-17 17:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 19:46 - 2013-11-13 19:46 - 00000000 ____D C:\dec971f0e103bc8b257a941e970667
2013-11-13 17:43 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-13 17:43 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 17:43 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-13 17:43 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:43 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 17:43 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 17:43 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 17:43 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:43 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 17:43 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 17:43 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 17:43 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 17:43 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 17:43 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 17:43 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 17:43 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 17:43 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-13 17:42 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll

==================== One Month Modified Files and Folders =======

2013-11-29 10:03 - 2013-11-29 10:03 - 00014275 _____ C:\Users\Evi\Desktop\FRST.txt
2013-11-29 10:02 - 2013-11-29 10:02 - 01092049 _____ (Farbar) C:\Users\Evi\Desktop\FRST.exe
2013-11-29 10:01 - 2013-11-29 10:01 - 00000962 _____ C:\Users\Evi\Desktop\checkup 29.11..txt
2013-11-29 09:57 - 2010-02-22 09:31 - 01705524 _____ C:\windows\WindowsUpdate.log
2013-11-29 09:51 - 2010-01-18 18:03 - 01631806 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-29 09:51 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 09:51 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 09:44 - 2012-12-22 14:54 - 02382865 _____ C:\FaceProv.log
2013-11-29 09:44 - 2010-12-24 20:58 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-29 09:44 - 2010-02-22 09:39 - 00000000 ____D C:\ProgramData\VeriFace
2013-11-29 09:43 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-29 09:43 - 2009-07-14 05:39 - 00207037 _____ C:\windows\setupact.log
2013-11-29 09:40 - 2011-10-02 17:05 - 00000000 ____D C:\Users\Evi\AppData\Local\CrashDumps
2013-11-29 09:37 - 2010-10-28 20:22 - 00000000 ____D C:\Users\Evi\AppData\Roaming\TeamViewer
2013-11-29 09:35 - 2010-12-24 20:58 - 00001092 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-28 10:22 - 2013-11-28 10:22 - 00000000 ____D C:\Program Files\ESET
2013-11-27 10:40 - 2013-11-27 10:40 - 00891184 _____ C:\Users\Evi\Desktop\SecurityCheck.exe
2013-11-27 00:32 - 2011-10-11 20:23 - 00000000 ____D C:\Users\Evi\Desktop\sturm&drang
2013-11-26 13:17 - 2013-11-26 13:17 - 00000000 ____D C:\windows\ERUNT
2013-11-26 13:16 - 2013-11-26 13:15 - 01034531 _____ (Thisisu) C:\Users\Evi\Desktop\JRT.exe
2013-11-26 13:06 - 2013-11-26 12:57 - 00000000 ____D C:\AdwCleaner
2013-11-26 13:06 - 2013-11-24 16:25 - 00001037 _____ C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-26 13:06 - 2010-10-26 20:42 - 00001007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-26 13:06 - 2010-10-26 19:56 - 00001144 _____ C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 12:56 - 2013-11-26 12:55 - 01091882 _____ C:\Users\Evi\Desktop\adwcleaner.exe
2013-11-26 12:50 - 2010-01-18 18:12 - 00887226 _____ C:\windows\PFRO.log
2013-11-25 21:11 - 2013-11-25 21:11 - 00000000 ____D C:\Users\Evi\AppData\Local\Symantec
2013-11-25 21:02 - 2013-11-25 21:02 - 00020523 _____ C:\ComboFix.txt
2013-11-25 21:02 - 2013-11-25 20:46 - 00000000 ____D C:\Qoobox
2013-11-25 21:02 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-11-25 21:01 - 2013-11-25 20:46 - 00000000 ____D C:\windows\erdnt
2013-11-25 20:57 - 2009-07-14 03:04 - 00000215 _____ C:\windows\system.ini
2013-11-25 09:36 - 2013-11-25 09:32 - 05149261 ____R (Swearware) C:\Users\Evi\Desktop\ComboFix.exe
2013-11-25 01:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-11-25 00:46 - 2013-11-25 00:46 - 00000000 ____D C:\FRST
2013-11-25 00:44 - 2013-11-25 00:44 - 00001103 _____ C:\Users\Evi\Desktop\Continue AnyProtect Installation.lnk
2013-11-25 00:21 - 2012-05-21 20:28 - 00000000 ____D C:\Program Files\Java
2013-11-24 23:11 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF
2013-11-24 22:28 - 2010-01-19 01:37 - 00000000 ____D C:\windows\system32\Drivers\de-DE
2013-11-24 22:28 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-11-24 22:19 - 2013-11-24 21:51 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-24 22:18 - 2013-11-24 22:18 - 00002192 _____ C:\windows\system32\.crusader
2013-11-24 22:03 - 2013-11-24 22:03 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-24 22:03 - 2013-11-24 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-24 21:28 - 2013-11-24 21:28 - 00002021 _____ C:\Users\Evi\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-11-24 21:28 - 2013-11-24 21:28 - 00001965 _____ C:\Users\Evi\Desktop\Avira EU-Cleaner.lnk
2013-11-24 21:22 - 2013-11-24 21:17 - 00010128 _____ C:\windows\IE11_main.log
2013-11-24 21:19 - 2013-11-24 21:19 - 02166272 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01818112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 01156608 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-24 21:19 - 2013-11-24 21:19 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-24 21:19 - 2013-11-24 21:19 - 00244736 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-24 21:19 - 2013-11-24 21:19 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-24 21:19 - 2013-11-24 21:19 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-24 21:19 - 2013-11-24 21:19 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-24 21:19 - 2013-11-24 21:18 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 17142784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 11220992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 04240384 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-24 21:18 - 2013-11-24 21:18 - 01926656 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-24 21:18 - 2013-11-24 21:18 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00238288 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-24 21:18 - 2013-11-24 21:18 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-24 21:18 - 2013-11-24 21:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-24 20:39 - 2013-11-24 20:39 - 00001137 _____ C:\Users\Evi\Desktop\Diagnose & Fix.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00001123 _____ C:\Users\Evi\Desktop\ScanSpyware.lnk
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScanSpyware
2013-11-24 20:39 - 2013-11-24 20:39 - 00000000 ____D C:\Program Files\ScanSpyware
2013-11-24 20:25 - 2013-11-24 20:25 - 02209056 _____ C:\Users\Evi\Desktop\avira-eu-cleaner_de.exe
2013-11-24 19:42 - 2009-07-14 03:37 - 00000000 ____D C:\windows\SchCache
2013-11-24 19:38 - 2006-04-08 20:16 - 00000000 _RSHD C:\Users\Evi\AppData\Roaming\GooglePlugin
2013-11-24 16:54 - 2013-11-24 16:54 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 16:54 - 2013-11-24 16:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-24 16:37 - 2013-11-24 16:37 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 16:36 - 2013-11-24 16:36 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-24 16:36 - 2013-11-24 16:35 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-11-24 16:34 - 2013-07-29 18:30 - 00000112 _____ C:\Users\Evi\AppData\Roaming\WB.CFG
2013-11-24 16:34 - 2013-06-16 09:30 - 00000006 _____ C:\Users\Evi\AppData\Roaming\WBPU-TTL.DAT
2013-11-19 13:41 - 2012-09-04 16:43 - 00001912 _____ C:\windows\epplauncher.mif
2013-11-19 13:40 - 2012-09-04 16:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 13:36 - 2010-10-28 20:00 - 00000000 ____D C:\Users\Evi\Desktop\songs
2013-11-19 11:21 - 2010-10-27 21:50 - 00230048 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-19 10:57 - 2012-06-20 17:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-17 17:00 - 2013-11-17 16:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 19:46 - 2013-11-13 19:46 - 00000000 ____D C:\dec971f0e103bc8b257a941e970667
2013-11-13 19:46 - 2013-08-22 15:12 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 19:46 - 2010-11-15 10:57 - 80340640 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-11 18:34 - 2009-07-14 05:53 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-08 16:00 - 2012-11-21 19:27 - 00020480 ____H C:\Users\Evi\Desktop\photothumb.db
2013-11-04 20:11 - 2012-04-12 18:33 - 00000000 ____D C:\Users\Evi\AppData\Roaming\Intelli-studio

Some content of TEMP:
====================
C:\Users\Evi\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-24 16:08

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Unter Systemsteuerung Programme sehe ich noch Einträge, die vermutlich besser nicht drauf sein sollten!? Hilft hier einfach deinstallieren?

Screenshot:
hxxp://250kb.de/u/131129/j/fuYn9n1SZqBs.jpg
(Die obersten 3 Zeilen)


:dankeschoen:

schrauber 30.11.2013 13:53
Deinstallieren, dann bitte mitteilen ob es geklappt hat. Die Funde von ESET manuell löschen.

Firewolf_08 01.12.2013 01:51
Hallo,
die ESET Funde auf C habe ich erfolgreich gelöscht.
Die Funde auf der ext. Festplatte F muss ich noch löschen wenn ich direkt am Rechner bin und diese wieder anschließen kann.

VuUPC ist auch erfolgreich deinstalliert.

SnapDo lässt sich allerdings nicht deinstallieren. Fehlermeldung siehe Screenshot:
hxxp://250kb.de/u/131201/j/fnDs4UTmSiMG.jpg

Und bei SnapDo Engine passiert gar nichts beim Klick auf "Deinstallieren / Ändern".

schrauber 01.12.2013 16:11
Revo Uninstaller - Download - Filepony

Versuch es damit, auch gleich die Reste entfernen lassen, dan bitte ein frisches FRST log.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131