Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Spy.ZBot.hgfe (https://www.trojaner-board.de/161084-tr-spy-zbot-hgfe.html)

Marty60 22.11.2014 18:49
TR/Spy.ZBot.hgfe
 
Hallo
dieser Tage sind ja bekanntermaßen diese falschen Rechnungen im Umlauf gewesen. Was macht meine Frau? Klickt auf den Anhang! Ein Scan mit Avira Antivir Pro brachte o.g. Trojaner zu Tage! Liegt dort jetzt in der Quarantäne. Ich weiß aber nicht, ob damit der Fall erledigt ist.
Ich habe gleich mehrere Probleme im Moment:
- der Rechner fährt nicht mehr ordnungsgemäß runter
- Windows Explorer funktioniert nicht
- die Initialization des TDSS-Killers friert bei 80% ein
- selbiges gilt für FRST, dort steht die Box bei "Getting Restore Points" und macht nun schon
eine halbe Stunde nichts mehr.
Deshalb kann ich momentan auch keine LOGs schicken.
Für Expertenhilfe wäre ich sehr dankbar.

Grüsse Marty

schrauber 22.11.2014 18:54
Hi,

FRST beenden. FRST Haken raus bei Addition, und nochmal scannen.

Marty60 22.11.2014 19:34
Hat geklappt, danke. Da ich nicht an den Speicherort rankomme, hab ich die Daten kopiert und untenstehend eingefügt.



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 01
Ran by Martin (administrator) on MARTIN-PC on 22-11-2014 19:30:38
Running from C:\Users\Martin\Downloads
Loaded Profile: Martin (Available profiles: Martin & Moni & Sötsch)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Safer-Networking Ltd.) F:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Users\Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) F:\Programme\sniper\Steam.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILPE.EXE
() F:\Programme\ScannerFinder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Safer-Networking Ltd.) F:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Geek Software GmbH) F:\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Safer-Networking Ltd.) F:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Valve Corporation) F:\Programme\sniper\bin\steamwebhelper.exe
(Safer-Networking Ltd.) F:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Opera Software) C:\Users\Martin\AppData\Local\Opera Mail\operamail.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
() C:\Program Files (x86)\Opera\25.0.1614.68\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [6311104 2014-07-18] (FNet Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SDTray] => F:\Programme\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [fst_de_123] => [X]
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver0BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PDFPrint] => F:\PDF24\pdf24.exe [193568 2014-11-12] (Geek Software GmbH)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [Amazon Music] => C:\Users\Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [Google Update] => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-19] (Google Inc.)
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [Google+ Auto Backup] => C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [Steam] => F:\Programme\sniper\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [Spybot-S&D Cleaning] => F:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\MountPoints2: {092d28b6-0eb7-11e4-9a5d-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\MountPoints2: {a3da18aa-1bb4-11e4-9c5e-d05099038ce1} - H:\MotorolaDeviceManagerSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> F:\Programme\ScannerFinder.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57870;https=127.0.0.1:57870
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-990669769-1353233478-3139022197-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-990669769-1353233478-3139022197-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-990669769-1353233478-3139022197-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-11-17]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (        "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (        "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SDScannerService; F:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; F:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; F:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-19] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-07-21] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-07-18] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 18:32 - 2014-11-22 19:30 - 00011554 _____ () C:\Users\Martin\Downloads\Addition.txt
2014-11-22 18:31 - 2014-11-22 19:30 - 00025095 _____ () C:\Users\Martin\Downloads\FRST.txt
2014-11-22 18:31 - 2014-11-22 19:30 - 00000000 ____D () C:\FRST
2014-11-22 18:28 - 2014-11-22 18:28 - 02118144 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2014-11-22 14:22 - 2014-11-22 14:22 - 01776424 _____ () C:\Users\Martin\Downloads\425225_intl_x64_zip (1).exe
2014-11-22 14:01 - 2014-11-22 14:01 - 00000000 ___SD () C:\32788R22FWJFW
2014-11-22 13:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-22 13:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-22 13:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-22 13:33 - 2014-11-22 13:35 - 00000000 ____D () C:\Qoobox
2014-11-22 13:33 - 2014-11-22 13:33 - 00000000 ____D () C:\Windows\erdnt
2014-11-22 13:28 - 2014-11-22 13:31 - 05598306 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2014-11-22 12:47 - 2014-11-22 12:47 - 01776424 _____ () C:\Users\Martin\Downloads\425225_intl_x64_zip.exe
2014-11-22 12:41 - 2014-11-22 12:41 - 00011317 _____ () C:\Users\Martin\Downloads\Dateizuordnungen korrigieren.zip
2014-11-22 12:39 - 2014-11-22 12:39 - 00019426 _____ () C:\Users\Martin\Downloads\Win7_Dateizuordnungen.zip
2014-11-22 12:14 - 2014-11-22 12:14 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Martin\Downloads\TDSSKiller30041.exe
2014-11-19 17:01 - 2014-11-19 17:01 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Epson
2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 16:24 - 2014-11-19 16:24 - 00000000 ____D () C:\Users\Sötsch\AppData\Roaming\Epson
2014-11-18 18:20 - 2014-11-18 18:20 - 00000598 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-11-18 18:20 - 2014-11-18 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-18 18:19 - 2014-11-18 18:19 - 16343840 _____ (Geek Software GmbH ) C:\Users\Martin\Downloads\pdf24-creator-6.9.1.exe
2014-11-18 18:10 - 2014-11-18 18:10 - 00002167 _____ () C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2014-11-18 18:10 - 2014-11-18 18:10 - 00000000 ____D () C:\ProgramData\UDL
2014-11-18 18:09 - 2014-11-18 18:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-11-17 22:08 - 2014-11-18 18:17 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Epson
2014-11-17 19:31 - 2014-11-17 19:31 - 03545416 _____ () C:\Users\Martin\Downloads\EpsonConnect130 (1).exe
2014-11-17 19:27 - 2014-11-17 19:27 - 03545416 _____ () C:\Users\Martin\Downloads\EpsonConnect130.exe
2014-11-17 19:26 - 2014-11-17 19:26 - 00001060 _____ () C:\Users\Public\Desktop\MyEpson Portal.lnk
2014-11-17 19:26 - 2014-11-17 19:26 - 00000854 _____ () C:\Users\Public\Desktop\Print CD.lnk
2014-11-17 19:13 - 2014-11-22 19:13 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {BF7B67FC-A0CE-47F1-8829-110F74F45B20}.job
2014-11-17 19:13 - 2014-11-22 19:13 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {BF7B67FC-A0CE-47F1-8829-110F74F45B20}.job
2014-11-17 19:13 - 2014-11-17 19:13 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON XP-710 Series Update {BF7B67FC-A0CE-47F1-8829-110F74F45B20}
2014-11-17 19:13 - 2014-11-17 19:13 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON XP-710 Series Invitation {BF7B67FC-A0CE-47F1-8829-110F74F45B20}
2014-11-17 19:13 - 2014-11-17 19:13 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-11-17 18:58 - 2014-11-17 18:58 - 00000000 __SHD () C:\Users\Martin\AppData\Local\EmieBrowserModeList
2014-11-17 18:57 - 2014-11-17 18:57 - 00000000 ____D () C:\Program Files\EpsonNet
2014-11-17 18:57 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2014-11-17 18:57 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2014-11-17 18:57 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2014-11-17 18:57 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2014-11-17 18:57 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2014-11-17 18:57 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2014-11-17 18:56 - 2014-11-17 18:56 - 00001144 _____ () C:\Users\Public\Desktop\EPSON-Handbücher.lnk
2014-11-17 18:56 - 2014-11-17 18:56 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-11-17 18:55 - 2014-11-18 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-11-17 18:55 - 2014-11-18 18:09 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-11-17 18:55 - 2014-11-17 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-11-17 18:55 - 2014-11-17 19:26 - 00000000 ____D () C:\Program Files (x86)\epson
2014-11-17 18:55 - 2014-11-17 18:55 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-11-17 18:55 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2014-11-17 18:55 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2014-11-17 18:48 - 2013-10-22 04:04 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMBLPE.DLL
2014-11-17 18:48 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BLPE.DLL
2014-11-17 18:48 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-11-17 18:44 - 2014-11-18 18:10 - 00000000 ____D () C:\ProgramData\Epson
2014-11-12 14:23 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 14:23 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 14:23 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 14:23 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 14:23 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 14:23 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 14:23 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 14:23 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 14:23 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 14:23 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 14:23 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 14:23 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 14:23 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 14:23 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 14:23 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 14:23 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 14:23 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 14:23 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 14:23 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 14:23 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 14:23 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 14:23 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 14:23 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 14:23 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 14:23 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 14:23 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 14:23 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 14:23 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 14:23 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 14:23 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 14:23 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 14:23 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 14:23 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 14:23 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 14:23 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 14:23 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 14:23 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 14:23 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 14:23 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 14:23 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 14:23 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 14:23 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 14:23 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 14:23 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 14:23 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 14:23 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 14:23 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 14:23 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 14:23 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 14:23 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 14:23 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 14:23 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 14:23 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 14:23 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 14:23 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 14:23 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 14:23 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 14:23 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 14:23 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 14:23 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 14:23 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:23 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:23 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:23 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:23 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 14:23 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 14:23 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 14:23 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 14:22 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:22 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 14:22 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 14:22 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 14:22 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 14:22 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 14:22 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:22 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 14:22 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 14:22 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 14:22 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 14:22 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 14:22 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 14:22 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 14:22 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 14:22 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:22 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 14:22 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 14:22 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 14:22 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 14:22 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-10 21:48 - 2014-11-03 21:25 - 00615568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-10 21:47 - 2014-11-04 01:04 - 31891784 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 24555208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 20923712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 18514080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 17259848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 14031448 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 13943904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 13207184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-10 21:47 - 2014-11-04 01:04 - 11397208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 11335408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 04289168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00962704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00922256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00898192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00870624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-10 18:17 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-10 18:17 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-03 20:54 - 2014-11-03 21:37 - 00000000 ____D () C:\Users\Martin\Documents\Versicherungen
2014-11-01 12:45 - 2014-11-01 12:34 - 00000524 _____ () C:\Quarantine.lst
2014-11-01 12:45 - 2014-11-01 12:34 - 00000198 _____ () C:\Quarantine.reg
2014-11-01 12:34 - 2014-11-01 12:34 - 00000229 _____ () C:\Windows\wininit.ini
2014-10-29 22:24 - 2014-11-12 22:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-29 22:24 - 2014-11-12 21:58 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 19:17 - 2014-07-19 14:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 18:50 - 2014-07-18 21:30 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 18:16 - 2014-07-18 21:12 - 01852602 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 17:50 - 2014-07-19 11:27 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000Core.job
2014-11-22 17:50 - 2014-07-18 21:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-22 17:41 - 2009-07-14 05:45 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 17:41 - 2009-07-14 05:45 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-22 17:33 - 2014-08-04 11:30 - 00000000 ____D () C:\Temp
2014-11-22 17:33 - 2009-07-14 05:51 - 00058160 _____ () C:\Windows\setupact.log
2014-11-22 17:32 - 2014-07-18 22:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-22 17:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-22 12:51 - 2014-07-18 21:17 - 00000000 ____D () C:\Users\Martin\AppData\Local\VirtualStore
2014-11-19 19:17 - 2014-07-19 14:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-19 19:17 - 2014-07-19 14:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-19 19:17 - 2014-07-19 14:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-19 16:51 - 2014-07-18 21:30 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-19 16:24 - 2014-07-19 11:05 - 00086552 _____ () C:\Users\Sötsch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-19 16:23 - 2010-11-21 04:47 - 01018096 _____ () C:\Windows\PFRO.log
2014-11-18 18:18 - 2014-08-24 10:02 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe
2014-11-18 18:18 - 2014-07-18 21:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-18 18:18 - 2014-07-18 21:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-18 18:09 - 2014-07-18 21:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 18:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-17 19:26 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\ShellNew
2014-11-17 18:43 - 2014-07-19 07:05 - 00700130 _____ () C:\Windows\system32\perfh007.dat
2014-11-17 18:43 - 2014-07-19 07:05 - 00149768 _____ () C:\Windows\system32\perfc007.dat
2014-11-17 18:43 - 2009-07-14 06:13 - 01622706 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 10:46 - 2014-07-18 22:36 - 00086552 _____ () C:\Users\Moni\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 18:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 17:45 - 2014-07-19 11:27 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000UA
2014-11-13 17:45 - 2014-07-19 11:27 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000Core
2014-11-13 17:45 - 2014-07-19 11:27 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000UA.job
2014-11-13 17:45 - 2014-07-18 21:30 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 17:45 - 2014-07-18 21:30 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 17:39 - 2014-07-18 21:23 - 00086552 _____ () C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 17:38 - 2009-07-14 05:45 - 00342584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 17:36 - 2014-07-19 10:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 22:02 - 2014-07-19 10:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-10 21:48 - 2014-07-18 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-10 21:48 - 2014-07-18 21:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-06 18:06 - 2014-07-29 16:21 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-06 18:06 - 2014-07-29 16:21 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-06 18:06 - 2014-07-18 22:02 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-06 18:06 - 2014-07-18 22:02 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-04 01:04 - 2014-10-09 18:18 - 02849736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-04 01:04 - 2014-07-18 21:59 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-04 01:04 - 2014-07-18 21:59 - 00059592 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 20985544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 03238040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 00987520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-03 23:02 - 2014-07-18 22:00 - 06882448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-03 23:02 - 2014-07-18 22:00 - 03531464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-03 23:02 - 2014-07-18 22:00 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-03 23:02 - 2014-07-18 22:00 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-03 23:02 - 2014-07-18 22:00 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-03 23:02 - 2014-07-18 22:00 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-03 12:58 - 2014-07-18 22:00 - 04099264 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-01 12:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-01 12:45 - 2014-07-19 14:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-30 21:41 - 2014-07-18 22:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1405717824
2014-10-30 21:41 - 2014-07-18 22:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-24 14:01 - 2014-07-18 22:39 - 00000000 ____D () C:\Users\Moni\Documents\FC-Jugend
2014-10-24 13:58 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\avgnt.exe
C:\Users\Martin\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Martin\AppData\Local\Temp\ose00000.exe
C:\Users\Moni\AppData\Local\Temp\avgnt.exe
C:\Users\Sötsch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 20:02

==================== End Of Log ===========================
--- --- ---

schrauber 23.11.2014 14:51
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Marty60 23.11.2014 19:29
Combofix Logfile:
Code:
ComboFix 14-11-18.01 - Martin 23.11.2014  18:48:30.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8131.5516 [GMT 1:00]
ausgeführt von:: c:\users\Martin\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Easy Speed Check
c:\program files (x86)\Easy Speed Check\cwebpage.dll
c:\program files (x86)\Easy Speed Check\easyspeedcheck.exe
c:\program files (x86)\Easy Speed Check\libcurl.dll
c:\program files (x86)\Easy Speed Check\libeay32.dll
c:\program files (x86)\Easy Speed Check\libgcc_s_dw2-1.dll
c:\program files (x86)\Easy Speed Check\libidn-11.dll
c:\program files (x86)\Easy Speed Check\libstdc++-6.dll
c:\program files (x86)\Easy Speed Check\ssleay32.dll
c:\program files (x86)\Easy Speed Check\zlib1.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Ask.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Google.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\IMDb.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Shopping.com.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\TripAdvisor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Wikipedia.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Yahoo!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Amazon.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Argos.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ebay.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Etsy.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\HomeDepot.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ikea.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Lowe's.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Mercadolivre.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\MyShopping.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Sears.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Target.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Tesco.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Walmart.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Zalando.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Settings.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Facebook.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Twitter.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam\uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Wajam Website.lnk
c:\programdata\ntuser.pol
c:\users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1ACF0E40-42F6-4370-87EB-8C72BCC1A2EE}.xps
c:\users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2E1AFB4B-026B-4005-B0B4-41B51BDE018E}.xps
c:\users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3B3F9646-5E46-45F6-8B7A-480DCE276AD4}.xps
c:\users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E447810A-D231-4A9E-B186-78BD4CFE662A}.xps
c:\users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F073052A-0661-4755-BE6B-14C8135DCA5E}.xps
c:\windows\SysWow64\tmp139.tmp
c:\windows\SysWow64\tmp13A.tmp
c:\windows\SysWow64\tmp72E5.tmp
c:\windows\SysWow64\tmp82C6.tmp
c:\windows\SysWow64\tmp82C7.tmp
c:\windows\SysWow64\tmp864F.tmp
c:\windows\SysWow64\tmp8660.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-23 bis 2014-11-23  ))))))))))))))))))))))))))))))
.
.
2014-11-23 17:52 . 2014-11-23 17:52        --------        d-----w-        c:\users\Sötsch\AppData\Local\temp
2014-11-23 17:52 . 2014-11-23 17:52        --------        d-----w-        c:\users\Moni\AppData\Local\temp
2014-11-23 17:52 . 2014-11-23 17:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-11-22 17:31 . 2014-11-22 18:30        --------        d-----w-        C:\FRST
2014-11-19 16:01 . 2014-11-19 16:01        --------        d-----w-        c:\users\Moni\AppData\Roaming\Epson
2014-11-19 15:30 . 2014-11-11 03:08        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-19 15:30 . 2014-11-11 03:08        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-19 15:30 . 2014-11-11 02:44        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-19 15:30 . 2014-11-11 02:44        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-19 15:24 . 2014-11-19 15:24        --------        d-----w-        c:\users\Sötsch\AppData\Roaming\Epson
2014-11-18 17:10 . 2014-11-18 17:10        --------        d-----w-        c:\programdata\UDL
2014-11-18 17:09 . 2014-11-18 17:09        --------        d-----w-        c:\programdata\Sony Corporation
2014-11-17 21:08 . 2014-11-18 17:17        --------        d-----w-        c:\users\Martin\AppData\Roaming\Epson
2014-11-17 18:13 . 2014-11-17 18:13        --------        d-----w-        c:\program files\Common Files\EPSON
2014-11-17 17:58 . 2014-11-17 17:58        --------        d-sh--w-        c:\users\Martin\AppData\Local\EmieBrowserModeList
2014-11-17 17:57 . 2014-11-17 17:57        --------        d-----w-        c:\program files\EpsonNet
2014-11-17 17:57 . 2012-11-12 19:41        535552        ----a-w-        c:\windows\system32\ensppui.dll
2014-11-17 17:57 . 2012-11-12 19:41        535552        ----a-w-        c:\windows\system32\enppui.dll
2014-11-17 17:57 . 2012-11-12 14:15        558592        ----a-w-        c:\windows\system32\ensppmon.dll
2014-11-17 17:57 . 2012-11-12 14:15        558592        ----a-w-        c:\windows\system32\enppmon.dll
2014-11-17 17:57 . 2012-10-22 16:19        219648        ----a-w-        c:\windows\system32\enspres.dll
2014-11-17 17:57 . 2012-10-22 16:19        219648        ----a-w-        c:\windows\system32\enpres.dll
2014-11-17 17:55 . 2014-11-18 17:09        --------        d-----w-        c:\program files (x86)\EPSON Software
2014-11-17 17:55 . 2012-07-23 23:00        466432        ----a-w-        c:\windows\system32\esxw2ud.dll
2014-11-17 17:55 . 2012-05-16 23:00        144560        ----a-w-        c:\windows\system32\escsvc64.exe
2014-11-17 17:55 . 2014-11-17 18:26        --------        d-----w-        c:\program files (x86)\epson
2014-11-17 17:48 . 2007-04-10 00:06        10752        ----a-w-        c:\windows\system32\E_GCINST.DLL
2014-11-17 17:48 . 2013-10-22 03:04        179712        ----a-w-        c:\windows\system32\E_ILMBLPE.DLL
2014-11-17 17:48 . 2011-03-15 02:03        83968        ----a-w-        c:\windows\system32\E_ID4BLPE.DLL
2014-11-17 17:44 . 2014-11-18 17:10        --------        d-----w-        c:\programdata\Epson
2014-11-12 13:22 . 2014-08-21 06:43        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2014-11-10 20:48 . 2014-11-03 20:25        615568        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2014-11-10 17:17 . 2010-05-26 10:41        511328        ----a-w-        c:\windows\system32\d3dx10_43.dll
2014-11-10 17:17 . 2010-05-26 10:41        470880        ----a-w-        c:\windows\SysWow64\d3dx10_43.dll
2014-11-10 17:17 . 2010-05-26 10:41        276832        ----a-w-        c:\windows\system32\d3dx11_43.dll
2014-11-10 17:17 . 2010-05-26 10:41        248672        ----a-w-        c:\windows\SysWow64\d3dx11_43.dll
2014-11-10 17:17 . 2010-05-26 10:41        1998168        ----a-w-        c:\windows\SysWow64\D3DX9_43.dll
2014-11-10 17:17 . 2010-05-26 10:41        2401112        ----a-w-        c:\windows\system32\D3DX9_43.dll
2014-11-10 17:17 . 2014-10-03 19:23        38216        ----a-w-        c:\windows\system32\drivers\nvvad64v.sys
2014-11-10 17:17 . 2014-10-03 19:23        32584        ----a-w-        c:\windows\SysWow64\nvaudcap32v.dll
2014-11-01 11:49 . 2014-11-01 11:49        --------        d-----w-        c:\users\Martin\AppData\Local\Diagnostics
2014-11-01 11:45 . 2014-11-01 11:34        198        ----a-w-        C:\Quarantine.reg
2014-10-29 21:24 . 2014-11-12 21:00        --------        d-----w-        c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-19 18:17 . 2014-07-19 13:31        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-19 18:17 . 2014-07-19 13:31        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-06 17:06 . 2014-07-29 15:21        1291280        ----a-w-        c:\windows\SysWow64\nvspbridge.dll
2014-11-06 17:06 . 2014-07-18 21:02        2197680        ----a-w-        c:\windows\SysWow64\nvspcap.dll
2014-11-06 17:06 . 2014-07-29 15:21        1715224        ----a-w-        c:\windows\system32\nvspbridge64.dll
2014-11-06 17:06 . 2014-07-18 21:02        2800296        ----a-w-        c:\windows\system32\nvspcap64.dll
2014-11-04 00:04 . 2014-10-09 17:18        2849736        ----a-w-        c:\windows\SysWow64\nvapi.dll
2014-11-04 00:04 . 2014-07-18 20:59        73872        ----a-w-        c:\windows\system32\OpenCL.dll
2014-11-04 00:04 . 2014-07-18 20:59        59592        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2014-11-04 00:04 . 2014-07-18 20:52        987520        ----a-w-        c:\windows\system32\nvumdshimx.dll
2014-11-04 00:04 . 2014-07-18 20:52        20985544        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2014-11-04 00:04 . 2014-07-18 20:52        3238040        ----a-w-        c:\windows\system32\nvapi64.dll
2014-11-04 00:04 . 2014-07-18 20:52        16884632        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2014-11-03 22:02 . 2014-07-18 21:00        6882448        ----a-w-        c:\windows\system32\nvcpl.dll
2014-11-03 22:02 . 2014-07-18 21:00        3531464        ----a-w-        c:\windows\system32\nvsvc64.dll
2014-11-03 22:02 . 2014-07-18 21:00        935232        ----a-w-        c:\windows\system32\nvvsvc.exe
2014-11-03 22:02 . 2014-07-18 21:00        61640        ----a-w-        c:\windows\system32\nvshext.dll
2014-11-03 22:02 . 2014-07-18 21:00        385352        ----a-w-        c:\windows\system32\nvmctray.dll
2014-11-03 22:02 . 2014-07-18 21:00        2558792        ----a-w-        c:\windows\system32\nvsvcr.dll
2014-11-03 11:58 . 2014-07-18 21:00        4099264        ----a-w-        c:\windows\system32\nvcoproc.bin
2014-10-09 13:50 . 2014-07-18 22:01        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-10-09 13:50 . 2014-07-18 22:01        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-10-09 13:50 . 2014-07-18 22:01        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-10-03 19:23 . 2014-07-18 20:51        35144        ----a-w-        c:\windows\system32\nvaudcap64v.dll
2014-09-25 02:08 . 2014-10-01 16:16        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 16:16        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-17 04:51 . 2014-10-09 17:18        31520        ----a-w-        c:\windows\system32\nvhdap64.dll
2014-09-17 04:51 . 2014-10-09 17:18        197408        ----a-w-        c:\windows\system32\drivers\nvhda64v.sys
2014-09-17 04:51 . 2014-07-18 20:52        1538880        ----a-w-        c:\windows\system32\nvhdagenco6420103.dll
2014-09-13 23:48 . 2014-10-09 17:18        1539272        ----a-w-        c:\windows\system32\nvdispgenco6434411.dll
2014-09-13 23:48 . 2014-10-09 17:18        1876296        ----a-w-        c:\windows\system32\nvdispco6434411.dll
2014-09-09 22:11 . 2014-09-23 17:06        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 17:06        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-16 13:17        424448        ----a-w-        c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 13:17        372736        ----a-w-        c:\windows\SysWow64\rastls.dll
2014-03-07 09:03        3109520        --sha-r-        c:\windows\SysWOW64\avcodec-lav-55.dll
2014-03-07 09:03        98960        --sha-r-        c:\windows\SysWOW64\avfilter-lav-4.dll
2014-03-07 09:03        550032        --sha-r-        c:\windows\SysWOW64\avformat-lav-55.dll
2009-09-27 07:39        415744        --sh--w-        c:\windows\SysWOW64\avisynth.dll
2014-03-07 09:03        59536        --sha-r-        c:\windows\SysWOW64\avresample-lav-1.dll
2005-07-14 10:31        32256        --sh--w-        c:\windows\SysWOW64\AVSredirect.dll
2014-03-07 09:03        181392        --sha-r-        c:\windows\SysWOW64\avutil-lav-52.dll
2004-02-22 08:11        764416        --sh--w-        c:\windows\SysWOW64\devil.dll
2014-03-07 09:03        122512        --sha-r-        c:\windows\SysWOW64\HLaudio.dll
2014-03-07 09:03        203408        --sha-r-        c:\windows\SysWOW64\HLsplit.dll
2014-03-07 09:03        313520        --sha-r-        c:\windows\SysWOW64\HLvideo.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWOW64\i420vfw.dll
2014-03-07 09:03        166544        --sha-r-        c:\windows\SysWOW64\IntelQuickSyncDecoder.dll
2014-03-07 09:03        109712        --sha-r-        c:\windows\SysWOW64\libbluray.dll
2011-02-11 08:26        112128        --sha-r-        c:\windows\SysWOW64\OptimFROG.dll
2014-03-07 09:03        118416        --sha-r-        c:\windows\SysWOW64\swscale-lav-2.dll
2010-01-06 22:00        107520        --sha-r-        c:\windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 17:54        188416        --sha-r-        c:\windows\SysWOW64\winDCE32.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Music"="c:\users\Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-10-15 6281024]
"Google+ Auto Backup"="c:\users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-08-12 3746120]
"Steam"="f:\programme\sniper\Steam.exe" [2014-11-18 1940160]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE" [2013-01-24 297024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-11 292848]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2014-07-18 6311104]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-20 703736]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe" [2014-03-06 2086568]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2013-09-04 70728]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2013-09-04 1372232]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2014-05-02 1065024]
"PDFPrint"="f:\pdf24\pdf24.exe" [2014-11-12 193568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner Finder.lnk - f:\programme\ScannerFinder.exe [2014-7-19 339968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
R2 ASRockIOMon;ASRock IO Monitor Service;c:\program files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe;c:\program files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AsrDrv101;AsrDrv101;c:\windows\SysWOW64\Drivers\AsrDrv101.sys;c:\windows\SysWOW64\Drivers\AsrDrv101.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Guard Agent;Guard Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 MyEpson Portal Service;MyEpson Portal Service;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-19 15:51        1087304        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-19 18:17]
.
2014-11-23 c:\windows\Tasks\EPSON XP-710 Series Invitation {BF7B67FC-A0CE-47F1-8829-110F74F45B20}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [2014-11-17 00:20]
.
2014-11-23 c:\windows\Tasks\EPSON XP-710 Series Update {BF7B67FC-A0CE-47F1-8829-110F74F45B20}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [2014-11-17 00:20]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-18 20:30]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-18 20:30]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-19 10:27]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-19 10:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2013-05-31 2009952]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX
mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRock A-Tuning - (no file)
Wow6432Node-HKLM-Run-fst_de_123 - (no file)
Wow6432Node-HKLM-Run-BlockAndSurf - c:\program files (x86)\ver0BlockAndSurf\BlockAndSurf.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-23  18:53:30
ComboFix-quarantined-files.txt  2014-11-23 17:53
.
Vor Suchlauf: 16 Verzeichnis(se), 33.153.298.432 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 33.623.199.744 Bytes frei
.
- - End Of File - - DB1908AF8D49A1BDF5B6E01E9319D61D
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31


[/CODE]

schrauber 24.11.2014 17:59
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Marty60 26.11.2014 17:40
Liste der Anhänge anzeigen (Anzahl: 1)
Hat ein bisschen gedauert, ich bin beruflich im Streß:wtf:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
 Suchlauf Datum: 25.11.2014
Suchlauf-Zeit: 16:30:49
Logdatei: mbam.txt
Administrator: Ja
 Version: 2.00.3.1025
Malware Datenbank: v2014.11.25.06
Rootkit Datenbank: v2014.11.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
 Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Martin
 Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 404625
Verstrichene Zeit: 18 Min, 33 Sek
 Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
 Prozesse: 0
(Keine schädliche Elemente erkannt)
 Module: 0
(Keine schädliche Elemente erkannt)
 Registrierungsschlüssel: 13
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a15981be5d1f290dea277d20af5541bf],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [25d59fa0acd0fa3ce88c03ae20e48d73],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [a25877c80c70de58ae33c08bcb3839c7],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [03f771ce92ea1f170ce53471db29ec14],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [9d5dab94fb81f343ba57dcc19c68a45c],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [4caeac93324a8aacf9e76cdf778c9967],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [6e8c42fd3c40ab8bea020e32ad5642be],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [906a3f003448270ffaf392aece350ff1],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-990669769-1353233478-3139022197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Löschen bei Neustart, [a4562619dca053e395fc3b120cf7d42c],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-990669769-1353233478-3139022197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Löschen bei Neustart, [5d9d122d0e6e79bdfeae773dfe06cb35],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-990669769-1353233478-3139022197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Löschen bei Neustart, [47b31b24c8b47cbad92f70e1ee1542be],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-990669769-1353233478-3139022197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [fffb42fdb8c486b02c1e3a4126dda45c],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-990669769-1353233478-3139022197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [74868bb444380b2b8cf19df422e27c84],
 Registrierungswerte: 2
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [4caeac93324a8aacf9e76cdf778c9967]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-990669769-1353233478-3139022197-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, Löschen bei Neustart, [74868bb444380b2b8cf19df422e27c84]
 Registrierungsdaten: 7
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX),Ersetzt,[847676c9166666d0952668ede32256aa]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[40ba7bc46d0f78beb79e78dd1de8d62a]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}),Ersetzt,[659509362e4e86b0b505e17412f3a65a]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX),Ersetzt,[41b9c37c5d1f1b1b8b2e1d38d72ed12f]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX),Ersetzt,[c03a3a052d4f8aacd9e2c194c144b14f]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX&q={searchTerms}),Ersetzt,[62983d027a020c2a961e79d154b1c23e]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[d822ab9439431d19ff56e471bf4602fe]
 Ordner: 8
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [31c929166c107eb85810e33fa360cb35],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [31c929166c107eb85810e33fa360cb35],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [b644132c2854c96d6962ea3a3bc850b0],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [b644132c2854c96d6962ea3a3bc850b0],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [b644132c2854c96d6962ea3a3bc850b0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
 Dateien: 12
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [31c929166c107eb85810e33fa360cb35],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-08-04[16-17-31-891].log, In Quarantäne, [b644132c2854c96d6962ea3a3bc850b0],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-08-04[16-17-33-899].log, In Quarantäne, [b644132c2854c96d6962ea3a3bc850b0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [fcfe3d02f28ace68eaf17cae40c357a9],
 Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
 
(end)

schrauber 27.11.2014 10:39
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Marty60 27.11.2014 11:05
Sorry, hatte ich nicht bedacht. Bin auch gerade auf Arbeit. Brauchst Du die vier txt.-Dateien jetzt nochmal und soll ich die alle hintereinander in den Editor kopieren, oder soll
ich mit den letzten Anweisungen fortfahren?
Gruß Marty

schrauber 28.11.2014 08:32
nee einfach jetzt mit ESET und Co weiter machen :)

Marty60 29.11.2014 15:03
Liste der Anhänge anzeigen (Anzahl: 2)
Also, bei mir hängt sich eset nach 24% auf, da geht nichts mehr. 5 Sachen hat er bis dahin dann gefunden.
Ebenso friert Security Check ein, siehe Hardcopys.

Code:
C:\Qoobox\Quarantine\C\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe.vir        Variante von Win32/AdWare.EasySpeedCheck.A Anwendung
C:\Users\Martin\Downloads\formatconverter6_CB-DL-Manager.exe        Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung
C:\Users\Martin\Downloads\OpenAL-lnstall.exe        Win32/WinloadSDA.E evtl. unerwünschte Anwendung
C:\Users\Martin\Downloads\Picasa - CHIP-Installer.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\Martin\Downloads\wzmp_8.exe        Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung

Marty60 29.11.2014 15:05
und hier noch ein frisches FRSTlog


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Martin (administrator) on MARTIN-PC on 29-11-2014 14:50:04
Running from C:\Users\Martin\Downloads
Loaded Profile: Martin (Available profiles: Martin & Moni & Sötsch)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
() C:\Users\Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Valve Corporation) F:\Programme\sniper\Steam.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILPE.EXE
() F:\Programme\ScannerFinder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Geek Software GmbH) F:\PDF24\pdf24.exe
(Valve Corporation) F:\Programme\sniper\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
() C:\Program Files (x86)\Opera\25.0.1614.68\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [6311104 2014-07-18] (FNet Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PDFPrint] => F:\PDF24\pdf24.exe [193568 2014-11-12] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [Amazon Music] => C:\Users\Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [Google+ Auto Backup] => C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [Steam] => F:\Programme\sniper\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> F:\Programme\ScannerFinder.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57870;https=127.0.0.1:57870
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-990669769-1353233478-3139022197-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> F:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-990669769-1353233478-3139022197-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-990669769-1353233478-3139022197-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Martin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-11-17]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1407161841&from=cor&uid=TOSHIBAXDT01ACA100_Z3BL8ASNSXXZ3BL8ASNSX"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (        "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (        "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-19] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-07-21] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-07-18] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 14:49 - 2014-11-29 14:49 - 00000000 ____D () C:\Users\Martin\Downloads\FRST-OlderVersion
2014-11-28 17:57 - 2014-11-28 17:57 - 00854414 _____ () C:\Users\Martin\Downloads\SecurityCheck.exe
2014-11-28 15:13 - 2014-11-28 15:13 - 00192428 _____ () C:\Users\Sötsch\Documents\Bors-Ordner2.odt
2014-11-28 14:44 - 2014-11-28 14:45 - 00086362 _____ () C:\Users\Sötsch\Documents\Bors-Ordner.odt
2014-11-27 20:37 - 2014-11-28 17:52 - 00000588 _____ () C:\Users\Martin\Downloads\eset.txt
2014-11-27 18:37 - 2014-11-27 18:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-27 18:36 - 2014-11-27 18:36 - 02347384 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_deu.exe
2014-11-26 17:26 - 2014-11-29 14:50 - 00021832 _____ () C:\Users\Martin\Downloads\FRST.txt
2014-11-26 16:14 - 2014-11-26 16:14 - 00000626 _____ () C:\Users\Martin\Desktop\JRT.txt
2014-11-25 17:38 - 2014-11-25 17:38 - 01707532 _____ (Thisisu) C:\Users\Martin\Downloads\JRT.exe
2014-11-25 17:38 - 2014-11-25 17:38 - 00000000 ____D () C:\Windows\ERUNT
2014-11-25 17:26 - 2014-11-25 17:31 - 00000000 ____D () C:\AdwCleaner
2014-11-25 17:26 - 2014-11-25 17:26 - 02148864 _____ () C:\Users\Martin\Downloads\AdwCleaner_4.102.exe
2014-11-25 17:03 - 2014-11-25 17:24 - 00008613 _____ () C:\mbam.txt
2014-11-24 20:55 - 2014-11-25 17:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 20:55 - 2014-11-24 20:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-24 20:55 - 2014-11-24 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-24 20:55 - 2014-11-24 20:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 20:55 - 2014-11-24 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-24 20:55 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 20:55 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 20:55 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 20:54 - 2014-11-24 20:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-24 20:53 - 2014-11-24 20:53 - 04892480 _____ (WinZip International LLC ) C:\Users\Martin\Downloads\wzmp_8.exe
2014-11-24 17:49 - 2014-11-24 17:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-24 17:49 - 2014-11-24 17:49 - 00001468 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-24 17:39 - 2014-11-24 17:40 - 76360088 _____ (Adobe Systems Incorporated) C:\Users\Martin\Downloads\AdbeRdr11009_de_DE.exe
2014-11-24 17:34 - 2014-11-24 17:34 - 00000000 ____D () C:\Users\Martin\AppData\Local\PDF24
2014-11-23 22:02 - 2014-11-23 22:02 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-11-23 18:53 - 2014-11-23 18:53 - 00027383 _____ () C:\ComboFix.txt
2014-11-22 18:31 - 2014-11-29 14:50 - 00000000 ____D () C:\FRST
2014-11-22 18:28 - 2014-11-29 14:49 - 02117632 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2014-11-22 14:22 - 2014-11-22 14:22 - 01776424 _____ () C:\Users\Martin\Downloads\425225_intl_x64_zip (1).exe
2014-11-22 13:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-22 13:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-22 13:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-22 13:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-22 13:33 - 2014-11-23 18:53 - 00000000 ____D () C:\Qoobox
2014-11-22 13:33 - 2014-11-23 18:52 - 00000000 ____D () C:\Windows\erdnt
2014-11-22 13:28 - 2014-11-23 17:31 - 05598306 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2014-11-22 12:47 - 2014-11-22 12:47 - 01776424 _____ () C:\Users\Martin\Downloads\425225_intl_x64_zip.exe
2014-11-22 12:41 - 2014-11-22 12:41 - 00011317 _____ () C:\Users\Martin\Downloads\Dateizuordnungen korrigieren.zip
2014-11-22 12:39 - 2014-11-22 12:39 - 00019426 _____ () C:\Users\Martin\Downloads\Win7_Dateizuordnungen.zip
2014-11-22 12:14 - 2014-11-22 12:14 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Martin\Downloads\TDSSKiller30041.exe
2014-11-19 17:01 - 2014-11-19 17:01 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Epson
2014-11-19 16:30 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:30 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 16:24 - 2014-11-19 16:24 - 00000000 ____D () C:\Users\Sötsch\AppData\Roaming\Epson
2014-11-18 18:20 - 2014-11-18 18:20 - 00000598 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-11-18 18:20 - 2014-11-18 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-18 18:19 - 2014-11-18 18:19 - 16343840 _____ (Geek Software GmbH ) C:\Users\Martin\Downloads\pdf24-creator-6.9.1.exe
2014-11-18 18:10 - 2014-11-18 18:10 - 00002167 _____ () C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2014-11-18 18:10 - 2014-11-18 18:10 - 00000000 ____D () C:\ProgramData\UDL
2014-11-18 18:09 - 2014-11-18 18:09 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-11-17 22:08 - 2014-11-18 18:17 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Epson
2014-11-17 19:31 - 2014-11-17 19:31 - 03545416 _____ () C:\Users\Martin\Downloads\EpsonConnect130 (1).exe
2014-11-17 19:27 - 2014-11-17 19:27 - 03545416 _____ () C:\Users\Martin\Downloads\EpsonConnect130.exe
2014-11-17 19:26 - 2014-11-17 19:26 - 00001060 _____ () C:\Users\Public\Desktop\MyEpson Portal.lnk
2014-11-17 19:26 - 2014-11-17 19:26 - 00000854 _____ () C:\Users\Public\Desktop\Print CD.lnk
2014-11-17 19:13 - 2014-11-29 14:36 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {BF7B67FC-A0CE-47F1-8829-110F74F45B20}.job
2014-11-17 19:13 - 2014-11-29 14:36 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {BF7B67FC-A0CE-47F1-8829-110F74F45B20}.job
2014-11-17 19:13 - 2014-11-17 19:13 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON XP-710 Series Update {BF7B67FC-A0CE-47F1-8829-110F74F45B20}
2014-11-17 19:13 - 2014-11-17 19:13 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON XP-710 Series Invitation {BF7B67FC-A0CE-47F1-8829-110F74F45B20}
2014-11-17 19:13 - 2014-11-17 19:13 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-11-17 18:58 - 2014-11-17 18:58 - 00000000 __SHD () C:\Users\Martin\AppData\Local\EmieBrowserModeList
2014-11-17 18:57 - 2014-11-17 18:57 - 00000000 ____D () C:\Program Files\EpsonNet
2014-11-17 18:57 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2014-11-17 18:57 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2014-11-17 18:57 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2014-11-17 18:57 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2014-11-17 18:57 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2014-11-17 18:57 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2014-11-17 18:56 - 2014-11-17 18:56 - 00001144 _____ () C:\Users\Public\Desktop\EPSON-Handbücher.lnk
2014-11-17 18:56 - 2014-11-17 18:56 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-11-17 18:55 - 2014-11-18 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-11-17 18:55 - 2014-11-18 18:09 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-11-17 18:55 - 2014-11-17 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-11-17 18:55 - 2014-11-17 19:26 - 00000000 ____D () C:\Program Files (x86)\epson
2014-11-17 18:55 - 2014-11-17 18:55 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-11-17 18:55 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2014-11-17 18:55 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2014-11-17 18:48 - 2013-10-22 04:04 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMBLPE.DLL
2014-11-17 18:48 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BLPE.DLL
2014-11-17 18:48 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-11-17 18:44 - 2014-11-18 18:10 - 00000000 ____D () C:\ProgramData\Epson
2014-11-12 14:23 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 14:23 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 14:23 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 14:23 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 14:23 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 14:23 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 14:23 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 14:23 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 14:23 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 14:23 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 14:23 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 14:23 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 14:23 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 14:23 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 14:23 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 14:23 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 14:23 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 14:23 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 14:23 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 14:23 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 14:23 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 14:23 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 14:23 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 14:23 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 14:23 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 14:23 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 14:23 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 14:23 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 14:23 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 14:23 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 14:23 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 14:23 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 14:23 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 14:23 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 14:23 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 14:23 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 14:23 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 14:23 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 14:23 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 14:23 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 14:23 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 14:23 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 14:23 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 14:23 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 14:23 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 14:23 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 14:23 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 14:23 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 14:23 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 14:23 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 14:23 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 14:23 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 14:23 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 14:23 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 14:23 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 14:23 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 14:23 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 14:23 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 14:23 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 14:23 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 14:23 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:23 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:23 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:23 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:23 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 14:23 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 14:23 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 14:23 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 14:22 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:22 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 14:22 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 14:22 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 14:22 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 14:22 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 14:22 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:22 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 14:22 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 14:22 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 14:22 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 14:22 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 14:22 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 14:22 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 14:22 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 14:22 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 14:22 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 14:22 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:22 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 14:22 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 14:22 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 14:22 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 14:22 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-10 21:48 - 2014-11-03 21:25 - 00615568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-10 21:47 - 2014-11-04 01:04 - 31891784 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 24555208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 20923712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 18514080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 17259848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 14031448 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 13943904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 13207184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-10 21:47 - 2014-11-04 01:04 - 11397208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 11335408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 04289168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00962704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00922256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00898192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00870624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-10 21:47 - 2014-11-04 01:04 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-10 18:17 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-10 18:17 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-10 18:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-03 20:54 - 2014-11-03 21:37 - 00000000 ____D () C:\Users\Martin\Documents\Versicherungen
2014-11-01 12:45 - 2014-11-01 12:34 - 00000524 _____ () C:\Quarantine.lst
2014-11-01 12:45 - 2014-11-01 12:34 - 00000198 _____ () C:\Quarantine.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 14:50 - 2014-07-18 21:30 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-29 14:36 - 2014-07-19 14:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-29 10:46 - 2009-07-14 05:45 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 10:46 - 2009-07-14 05:45 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 10:39 - 2014-08-04 11:30 - 00000000 ____D () C:\Temp
2014-11-29 10:39 - 2014-07-18 21:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 10:38 - 2014-07-18 22:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-29 10:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 10:38 - 2009-07-14 05:51 - 00062331 _____ () C:\Windows\setupact.log
2014-11-29 10:34 - 2010-11-21 04:47 - 01027438 _____ () C:\Windows\PFRO.log
2014-11-29 10:29 - 2014-07-19 11:27 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000Core.job
2014-11-29 10:07 - 2014-07-18 21:12 - 02078930 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 14:27 - 2014-07-19 14:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 22:54 - 2014-07-19 14:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 22:54 - 2014-07-19 14:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 21:51 - 2014-07-18 21:30 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 18:32 - 2014-07-18 21:36 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Adobe
2014-11-24 17:50 - 2014-07-18 22:40 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Adobe
2014-11-24 17:48 - 2014-07-18 21:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-23 19:46 - 2014-07-20 15:17 - 00000000 ____D () C:\Users\Martin\AppData\Local\CrashDumps
2014-11-23 18:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-23 18:52 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-23 18:41 - 2014-07-19 14:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-22 12:51 - 2014-07-18 21:17 - 00000000 ____D () C:\Users\Martin\AppData\Local\VirtualStore
2014-11-19 16:24 - 2014-07-19 11:05 - 00086552 _____ () C:\Users\Sötsch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-18 18:18 - 2014-08-24 10:02 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe
2014-11-18 18:18 - 2014-07-18 21:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-18 18:09 - 2014-07-18 21:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 18:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-17 19:26 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\ShellNew
2014-11-17 18:43 - 2014-07-19 07:05 - 00700130 _____ () C:\Windows\system32\perfh007.dat
2014-11-17 18:43 - 2014-07-19 07:05 - 00149768 _____ () C:\Windows\system32\perfc007.dat
2014-11-17 18:43 - 2009-07-14 06:13 - 01622706 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 10:46 - 2014-07-18 22:36 - 00086552 _____ () C:\Users\Moni\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 18:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 17:45 - 2014-07-19 11:27 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000UA
2014-11-13 17:45 - 2014-07-19 11:27 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000Core
2014-11-13 17:45 - 2014-07-19 11:27 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-990669769-1353233478-3139022197-1000UA.job
2014-11-13 17:45 - 2014-07-18 21:30 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 17:45 - 2014-07-18 21:30 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 17:39 - 2014-07-18 21:23 - 00086552 _____ () C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 17:38 - 2009-07-14 05:45 - 00342584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 17:36 - 2014-07-19 10:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 22:02 - 2014-07-19 10:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 22:00 - 2014-10-29 22:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 21:58 - 2014-10-29 22:24 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 21:48 - 2014-07-18 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-10 21:48 - 2014-07-18 21:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-06 18:06 - 2014-07-29 16:21 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-06 18:06 - 2014-07-29 16:21 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-06 18:06 - 2014-07-18 22:02 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-06 18:06 - 2014-07-18 22:02 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-04 01:04 - 2014-10-09 18:18 - 02849736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-04 01:04 - 2014-07-18 21:59 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-04 01:04 - 2014-07-18 21:59 - 00059592 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 20985544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 03238040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 00987520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-04 01:04 - 2014-07-18 21:52 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-03 23:02 - 2014-07-18 22:00 - 06882448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-03 23:02 - 2014-07-18 22:00 - 03531464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-03 23:02 - 2014-07-18 22:00 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-03 23:02 - 2014-07-18 22:00 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-03 23:02 - 2014-07-18 22:00 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-03 23:02 - 2014-07-18 22:00 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-03 12:58 - 2014-07-18 22:00 - 04099264 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-01 12:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 21:41 - 2014-07-18 22:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1405717824
2014-10-30 21:41 - 2014-07-18 22:10 - 00000000 ____D () C:\Program Files (x86)\Opera

Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\avgnt.exe
C:\Users\Martin\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Martin\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
C:\Users\Moni\AppData\Local\Temp\avgnt.exe
C:\Users\Sötsch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 20:02

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 30.11.2014 08:41
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57870;https=127.0.0.1:57870
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles. Noch Probleme?

Marty60 30.11.2014 20:04
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2014
Ran by Martin at 2014-11-30 20:01:05 Run:2
Running from C:\Users\Martin\Downloads
Loaded Profile: Martin (Available profiles: Martin & Moni & Sötsch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57870;https=127.0.0.1:57870
HKU\S-1-5-21-990669769-1353233478-3139022197-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
"HKU\S-1-5-21-990669769-1353233478-3139022197-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
EmptyTemp: => Removed 74 KB temporary data.


The system needed a reboot.

==== End of Fixlog ====

schrauber 01.12.2014 19:21
und die beiden neuen FRST logs?


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:28 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131