Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Iminent - richtig enfernt? (https://www.trojaner-board.de/152822-iminent-richtig-enfernt.html)

shorstkemper 21.04.2014 17:39
Iminent - richtig enfernt?
 
Hallo zusammen,


ich sitze hier gerade vor einem Laptop, der womöglich Opfer eines Trojaners geworden ist.
Durch eine Anleitung von dieser Seite und dem durchlaufen mehrer Programme habe ich nun 4 Textdateien. Kann mir einer von euch sagen, ob die Gefahr behoben ist?


AdwCleaner

Code:
# AdwCleaner v3.102 - Bericht erstellt am 21/04/2014 um 18:00:57
# Aktualisiert 21/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Elena - ELENA-PC
# Gestartet von : C:\Users\Elena\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : Level Quality Watcher
Dienst Gelöscht : SProtection

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\Level Quality Watcher
Ordner Gelöscht : C:\Program Files\melondrea
Ordner Gelöscht : C:\Program Files\Common Files\Umbrella
Ordner Gelöscht : C:\Users\Elena\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\Elena\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Elena\AppData\Local\Temp\Uninstall.exe

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IminentMessenger
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Bull
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\Software\Savings Bull
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Umbrella

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3481 octets] - [21/04/2014 17:58:53]
AdwCleaner[S0].txt - [3356 octets] - [21/04/2014 18:00:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3416 octets] ##########
Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-04-2014 01
Ran by Elena at 2014-04-21 18:10:01
Running from C:\Users\Elena\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MG3100 series Benutzerregistrierung (HKLM\...\Canon MG3100 series Benutzerregistrierung) (Version:  - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Canon MG3100 series On-screen Manual (HKLM\...\Canon MG3100 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version:  - SEIKO EPSON Corporation)
ETDWare PS/2-X86 10.6.12.4_WHQL (HKLM\...\Elantech) (Version: 10.6.12.4 - ELAN Microelectronic Corp.)
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Python 3.4.0 (HKLM\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.0.0 - Synaptics Incorporated)

==================== Restore Points  =========================

21-04-2014 14:58:21 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1FAF8D77-4E86-48C9-BE09-0DAC3B7574FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-22] (Google Inc.)
Task: {2B417912-C260-4E0D-98A8-64418E30F18D} - System32\Tasks\{3DEDA336-DA01-4FBF-BE78-A272AF5AC205} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsProgressBar
Task: {3E85E4B4-72D2-4730-961D-CA92BA98EF93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-22] (Google Inc.)
Task: {59DFB0AE-453D-41DD-9F32-E7275D6E040F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {68CFA69D-C492-4A7D-BED7-639DBFCFD025} - System32\Tasks\{FE139E63-B7C8-4966-ACDB-A80918614E02} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsProgressBar
Task: {9D8E5202-F89B-43EC-A5D9-605F205479C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A5FE7123-BC69-429E-BB76-74882A24D42B} - System32\Tasks\{FAEFA0DE-91C4-44EB-828E-E3EB74F19C01} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-21 13:52 - 2013-06-21 13:52 - 00024064 _____ () C:\Windows\System32\sst7clm.dll
2013-03-24 17:34 - 2013-03-24 17:28 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-27 13:54 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-03-22 18:39 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-04-09 12:40 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 12:40 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 12:40 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 12:40 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 12:40 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 12:40 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-09 12:40 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Elena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EPSON1E1205 (Epson Stylus SX440) => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHBE.EXE /FU "C:\Users\Elena\AppData\Local\Temp\E_SF67E.tmp" /EF "HKCU"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Elena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: netfilter
Description: netfilter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: netfilter
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2014 06:04:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 05:58:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 11:19:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18643

Error: (04/19/2014 11:19:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18643

Error: (04/19/2014 11:19:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/19/2014 11:19:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17644

Error: (04/19/2014 11:19:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17644

Error: (04/19/2014 11:19:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/19/2014 11:19:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16630

Error: (04/19/2014 11:19:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16630


System errors:
=============
Error: (04/21/2014 06:04:05 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter

Error: (04/21/2014 06:04:04 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/21/2014 06:03:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinkHandler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/21/2014 06:03:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update melondrea" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/21/2014 05:58:30 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/21/2014 05:58:23 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter

Error: (04/19/2014 02:42:40 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/19/2014 02:42:24 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter

Error: (04/19/2014 02:39:21 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/19/2014 02:39:03 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter


Microsoft Office Sessions:
=========================
Error: (04/21/2014 06:04:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 05:58:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 11:19:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18643

Error: (04/19/2014 11:19:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18643

Error: (04/19/2014 11:19:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/19/2014 11:19:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17644

Error: (04/19/2014 11:19:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17644

Error: (04/19/2014 11:19:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/19/2014 11:19:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16630

Error: (04/19/2014 11:19:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16630


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 1878.36 MB
Available physical RAM: 767.16 MB
Total Pagefile: 3756.72 MB
Available Pagefile: 2296.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.2 GB) (Free:0.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:268.79 GB) (Free:95.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1284D002)
Partition 1: (Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=269 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2014 01
Ran by Elena (administrator) on ELENA-PC on 21-04-2014 18:08:58
Running from C:\Users\Elena\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
(Atheros) C:\Program Files\Atheros\Ath_WlanAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2195248 2012-04-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3193947046-1248806982-583716356-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3193947046-1248806982-583716356-1000\...\MountPoints2: {5b8b3e29-ab30-11e2-9b53-083e8e29ef18} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3193947046-1248806982-583716356-1000\...\MountPoints2: {a43c548f-9344-11e2-8108-91727c15fe93} - F:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD26E33D22E27CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.iminent.com/?appId=4C0B0799-AA79-4745-B802-33CDE9C8AAE6&ref=toolbox&q={searchTerms}
BHO: melondrea - {16f059cb-3d3f-4ecc-b426-bafa47233676} - C:\Program Files\melondrea\melondreabho.dll No File
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.ulb.uni-muenster.de/", "https://dl.dropbox.com/u/5988397/Stundenplan%20BWL%20VWL%20WiSe%2012-13.pdf", "https://sso.uni-muenster.de/MeinZIV/", "https://studium.uni-muenster.de/qisserver/rds?state=wtree&search=1&trex=step&root120122=70848|77070|71610|77491|73083&P.vx=kurz", "https://www.uni-muenster.de/LearnWeb/learnweb2/index.php?theme=wwu", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=0733f45d-c896-403a-21f0-a6961b859e4d&searchtype=hp&installDate=07/10/2013", "hxxp://mystart.incredibar.com/?a=6R8HWMm4Wn&loc=skw", "hxxp://start.iminent.com/?appId=4C0B0799-AA79-4745-B802-33CDE9C8AAE6"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-22]
CHR Extension: (YouTube) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-22]
CHR Extension: (Google-Suche) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-22]
CHR Extension: (Chuck Anderson) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2013-03-22]
CHR Extension: (Google Wallet) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Google Mail) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-22]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-04-23] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 rpcnet; C:\Windows\system32\rpcnet.exe [69792 2013-03-22] (Absolute Software Corp.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros)
S2 Update melondrea; "C:\Program Files\melondrea\updatemelondrea.exe" [X]
S2 WinkHandler; C:\Program Files\Iminent\WinkHandler.exe [X]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-10] (Cisco Systems, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2846720 2012-02-24] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-23] (DT Soft Ltd)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [217904 2012-04-16] (ELAN Microelectronics Corp.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-24] (Avira GmbH)
S1 netfilter; system32\drivers\netfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 18:08 - 2014-04-21 18:09 - 00010422 _____ () C:\Users\Elena\Downloads\FRST.txt
2014-04-21 18:08 - 2014-04-21 18:08 - 01151488 _____ (Farbar) C:\Users\Elena\Downloads\FRST.exe
2014-04-21 18:08 - 2014-04-21 18:08 - 00000000 ____D () C:\FRST
2014-04-21 18:04 - 2014-04-21 18:04 - 00003496 _____ () C:\Users\Elena\Desktop\AdwCleaner[S0].txt
2014-04-21 17:51 - 2014-04-21 18:01 - 00000000 ____D () C:\AdwCleaner
2014-04-21 17:50 - 2014-04-21 17:51 - 01322687 _____ () C:\Users\Elena\Downloads\adwcleaner.exe
2014-04-21 17:49 - 2014-04-21 17:49 - 00000000 ____D () C:\Windows\pss
2014-04-21 17:13 - 2014-04-21 17:13 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-21 17:13 - 2014-04-21 17:13 - 00000000 ____D () C:\Program Files\SamsungPrinterLiveUpdate
2014-04-18 22:33 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-18 22:33 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-18 22:33 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-18 22:33 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-18 22:33 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-18 22:33 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-18 22:33 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-18 22:33 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-18 22:33 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-18 22:33 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-18 22:33 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-18 22:33 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-18 22:33 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-18 22:33 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-18 22:33 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 22:33 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-18 22:33 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-18 22:33 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-18 22:33 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-18 22:32 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-18 22:32 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-18 22:32 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-18 22:32 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-18 22:32 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-18 22:32 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-18 22:32 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 18:26 - 2014-04-16 18:27 - 00000000 ____D () C:\Users\Elena\Desktop\Stadtwerke MS
2014-04-15 18:37 - 2014-04-15 18:37 - 00001175 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-04-15 18:36 - 2014-04-15 18:36 - 00000000 ____D () C:\Program Files\R
2014-04-15 18:30 - 2014-04-15 18:30 - 56282811 _____ (R Core Team ) C:\Users\Elena\Downloads\R-3.1.0-win.exe
2014-04-14 20:04 - 2014-04-14 20:04 - 01984980 _____ () C:\Users\Elena\Downloads\2014-04-12 23.55.50.mp4
2014-04-10 11:50 - 2014-04-17 10:27 - 00000000 ____D () C:\Users\Elena\.idlerc
2014-04-10 11:24 - 2014-04-10 11:24 - 00000000 ____D () C:\Users\Elena\AppData\Local\.distlib
2014-04-10 11:23 - 2014-04-17 11:29 - 00000000 ____D () C:\Users\Elena\Desktop\Informatik
2014-04-10 11:21 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 11:21 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 11:21 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 11:21 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 11:21 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 11:21 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 11:19 - 2014-04-10 11:24 - 00000000 ____D () C:\Python34
2014-04-10 11:16 - 2014-04-10 11:17 - 24498176 _____ () C:\Users\Elena\Downloads\python-3.4.0.msi
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\ProgramData\Sun
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-09 21:00 - 2014-04-09 20:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-09 20:59 - 2014-04-09 20:59 - 00000000 ____D () C:\Program Files\Java
2014-04-09 20:57 - 2014-04-09 20:57 - 00921000 _____ (Oracle Corporation) C:\Users\Elena\Downloads\chromeinstall-7u51.exe
2014-04-09 13:18 - 2014-04-09 13:18 - 00001509 _____ () C:\Users\Elena\Desktop\Cisco VPN.lnk
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\Users\Elena\AppData\Local\Cisco
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\Program Files\Cisco
2014-04-09 13:15 - 2014-04-09 13:15 - 02719064 _____ (Cisco Systems, Inc.) C:\Users\Elena\Downloads\anyconnect-win-3.0.11042-web-deploy-k9.exe
2014-04-07 17:21 - 2014-04-07 17:21 - 00000000 ___RD () C:\Users\Elena\AppData\Roaming\Brother
2014-04-04 10:38 - 2014-04-04 10:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-04-03 20:08 - 2014-04-03 20:08 - 00249673 _____ () C:\Users\Elena\Desktop\B. Gliniors.htm
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Elena\Desktop\B. Gliniors_files
2014-04-03 20:06 - 2014-04-03 20:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-03 20:06 - 2014-04-03 20:07 - 00000000 ____D () C:\Program Files\iTunes
2014-04-03 20:06 - 2014-04-03 20:06 - 00000000 ____D () C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-04-21 18:09 - 2014-04-21 18:08 - 00010422 _____ () C:\Users\Elena\Downloads\FRST.txt
2014-04-21 18:08 - 2014-04-21 18:08 - 01151488 _____ (Farbar) C:\Users\Elena\Downloads\FRST.exe
2014-04-21 18:08 - 2014-04-21 18:08 - 00000000 ____D () C:\FRST
2014-04-21 18:07 - 2013-03-23 01:00 - 01737266 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 18:04 - 2014-04-21 18:04 - 00003496 _____ () C:\Users\Elena\Desktop\AdwCleaner[S0].txt
2014-04-21 18:03 - 2013-03-23 00:56 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-04-21 18:03 - 2013-03-22 21:03 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 18:03 - 2013-03-22 20:53 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2014-04-21 18:02 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 18:02 - 2009-07-14 06:39 - 00044847 _____ () C:\Windows\setupact.log
2014-04-21 18:01 - 2014-04-21 17:51 - 00000000 ____D () C:\AdwCleaner
2014-04-21 18:01 - 2009-07-14 06:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 18:01 - 2009-07-14 06:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 17:56 - 2010-11-20 23:48 - 00145500 _____ () C:\Windows\PFRO.log
2014-04-21 17:51 - 2014-04-21 17:50 - 01322687 _____ () C:\Users\Elena\Downloads\adwcleaner.exe
2014-04-21 17:49 - 2014-04-21 17:49 - 00000000 ____D () C:\Windows\pss
2014-04-21 17:45 - 2013-04-02 19:25 - 00000000 ____D () C:\Users\Elena\AppData\Roaming\Skype
2014-04-21 17:24 - 2013-03-22 21:03 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 17:15 - 2013-03-31 15:41 - 00000000 ____D () C:\Users\Elena\AppData\Roaming\Dropbox
2014-04-21 17:13 - 2014-04-21 17:13 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-21 17:13 - 2014-04-21 17:13 - 00000000 ____D () C:\Program Files\SamsungPrinterLiveUpdate
2014-04-19 14:48 - 2010-11-20 23:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 14:47 - 2013-03-31 15:46 - 00000000 ___RD () C:\Users\Elena\Dropbox
2014-04-19 14:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-18 22:32 - 2013-07-27 23:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-18 22:29 - 2013-03-22 20:38 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-18 22:27 - 2014-02-12 19:41 - 00000000 ____D () C:\Users\Elena\AppData\Roaming\Spotify
2014-04-18 19:16 - 2014-02-12 19:42 - 00000000 ____D () C:\Users\Elena\AppData\Local\Spotify
2014-04-17 11:29 - 2014-04-10 11:23 - 00000000 ____D () C:\Users\Elena\Desktop\Informatik
2014-04-17 10:27 - 2014-04-10 11:50 - 00000000 ____D () C:\Users\Elena\.idlerc
2014-04-16 18:27 - 2014-04-16 18:26 - 00000000 ____D () C:\Users\Elena\Desktop\Stadtwerke MS
2014-04-15 18:37 - 2014-04-15 18:37 - 00001175 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-04-15 18:36 - 2014-04-15 18:36 - 00000000 ____D () C:\Program Files\R
2014-04-15 18:30 - 2014-04-15 18:30 - 56282811 _____ (R Core Team ) C:\Users\Elena\Downloads\R-3.1.0-win.exe
2014-04-14 20:04 - 2014-04-14 20:04 - 01984980 _____ () C:\Users\Elena\Downloads\2014-04-12 23.55.50.mp4
2014-04-10 16:08 - 2013-11-08 12:33 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-04-10 11:50 - 2013-03-23 01:09 - 00000000 ____D () C:\Users\Elena
2014-04-10 11:24 - 2014-04-10 11:24 - 00000000 ____D () C:\Users\Elena\AppData\Local\.distlib
2014-04-10 11:24 - 2014-04-10 11:19 - 00000000 ____D () C:\Python34
2014-04-10 11:17 - 2014-04-10 11:16 - 24498176 _____ () C:\Users\Elena\Downloads\python-3.4.0.msi
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\ProgramData\Sun
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-09 20:59 - 2014-04-09 21:00 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-09 20:59 - 2014-04-09 20:59 - 00000000 ____D () C:\Program Files\Java
2014-04-09 20:57 - 2014-04-09 20:57 - 00921000 _____ (Oracle Corporation) C:\Users\Elena\Downloads\chromeinstall-7u51.exe
2014-04-09 13:18 - 2014-04-09 13:18 - 00001509 _____ () C:\Users\Elena\Desktop\Cisco VPN.lnk
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\Users\Elena\AppData\Local\Cisco
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\Program Files\Cisco
2014-04-09 13:15 - 2014-04-09 13:15 - 02719064 _____ (Cisco Systems, Inc.) C:\Users\Elena\Downloads\anyconnect-win-3.0.11042-web-deploy-k9.exe
2014-04-08 18:07 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-07 17:21 - 2014-04-07 17:21 - 00000000 ___RD () C:\Users\Elena\AppData\Roaming\Brother
2014-04-04 10:38 - 2014-04-04 10:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-04-03 20:08 - 2014-04-03 20:08 - 00249673 _____ () C:\Users\Elena\Desktop\B. Gliniors.htm
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Elena\Desktop\B. Gliniors_files
2014-04-03 20:07 - 2014-04-03 20:06 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-03 20:07 - 2014-04-03 20:06 - 00000000 ____D () C:\Program Files\iTunes
2014-04-03 20:06 - 2014-04-03 20:06 - 00000000 ____D () C:\Program Files\iPod
2014-04-03 20:06 - 2013-08-08 11:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-02 10:33 - 2014-01-27 13:54 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-31 09:35 - 2013-03-30 19:20 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Elena\AppData\Local\Temp\AskSLib.dll
C:\Users\Elena\AppData\Local\Temp\avgnt.exe
C:\Users\Elena\AppData\Local\Temp\BackupSetup.exe
C:\Users\Elena\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Elena\AppData\Local\Temp\ose00000.exe
C:\Users\Elena\AppData\Local\Temp\Quarantine.exe
C:\Users\Elena\AppData\Local\Temp\RegClean7.exe
C:\Users\Elena\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Elena\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Elena\AppData\Local\Temp\{8F38272B-B45C-4216-AAD2-5BAE5CDE3581}-30.0.1599.101_30.0.1599.69_chrome_updater.exe
C:\Users\Elena\AppData\Local\Temp\{CF80CE78-84B0-4F31-B38E-CEECF45656E4}-30.0.1599.101_chrome_installer.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 18:31

==================== End Of Log ============================

checkup

Code:
Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

Die Frage, die mir gestellt wurde war "Wie kann das sein, ich bin doch auf keinen schlimmen Seiten und mein Antivir ist auch aktuell?!"

Reicht Antivir für solche Art von Schädlingen aus?

Vielen Dank für die Hilfe im voraus und noch einen schönen Ostermontag!!

Gruß

schrauber 21.04.2014 19:12
Hi,

Aufpassen beim Installieren von Software, und Avira is scheisse.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

shorstkemper 22.04.2014 19:50
mban

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 22.04.2014
Suchlauf-Zeit: 20:30:28
Logdatei:
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.22.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Elena

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 230188
Verstrichene Zeit: 27 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 9
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\CLASSES\CLSID\{16f059cb-3d3f-4ecc-b426-bafa47233676}, In Quarantäne, [6a9690700cf426da98948f89ce343fc1],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4ab7647f-75b6-4486-9584-efee06afee68}, In Quarantäne, [6a9690700cf426da98948f89ce343fc1],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AE20B22F-60C1-4753-ABAE-459C85D3E303}, In Quarantäne, [6a9690700cf426da98948f89ce343fc1],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{16F059CB-3D3F-4ECC-B426-BAFA47233676}, In Quarantäne, [6a9690700cf426da98948f89ce343fc1],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [18e8857b7a8619e71ac65cbacf336b95],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\melondrea, In Quarantäne, [46bafd0328d85ba5263e027954aebc44],
PUP.Optional.Melondrea.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update melondrea, In Quarantäne, [5da338c8a060b14f99ccf388d72bb54b],
PUP.Optional.Iminent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinkHandler, In Quarantäne, [9a66b24e1be55ca462b82d55cf338e72],
PUP.Optional.Melondrea.A, HKU\S-1-5-21-3193947046-1248806982-583716356-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\melondrea, In Quarantäne, [fe02639d0000738d540f8bf0fd05bb45],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 11
PUP.Optional.RegCleanerPro, C:\Users\Elena\AppData\Local\Temp\RegClean7.exe, In Quarantäne, [9e62649c3bc501ff969b01052dd410f0],
PUP.Optional.Iminent.A, C:\Users\Elena\AppData\Local\Temp\n8623\Iminent_1712-b2fcad5e.exe, In Quarantäne, [0bf5df2156aa6a968ec471cede2335cb],
PUP.Optional.Solimba, C:\Users\Elena\AppData\Local\Temp\n8623\ins8623.exe, In Quarantäne, [cf31f10f9070768a161fad5a55af7987],
PUP.Optional.Melondrea.A, C:\Users\Elena\AppData\Local\Temp\n8623\melondrea_0702-81cfb2ef.exe, In Quarantäne, [629eb05009f79070bd8a7297ea1a7e82],
PUP.Optional.RegCleanerPro, C:\Users\Elena\AppData\Local\Temp\n8623\RegClean_1612-230a802f.exe, In Quarantäne, [fe02768afa066799171ad135a55c22de],
PUP.Optional.Savingsbull, C:\Users\Elena\AppData\Local\Temp\n8623\saving_0502_DE-ec0a3c6d.exe, In Quarantäne, [18e8ba46000011efdef98283fa0ae020],
PUP.Optional.PlusHD.A, C:\Users\Elena\AppData\Local\Temp\nsjD9B3.tmp\temp_file_after.tmp, In Quarantäne, [44bc5ca40ff148b84569f1256e93c53b],
PUP.Optional.CrossRider.A, C:\Users\Elena\AppData\Local\Temp\nsyB496.tmp\Qemurxhxyddeim.exe, In Quarantäne, [e61a1de36799b64af0f12619b8488c74],
PUP.Optional.Iminent, C:\Users\Elena\AppData\Local\Temp\RarSFX1\MetroInstallerAPP.exe, In Quarantäne, [c63a9f618878ba46907a83807c859b65],
PUP.Optional.Iminent, C:\Users\Elena\AppData\Local\Temp\RarSFX1\MetroInstallPack.MIP, In Quarantäne, [d729827eee125ca4bb4fa36006fb32ce],
PUP.Optional.Iminent.A, C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://www.ulb.uni-muenster.de/", "https://dl.dropbox.com/u/5988397/Stundenplan%20BWL%20VWL%20WiSe%2012-13.pdf", "https://sso.uni-muenster.de/MeinZIV/", "https://studium.uni-muenster.de/qisserver/rds?state=wtree&search=1&trex=step&root120122=70848|77070|71610|77491|73083&P.vx=kurz", "https://www.uni-muenster.de/LearnWeb/learnweb2/index.php?theme=wwu", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=0733f45d-c896-403a-21f0-a6961b859e4d&searchtype=hp&installDate=07/10/2013", "hxxp://mystart.incredibar.com/?a=6R8HWMm4Wn&loc=skw", "hxxp://start.iminent.com/?appId=4C0B0799-AA79-4745-B802-33CDE9C8AAE6" ],), Ersetzt,[14ecc53bcc3479870e515106788c52ae]

Physische Sektoren: 0
(No malicious items detected)


(end)

JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Elena on 22.04.2014 at 20:41:18,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.04.2014 at 20:44:47,34
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2014
Ran by Elena (administrator) on ELENA-PC on 22-04-2014 20:47:37
Running from C:\Users\Elena\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
(Atheros) C:\Program Files\Atheros\Ath_WlanAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2195248 2012-04-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3193947046-1248806982-583716356-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3193947046-1248806982-583716356-1000\...\MountPoints2: {5b8b3e29-ab30-11e2-9b53-083e8e29ef18} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3193947046-1248806982-583716356-1000\...\MountPoints2: {a43c548f-9344-11e2-8108-91727c15fe93} - F:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD26E33D22E27CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.ulb.uni-muenster.de/", "https://dl.dropbox.com/u/5988397/Stundenplan%20BWL%20VWL%20WiSe%2012-13.pdf", "https://sso.uni-muenster.de/MeinZIV/", "https://studium.uni-muenster.de/qisserver/rds?state=wtree&search=1&trex=step&root120122=70848|77070|71610|77491|73083&P.vx=kurz", "https://www.uni-muenster.de/LearnWeb/learnweb2/index.php?theme=wwu", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=0733f45d-c896-403a-21f0-a6961b859e4d&searchtype=hp&installDate=07/10/2013", "hxxp://mystart.incredibar.com/?a=6R8HWMm4Wn&loc=skw", "hxxp://start.iminent.com/?appId=4C0B0799-AA79-4745-B802-33CDE9C8AAE6"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-22]
CHR Extension: (YouTube) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-22]
CHR Extension: (Google-Suche) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-22]
CHR Extension: (Chuck Anderson) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2013-03-22]
CHR Extension: (Google Wallet) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Google Mail) - C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-22]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-04-23] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 rpcnet; C:\Windows\system32\rpcnet.exe [69792 2013-03-22] (Absolute Software Corp.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-10] (Cisco Systems, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2846720 2012-02-24] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-23] (DT Soft Ltd)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [217904 2012-04-16] (ELAN Microelectronics Corp.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-24] (Avira GmbH)
S1 netfilter; system32\drivers\netfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 20:47 - 2014-04-22 20:47 - 00010032 _____ () C:\Users\Elena\Downloads\FRST.txt
2014-04-22 20:47 - 2014-04-22 20:47 - 00000000 ____D () C:\Users\Elena\Downloads\FRST-OlderVersion
2014-04-22 20:44 - 2014-04-22 20:44 - 00000650 _____ () C:\Users\Elena\Desktop\JRT.txt
2014-04-22 20:38 - 2014-04-22 20:38 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 20:31 - 2014-04-22 20:31 - 00004745 _____ () C:\Users\Elena\Desktop\malwarebytes.txt
2014-04-22 20:01 - 2014-04-22 20:45 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 20:00 - 2014-04-22 20:00 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 20:00 - 2014-04-22 20:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 20:00 - 2014-04-22 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-22 20:00 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-22 20:00 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-22 20:00 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-22 19:59 - 2014-04-22 19:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elena\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-22 19:59 - 2014-04-22 19:59 - 01016261 _____ (Thisisu) C:\Users\Elena\Downloads\JRT_6.1.4.exe
2014-04-21 18:18 - 2014-04-21 18:18 - 00000781 _____ () C:\Users\Elena\Desktop\checkup.txt
2014-04-21 18:17 - 2014-04-21 18:17 - 00987448 _____ () C:\Users\Elena\Desktop\SecurityCheck.exe
2014-04-21 18:10 - 2014-04-21 18:11 - 00020463 _____ () C:\Users\Elena\Desktop\Addition.txt
2014-04-21 18:08 - 2014-04-22 20:47 - 01048064 _____ (Farbar) C:\Users\Elena\Downloads\FRST.exe
2014-04-21 18:08 - 2014-04-22 20:47 - 00000000 ____D () C:\FRST
2014-04-21 18:08 - 2014-04-21 18:12 - 00025369 _____ () C:\Users\Elena\Desktop\FRST.txt
2014-04-21 18:04 - 2014-04-21 18:04 - 00003496 _____ () C:\Users\Elena\Desktop\AdwCleaner[S0].txt
2014-04-21 17:51 - 2014-04-21 18:01 - 00000000 ____D () C:\AdwCleaner
2014-04-21 17:50 - 2014-04-21 17:51 - 01322687 _____ () C:\Users\Elena\Downloads\adwcleaner.exe
2014-04-21 17:49 - 2014-04-21 17:49 - 00000000 ____D () C:\Windows\pss
2014-04-21 17:13 - 2014-04-21 17:13 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-21 17:13 - 2014-04-21 17:13 - 00000000 ____D () C:\Program Files\SamsungPrinterLiveUpdate
2014-04-18 22:33 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-18 22:33 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-18 22:33 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-18 22:33 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-18 22:33 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-18 22:33 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-18 22:33 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-18 22:33 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-18 22:33 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-18 22:33 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-18 22:33 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-18 22:33 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-18 22:33 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-18 22:33 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-18 22:33 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 22:33 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-18 22:33 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-18 22:33 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-18 22:33 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-18 22:32 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-18 22:32 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-18 22:32 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-18 22:32 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-18 22:32 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-18 22:32 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-18 22:32 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 18:26 - 2014-04-16 18:27 - 00000000 ____D () C:\Users\Elena\Desktop\Stadtwerke MS
2014-04-15 18:37 - 2014-04-15 18:37 - 00001175 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-04-15 18:36 - 2014-04-15 18:36 - 00000000 ____D () C:\Program Files\R
2014-04-15 18:30 - 2014-04-15 18:30 - 56282811 _____ (R Core Team ) C:\Users\Elena\Downloads\R-3.1.0-win.exe
2014-04-14 20:04 - 2014-04-14 20:04 - 01984980 _____ () C:\Users\Elena\Downloads\2014-04-12 23.55.50.mp4
2014-04-10 11:50 - 2014-04-17 10:27 - 00000000 ____D () C:\Users\Elena\.idlerc
2014-04-10 11:24 - 2014-04-10 11:24 - 00000000 ____D () C:\Users\Elena\AppData\Local\.distlib
2014-04-10 11:23 - 2014-04-17 11:29 - 00000000 ____D () C:\Users\Elena\Desktop\Informatik
2014-04-10 11:21 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 11:21 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 11:21 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 11:21 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 11:21 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 11:21 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 11:19 - 2014-04-10 11:24 - 00000000 ____D () C:\Python34
2014-04-10 11:16 - 2014-04-10 11:17 - 24498176 _____ () C:\Users\Elena\Downloads\python-3.4.0.msi
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\ProgramData\Sun
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-09 21:00 - 2014-04-09 20:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-09 20:59 - 2014-04-09 20:59 - 00000000 ____D () C:\Program Files\Java
2014-04-09 20:57 - 2014-04-09 20:57 - 00921000 _____ (Oracle Corporation) C:\Users\Elena\Downloads\chromeinstall-7u51.exe
2014-04-09 13:18 - 2014-04-09 13:18 - 00001509 _____ () C:\Users\Elena\Desktop\Cisco VPN.lnk
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\Users\Elena\AppData\Local\Cisco
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\Program Files\Cisco
2014-04-09 13:15 - 2014-04-09 13:15 - 02719064 _____ (Cisco Systems, Inc.) C:\Users\Elena\Downloads\anyconnect-win-3.0.11042-web-deploy-k9.exe
2014-04-07 17:21 - 2014-04-07 17:21 - 00000000 ___RD () C:\Users\Elena\AppData\Roaming\Brother
2014-04-04 10:38 - 2014-04-04 10:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-04-03 20:08 - 2014-04-03 20:08 - 00249673 _____ () C:\Users\Elena\Desktop\B. Gliniors.htm
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Elena\Desktop\B. Gliniors_files
2014-04-03 20:06 - 2014-04-03 20:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-03 20:06 - 2014-04-03 20:07 - 00000000 ____D () C:\Program Files\iTunes
2014-04-03 20:06 - 2014-04-03 20:06 - 00000000 ____D () C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-04-22 20:47 - 2014-04-22 20:47 - 00010032 _____ () C:\Users\Elena\Downloads\FRST.txt
2014-04-22 20:47 - 2014-04-22 20:47 - 00000000 ____D () C:\Users\Elena\Downloads\FRST-OlderVersion
2014-04-22 20:47 - 2014-04-21 18:08 - 01048064 _____ (Farbar) C:\Users\Elena\Downloads\FRST.exe
2014-04-22 20:47 - 2014-04-21 18:08 - 00000000 ____D () C:\FRST
2014-04-22 20:45 - 2014-04-22 20:01 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 20:44 - 2014-04-22 20:44 - 00000650 _____ () C:\Users\Elena\Desktop\JRT.txt
2014-04-22 20:39 - 2013-03-23 01:00 - 01784681 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 20:39 - 2013-03-23 00:56 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-04-22 20:39 - 2013-03-22 21:03 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 20:39 - 2013-03-22 20:53 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2014-04-22 20:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 20:39 - 2009-07-14 06:39 - 00045071 _____ () C:\Windows\setupact.log
2014-04-22 20:39 - 2009-07-14 06:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 20:39 - 2009-07-14 06:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 20:38 - 2014-04-22 20:38 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 20:32 - 2010-11-20 23:48 - 00148260 _____ () C:\Windows\PFRO.log
2014-04-22 20:31 - 2014-04-22 20:31 - 00004745 _____ () C:\Users\Elena\Desktop\malwarebytes.txt
2014-04-22 20:24 - 2013-03-22 21:03 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-22 20:00 - 2014-04-22 20:00 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 20:00 - 2014-04-22 20:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 20:00 - 2014-04-22 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-22 19:59 - 2014-04-22 19:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elena\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-22 19:59 - 2014-04-22 19:59 - 01016261 _____ (Thisisu) C:\Users\Elena\Downloads\JRT_6.1.4.exe
2014-04-22 16:04 - 2010-11-20 23:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 18:18 - 2014-04-21 18:18 - 00000781 _____ () C:\Users\Elena\Desktop\checkup.txt
2014-04-21 18:17 - 2014-04-21 18:17 - 00987448 _____ () C:\Users\Elena\Desktop\SecurityCheck.exe
2014-04-21 18:12 - 2014-04-21 18:08 - 00025369 _____ () C:\Users\Elena\Desktop\FRST.txt
2014-04-21 18:11 - 2014-04-21 18:10 - 00020463 _____ () C:\Users\Elena\Desktop\Addition.txt
2014-04-21 18:04 - 2014-04-21 18:04 - 00003496 _____ () C:\Users\Elena\Desktop\AdwCleaner[S0].txt
2014-04-21 18:01 - 2014-04-21 17:51 - 00000000 ____D () C:\AdwCleaner
2014-04-21 17:51 - 2014-04-21 17:50 - 01322687 _____ () C:\Users\Elena\Downloads\adwcleaner.exe
2014-04-21 17:49 - 2014-04-21 17:49 - 00000000 ____D () C:\Windows\pss
2014-04-21 17:45 - 2013-04-02 19:25 - 00000000 ____D () C:\Users\Elena\AppData\Roaming\Skype
2014-04-21 17:15 - 2013-03-31 15:41 - 00000000 ____D () C:\Users\Elena\AppData\Roaming\Dropbox
2014-04-21 17:13 - 2014-04-21 17:13 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-21 17:13 - 2014-04-21 17:13 - 00000000 ____D () C:\Program Files\SamsungPrinterLiveUpdate
2014-04-19 14:47 - 2013-03-31 15:46 - 00000000 ___RD () C:\Users\Elena\Dropbox
2014-04-19 14:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-18 22:32 - 2013-07-27 23:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-18 22:29 - 2013-03-22 20:38 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-18 22:27 - 2014-02-12 19:41 - 00000000 ____D () C:\Users\Elena\AppData\Roaming\Spotify
2014-04-18 19:16 - 2014-02-12 19:42 - 00000000 ____D () C:\Users\Elena\AppData\Local\Spotify
2014-04-17 11:29 - 2014-04-10 11:23 - 00000000 ____D () C:\Users\Elena\Desktop\Informatik
2014-04-17 10:27 - 2014-04-10 11:50 - 00000000 ____D () C:\Users\Elena\.idlerc
2014-04-16 18:27 - 2014-04-16 18:26 - 00000000 ____D () C:\Users\Elena\Desktop\Stadtwerke MS
2014-04-15 18:37 - 2014-04-15 18:37 - 00001175 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-04-15 18:36 - 2014-04-15 18:36 - 00000000 ____D () C:\Program Files\R
2014-04-15 18:30 - 2014-04-15 18:30 - 56282811 _____ (R Core Team ) C:\Users\Elena\Downloads\R-3.1.0-win.exe
2014-04-14 20:04 - 2014-04-14 20:04 - 01984980 _____ () C:\Users\Elena\Downloads\2014-04-12 23.55.50.mp4
2014-04-10 16:08 - 2013-11-08 12:33 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-04-10 11:50 - 2013-03-23 01:09 - 00000000 ____D () C:\Users\Elena
2014-04-10 11:24 - 2014-04-10 11:24 - 00000000 ____D () C:\Users\Elena\AppData\Local\.distlib
2014-04-10 11:24 - 2014-04-10 11:19 - 00000000 ____D () C:\Python34
2014-04-10 11:17 - 2014-04-10 11:16 - 24498176 _____ () C:\Users\Elena\Downloads\python-3.4.0.msi
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\ProgramData\Sun
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 21:00 - 2014-04-09 21:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-09 20:59 - 2014-04-09 21:00 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-09 20:59 - 2014-04-09 20:59 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-09 20:59 - 2014-04-09 20:59 - 00000000 ____D () C:\Program Files\Java
2014-04-09 20:57 - 2014-04-09 20:57 - 00921000 _____ (Oracle Corporation) C:\Users\Elena\Downloads\chromeinstall-7u51.exe
2014-04-09 13:18 - 2014-04-09 13:18 - 00001509 _____ () C:\Users\Elena\Desktop\Cisco VPN.lnk
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\Users\Elena\AppData\Local\Cisco
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\ProgramData\Cisco
2014-04-09 13:16 - 2014-04-09 13:16 - 00000000 ____D () C:\Program Files\Cisco
2014-04-09 13:15 - 2014-04-09 13:15 - 02719064 _____ (Cisco Systems, Inc.) C:\Users\Elena\Downloads\anyconnect-win-3.0.11042-web-deploy-k9.exe
2014-04-08 18:07 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-07 17:21 - 2014-04-07 17:21 - 00000000 ___RD () C:\Users\Elena\AppData\Roaming\Brother
2014-04-04 10:38 - 2014-04-04 10:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-04-03 20:08 - 2014-04-03 20:08 - 00249673 _____ () C:\Users\Elena\Desktop\B. Gliniors.htm
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Elena\Desktop\B. Gliniors_files
2014-04-03 20:07 - 2014-04-03 20:06 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-03 20:07 - 2014-04-03 20:06 - 00000000 ____D () C:\Program Files\iTunes
2014-04-03 20:06 - 2014-04-03 20:06 - 00000000 ____D () C:\Program Files\iPod
2014-04-03 20:06 - 2013-08-08 11:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-03 09:51 - 2014-04-22 20:00 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-22 20:00 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-22 20:00 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 10:33 - 2014-01-27 13:54 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-31 09:35 - 2013-03-30 19:20 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Elena\AppData\Local\Temp\AskSLib.dll
C:\Users\Elena\AppData\Local\Temp\avgnt.exe
C:\Users\Elena\AppData\Local\Temp\BackupSetup.exe
C:\Users\Elena\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Elena\AppData\Local\Temp\ose00000.exe
C:\Users\Elena\AppData\Local\Temp\Quarantine.exe
C:\Users\Elena\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Elena\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Elena\AppData\Local\Temp\{8F38272B-B45C-4216-AAD2-5BAE5CDE3581}-30.0.1599.101_30.0.1599.69_chrome_updater.exe
C:\Users\Elena\AppData\Local\Temp\{CF80CE78-84B0-4F31-B38E-CEECF45656E4}-30.0.1599.101_chrome_installer.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-22 19:38

==================== End Of Log ============================
--- --- ---

schrauber 23.04.2014 08:55

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

shorstkemper 04.05.2014 14:32
eset

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7aa52de0a61dc549b5ef99a832249fd2
# engine=18078
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-29 08:36:04
# local_time=2014-04-29 10:36:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 4168 169475069 7702 0
# compatibility_mode=5893 16776574 100 94 14827 150434955 0 0
# scanned=35405
# found=3
# cleaned=0
# scan_time=3497
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="Variante von Win32/AdWare.Adpeak.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B Anwendung" ac=I fn="C:\temp\t.msi"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7aa52de0a61dc549b5ef99a832249fd2
# engine=18126
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-04 12:41:14
# local_time=2014-05-04 02:41:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 18179 169878579 12082 0
# compatibility_mode=5893 16776573 100 94 68177 150838465 0 0
# scanned=128105
# found=4
# cleaned=0
# scan_time=16430
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="Variante von Win32/AdWare.Adpeak.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B Anwendung" ac=I fn="C:\temp\t.msi"
sh=1C41188A831C1AE0B15C80E9751B51A554C4AE8D ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B Anwendung" ac=I fn="D:\ELENA-PC\Backup Set 2014-02-23 192957\Backup Files 2014-02-26 151118\Backup files 1.zip"

SecurityCheck

Code:
Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51 
 Java version out of Date!
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Google Chrome 34.0.1847.116 
 Google Chrome 34.0.1847.131 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

schrauber 05.05.2014 11:53
Java und Adobe updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131