Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.06.2013, 08:22   #1
DukeYGO
 
FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Beitrag

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Moin erstmal,

ich habe nach einem Scan am heutigen frühen Morgen mit Avast herausgefunden, dass sich FindLyrics auf meinem Pc befindet.
Leider weiß ich nicht wo ich den Avast Log finden kann, da diese Dateien scheinbar gut versteckt sind. :/
Secunia hab ich schon installiert. Ich wollte dann auch im Anschluss gerne nochmal diese Seite bzgl der Profile gegen alles möglich haben, wo diese Cookies u.a. mit geblockt werden.

Außerdem steht überall was von Yontoo?...damit kann ich mal gar nix anfangen.

Ich habe aber schon den OTL und den GMER Scan bereit, wobei OTL aus i-einem Grund keine Extra.txt auswarf:

Code:
ATTFilter
OTL logfile created on: 28.06.2013 05:43:45 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 63,22% Memory free
7,50 Gb Paging File | 6,05 Gb Available in Paging File | 80,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 197,34 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
Drive D: | 76,69 Gb Total Space | 9,92 Gb Free Space | 12,93% Space Free | Partition Type: NTFS
 
Computer Name: xxx| User Name: xxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.28 05:43:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.05.01 06:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013.05.01 06:11:08 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2013.04.18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 03:07:00 | 000,136,616 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
PRC - [2010.04.08 20:10:24 | 005,687,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
PRC - [2009.12.28 22:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.28 04:31:25 | 000,013,600 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013.05.15 06:57:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 06:57:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.04.20 00:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013.02.07 22:31:00 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.07 22:30:33 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll
MOD - [2013.02.07 22:30:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.07 22:30:15 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.11.21 05:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.21 05:24:25 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010.11.21 05:23:56 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010.11.21 05:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.12.08 22:37:18 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\pngio.dll
MOD - [2009.12.08 22:37:18 | 000,135,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\TVOCLIB.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.07 21:51:09 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.11 20:45:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.21 03:07:00 | 000,136,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.28 22:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.27 21:58:31 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.06.27 21:58:31 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.06.27 21:58:31 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.18 15:55:50 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013.02.07 21:51:18 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2013.02.07 21:51:17 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2013.02.07 21:51:09 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013.02.07 20:12:49 | 001,488,896 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.09.28 04:12:10 | 000,023,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UHSfiltv.sys -- (UHSfiltv)
DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.08.23 14:08:08 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.24 19:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.05.21 03:06:52 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.20 19:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.08 14:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2013.05.13 20:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hf2irw73.default\extensions
[2013.05.08 20:34:39 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\hf2irw73.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.27 03:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.27 03:57:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.02.25 03:13:22 | 000,572,148 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  csh.actiondesk.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  cms.ad2click.nl
O1 - Hosts: 15484 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9674CBAF-6D39-479D-9BDA-7ECCDB552EF6}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.28 05:43:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2013.06.27 18:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.27 18:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.27 04:29:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\.minecraft
[2013.06.19 21:19:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.06.16 16:30:05 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.06.16 16:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.28 05:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.28 05:43:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2013.06.28 04:41:28 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 04:41:28 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 04:29:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.28 04:29:52 | 351,309,356 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.28 04:29:51 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.27 21:58:31 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.27 21:58:31 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.27 21:58:31 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.27 21:58:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.27 21:58:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.27 21:58:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.27 04:29:10 | 000,263,186 | ---- | M] () -- C:\Users\xxx\Desktop\Minecraft.exe
[2013.06.27 03:57:51 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.19 20:54:29 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.06.19 20:30:03 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.19 20:30:03 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.19 20:30:03 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.19 20:30:03 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.19 20:30:03 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.06.27 21:58:31 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.27 04:29:09 | 000,263,186 | ---- | C] () -- C:\Users\xxx\Desktop\Minecraft.exe
[2013.06.26 19:22:04 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.26 19:22:04 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.19 20:54:29 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.06.19 20:54:29 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.06.16 16:29:51 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.06.16 16:29:44 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.05.13 20:03:25 | 000,004,509 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\CamStudio.cfg
[2013.03.02 14:40:04 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2013.02.05 18:17:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013.02.04 21:41:40 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013.02.04 21:41:40 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013.02.04 21:37:38 | 000,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll
[2013.02.04 21:37:35 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.02.04 20:43:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 04:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 04:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.09.28 04:12:10 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.27 18:07:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\.minecraft
[2013.02.16 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2013.05.13 22:12:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client
[2013.06.28 04:31:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 

< End of report >
         
Gmer Scan im Archiv Anhang

Alt 28.06.2013, 09:28   #2
schrauber
/// the machine
/// TB-Ausbilder
 

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 28.06.2013, 10:23   #3
DukeYGO
 
FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Erstmal danke Schrauber, das du deine Zeit opferst um zu helfen


Dieses Yontoo ist schon wieder in den Scans gelistet ohne das ich es je installiert habe :/
Falls du mich wie andere hier fragst was DevPro ist.
Dabei handelt es sich ähnlich wie bei Minecraft um ein Programm, an dem ein Kollege teilweise mitarbeitet. Es dient zum Testen eines Hobbys.

Hier die gewünschten Scans (bitte nicht Wundern, habe meinen Namen mit xxx zensiert):

FRST Scan:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by xxx(administrator) on 28-06-2013 11:13:42
Running from C:\Users\xxx\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Yontoo LLC) C:\Users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft) C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [Yontoo Desktop] "C:\Users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe" [42784 2013-05-01] (Yontoo LLC)
HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5687424 2010-04-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default
FF user.js: detected! => C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins

==================== Services (Whitelisted) =================

R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
R2 Yontoo Desktop Updater; C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552 2013-05-01] (Microsoft)

==================== Drivers (Whitelisted) ====================

R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 08:40 - 2013-06-28 08:40 - 00096969 ____A C:\Users\xxx\Desktop\gmer.log
2013-06-28 05:48 - 2013-06-28 05:48 - 00065072 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:07 - 2013-06-27 18:08 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 04:29 - 2013-06-27 18:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:17 - 2013-06-19 21:18 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-19 20:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-19 20:45 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-19 20:45 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-19 20:45 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-19 20:45 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-19 20:45 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:27 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-16 16:27 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-16 16:20 - 2013-06-16 16:25 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-13 19:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 19:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 19:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 19:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 19:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 19:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 19:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 11:11 - 2013-02-08 21:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-06-28 10:45 - 2013-03-02 10:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 09:14 - 2013-03-02 14:37 - 00000000 ____D C:\Users\xxx\Desktop\Systemüberprüfung
2013-06-28 09:03 - 2009-07-14 06:51 - 00056096 ____A C:\Windows\setupact.log
2013-06-28 08:49 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 08:49 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 08:43 - 2013-05-13 20:02 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Yontoo
2013-06-28 08:42 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 08:41 - 2013-02-04 20:43 - 01840622 ____A C:\Windows\WindowsUpdate.log
2013-06-28 08:40 - 2013-06-28 08:40 - 00096969 ____A C:\Users\xxx\Desktop\gmer.log
2013-06-28 05:48 - 2013-06-28 05:48 - 00065072 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-28 04:30 - 2013-03-30 19:07 - 00000000 ____D C:\Windows\Minidump
2013-06-28 04:29 - 2013-03-30 19:07 - 351309356 ____A C:\Windows\MEMORY.DMP
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 21:58 - 2013-04-24 15:09 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:10 - 2013-02-08 14:06 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-27 18:10 - 2013-02-08 14:06 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-27 18:08 - 2013-06-27 18:07 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 18:07 - 2013-06-27 04:29 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 17:55 - 2013-02-08 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-27 03:57 - 2013-04-12 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 03:57 - 2013-02-08 14:05 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-26 22:00 - 2013-05-24 20:45 - 00000000 ____D C:\Users\xxx\Desktop\DevPro
2013-06-22 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:18 - 2013-06-19 21:17 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:54 - 2013-03-22 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-19 20:30 - 2010-11-21 08:50 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-19 20:30 - 2010-11-21 08:50 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-19 20:30 - 2009-07-14 07:13 - 01518986 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 20:21 - 2010-11-21 05:47 - 00012164 ____A C:\Windows\PFRO.log
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-18 20:04 - 2013-05-25 18:39 - 00000000 ____D C:\Users\xxx\Desktop\TCG_A
2013-06-16 17:31 - 2013-02-16 01:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2013-02-16 01:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:25 - 2013-06-16 16:20 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-14 00:19 - 2013-03-02 05:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-14 00:19 - 2013-02-08 14:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 22:14 - 2013-02-05 19:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 20:33

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition Log

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by xxx at 2013-06-28 11:14:07
Running from C:\Users\xxx\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
AMD OverDrive (x32 Version: 3.2.2.0452)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.18)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Auslogics Disk Defrag (x32 Version: 3.6)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Light (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center HydraVision Full (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Localization All (x32 Version: 2009.0614.2131.36800)
CCC Help Chinese Standard (x32 Version: 2009.0614.2130.36800)
CCC Help Chinese Traditional (x32 Version: 2009.0614.2130.36800)
CCC Help Czech (x32 Version: 2009.0614.2130.36800)
CCC Help Danish (x32 Version: 2009.0614.2130.36800)
CCC Help Dutch (x32 Version: 2009.0614.2130.36800)
CCC Help English (x32 Version: 2009.0614.2130.36800)
CCC Help Finnish (x32 Version: 2009.0614.2130.36800)
CCC Help French (x32 Version: 2009.0614.2130.36800)
CCC Help German (x32 Version: 2009.0614.2130.36800)
CCC Help Greek (x32 Version: 2009.0614.2130.36800)
CCC Help Hungarian (x32 Version: 2009.0614.2130.36800)
CCC Help Italian (x32 Version: 2009.0614.2130.36800)
CCC Help Japanese (x32 Version: 2009.0614.2130.36800)
CCC Help Korean (x32 Version: 2009.0614.2130.36800)
CCC Help Norwegian (x32 Version: 2009.0614.2130.36800)
CCC Help Polish (x32 Version: 2009.0614.2130.36800)
CCC Help Portuguese (x32 Version: 2009.0614.2130.36800)
CCC Help Russian (x32 Version: 2009.0614.2130.36800)
CCC Help Spanish (x32 Version: 2009.0614.2130.36800)
CCC Help Swedish (x32 Version: 2009.0614.2130.36800)
CCC Help Thai (x32 Version: 2009.0614.2130.36800)
CCC Help Turkish (x32 Version: 2009.0614.2130.36800)
ccc-core-static (x32 Version: 2009.0614.2131.36800)
ccc-utility64 (Version: 2009.0614.2131.36800)
D3DX10 (x32 Version: 15.4.2368.0902)
Fotogalerie (x32 Version: 16.4.3508.0205)
HydraVision (x32 Version: 4.2.108.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5880)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Secunia PSI (3.0.0.7009) (x32 Version: 3.0.0.7009)
Skype™ 6.5 (x32 Version: 6.5.158)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (HKCU Version: 3.0.10.1)
TurboV (x32 Version: 1.02.05)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Yontoo 2.053 (Version: 2.053)

==================== Restore Points  =========================

16-06-2013 14:26:45 Windows Live Essentials
16-06-2013 14:27:29 DirectX wurde installiert
16-06-2013 14:27:53 DirectX wurde installiert
16-06-2013 14:28:06 DirectX wurde installiert
16-06-2013 14:28:38 WLSetup
18-06-2013 17:36:04 Windows Update
19-06-2013 18:16:12 Revo Uninstaller's restore point - Secunia PSI (3.0.0.6005)
19-06-2013 18:28:14 Windows Update
19-06-2013 18:44:52 Windows Update
19-06-2013 18:45:01 Revo Uninstaller's restore point - Secunia PSI (3.0.0.7009)
19-06-2013 18:59:57 Windows Update
19-06-2013 19:17:11 Installed Java 7 Update 25
19-06-2013 19:18:47 Removed Java 7 Update 21 (64-bit)
25-06-2013 16:11:57 Windows Update
27-06-2013 16:08:45 Removed Java 7 Update 25
27-06-2013 16:09:58 Installed Java 7 Update 25

==================== Hosts content: ==========================
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  cms.ad2click.nl
127.0.0.1  ad2games.com
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  banner.ad.nu

There are more than 1000 lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {02C9BA4F-42AC-45BF-AFC9-DD5D3D475C58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {2A889B86-5664-46B2-9EFE-864B53292EBD} - System32\Tasks\ASUS\i-Setup203735 => C:\Windows\AMD_Chipset_V307320_Windows7\AsusSetup.exe [2013-02-07] (ASUSTek)
Task: {AB561088-A822-47F0-B05E-6DFD95E74C4A} - System32\Tasks\ASUS\i-Setup205132 => C:\Windows\AMD_Chipset_V307320_Windows7\AsusSetup.exe [2013-02-07] (ASUSTek)
Task: {AF7DD9E7-CB7B-4F0A-9DBF-ACEF859E345D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {CF3BA66B-6CFB-43B3-9902-6E5CA599271B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {D7B33AC5-B255-4902-9371-AA31F96FE7DC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {E00A506D-365D-480A-B43B-E5E12F43D780} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: D-Link DWA-547 RangeBooster N650 Desktop Adapter
Description: D-Link DWA-547 RangeBooster N650 Desktop Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: D-Link Corporation
Service: athr
Problem: : Your computer's system firmware does not include enough information to properly configure and use this device. To use this device, contact your computer manufacturer to obtain a firmware or BIOS update. (Code 35)
Resolution: The Multiprocessor System (MPS) table, which stores the resource assignments for the BIOS, is missing an entry for your device and needs to be updated.
Obtain a new BIOS from the system vendor.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2013 08:43:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 04:31:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2013 06:09:25 PM) (Source: MsiInstaller) (User: xxx)
Description: Produkt: Java 7 Update 25 -- Fehler 1500. Im Augenblick wird eine weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen, bevor Sie mit dieser Installation fortfahren können.

Error: (06/27/2013 05:57:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2013 04:31:21 AM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7d8

Startzeit: 01ce72de4d4b6915

Endzeit: 21

Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Berichts-ID: a4ea1dcc-ded1-11e2-8eff-00248ca77df0

Error: (06/27/2013 04:30:31 AM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9b0

Startzeit: 01ce72de27b04a70

Endzeit: 28

Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Berichts-ID: 8862138b-ded1-11e2-8eff-00248ca77df0

Error: (06/27/2013 03:53:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2013 10:08:29 PM) (Source: Application Hang) (User: )
Description: Programm devpro.dll, Version 1.0.3.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1438

Startzeit: 01ce72a89835512f

Endzeit: 10

Anwendungspfad: C:\Users\xxx\Desktop\DevPro\devpro.dll

Berichts-ID: 2977f5df-de9c-11e2-a61a-00248ca77df0

Error: (06/26/2013 10:06:04 PM) (Source: Application Hang) (User: )
Description: Programm devpro.dll, Version 1.0.3.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14f0

Startzeit: 01ce72a7dd6b420a

Endzeit: 20

Anwendungspfad: C:\Users\xxx\Desktop\DevPro\devpro.dll

Berichts-ID: d336efb2-de9b-11e2-a61a-00248ca77df0

Error: (06/26/2013 01:08:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/28/2013 09:03:24 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/28/2013 09:03:24 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/28/2013 09:03:23 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/28/2013 09:03:22 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/28/2013 04:33:01 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/28/2013 04:33:01 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/28/2013 04:32:59 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/28/2013 04:32:58 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/28/2013 04:30:12 AM) (Source: BugCheck) (User: )
Description: 0x0000001a (0x0000000000000411, 0xfffff680000750a0, 0x00000000c001fad2, 0xfffff6800008a219)C:\Windows\MEMORY.DMP062813-25303-01

Error: (06/27/2013 05:58:55 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (06/28/2013 08:43:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 04:31:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2013 06:09:25 PM) (Source: MsiInstaller)(User: xxx)
Description: Produkt: Java 7 Update 25 -- Fehler 1500. Im Augenblick wird eine weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen, bevor Sie mit dieser Installation fortfahren können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/27/2013 05:57:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2013 04:31:21 AM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.250.167d801ce72de4d4b691521C:\Program Files (x86)\Java\jre7\bin\javaw.exea4ea1dcc-ded1-11e2-8eff-00248ca77df0

Error: (06/27/2013 04:30:31 AM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.250.169b001ce72de27b04a7028C:\Program Files (x86)\Java\jre7\bin\javaw.exe8862138b-ded1-11e2-8eff-00248ca77df0

Error: (06/27/2013 03:53:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2013 10:08:29 PM) (Source: Application Hang)(User: )
Description: devpro.dll1.0.3.1143801ce72a89835512f10C:\Users\xxx\Desktop\DevPro\devpro.dll2977f5df-de9c-11e2-a61a-00248ca77df0

Error: (06/26/2013 10:06:04 PM) (Source: Application Hang)(User: )
Description: devpro.dll1.0.3.114f001ce72a7dd6b420a20C:\Users\xxx\Desktop\DevPro\devpro.dlld336efb2-de9b-11e2-a61a-00248ca77df0

Error: (06/26/2013 01:08:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3839.18 MB
Available physical RAM: 2158.49 MB
Total Pagefile: 7676.54 MB
Available Pagefile: 5837.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:195.74 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:76.69 GB) (Free:9.92 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 47F55653)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 77 GB) (Disk ID: 275D275C)
Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 28.06.2013, 16:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.06.2013, 18:05   #5
DukeYGO
 
FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Ich soll lediglich die Viren-Scanner deaktivieren?
Die Internetverbindung soll offen bleiben?

Edit: Habs mit offener Internetverbindung durchgezogen.
Hier das Log

Code:
ATTFilter
ComboFix 13-06-28.01 - xxx 28.06.2013  19:08:37.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3839.2447 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-28 bis 2013-06-28  ))))))))))))))))))))))))))))))
.
.
2013-06-28 17:15 . 2013-06-28 17:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-28 09:13 . 2013-06-28 09:13	--------	d-----w-	C:\FRST
2013-06-27 16:10 . 2013-06-27 16:10	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-06-27 16:10 . 2013-06-27 16:10	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-27 16:10 . 2013-06-27 16:10	--------	d-----w-	c:\program files (x86)\Java
2013-06-27 02:29 . 2013-06-27 16:07	--------	d-----w-	c:\users\xxx\AppData\Roaming\.minecraft
2013-06-27 01:57 . 2013-06-18 14:22	263576	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-25 16:17 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3A6869C-549C-4880-9F61-6A43F3900734}\mpengine.dll
2013-06-19 19:19 . 2013-06-19 19:19	--------	d-----w-	c:\windows\system32\appmgmt
2013-06-19 18:58 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-06-19 18:58 . 2013-04-17 06:24	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-16 14:30 . 2013-06-16 14:30	--------	d-----w-	c:\windows\de
2013-06-16 14:29 . 2013-06-16 14:29	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 14:28 . 2010-06-02 02:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2013-06-16 14:28 . 2010-06-02 02:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2013-06-16 14:28 . 2010-06-02 02:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2013-06-16 14:28 . 2010-06-02 02:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2013-06-16 14:28 . 2010-05-26 09:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2013-06-16 14:28 . 2010-05-26 09:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2013-06-16 14:28 . 2010-05-26 09:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2013-06-16 14:28 . 2010-05-26 09:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2013-06-16 14:28 . 2009-09-04 15:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2013-06-16 14:28 . 2009-09-04 15:29	523088	----a-w-	c:\windows\system32\d3dx10_42.dll
2013-06-16 14:27 . 2006-11-29 11:06	4398360	----a-w-	c:\windows\system32\d3dx9_32.dll
2013-06-16 14:27 . 2006-11-29 11:06	3426072	----a-w-	c:\windows\SysWow64\d3dx9_32.dll
2013-06-16 14:27 . 2013-06-16 14:27	94040	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8f3755231ce6a9d04\DSETUP.dll
2013-06-16 14:27 . 2013-06-16 14:27	525656	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8f3755231ce6a9d04\DXSETUP.exe
2013-06-16 14:27 . 2013-06-16 14:27	1691480	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8f3755231ce6a9d04\dsetup32.dll
2013-06-16 14:26 . 2013-06-16 14:26	537432	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8e2a59a41ce6a9d03\DXSETUP.exe
2013-06-16 14:26 . 2013-06-16 14:26	1801048	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8e2a59a41ce6a9d03\dsetup32.dll
2013-06-16 14:26 . 2013-06-16 14:26	89944	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8e2a59a41ce6a9d03\DSETUP.dll
2013-06-16 14:26 . 2013-06-16 14:26	89944	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8c25cf091ce6a9d02\DSETUP.dll
2013-06-16 14:26 . 2013-06-16 14:26	537432	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8c25cf091ce6a9d02\DXSETUP.exe
2013-06-16 14:26 . 2013-06-16 14:26	1801048	-c--a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8c25cf091ce6a9d02\dsetup32.dll
2013-06-13 17:43 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-13 17:43 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-13 17:43 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-13 17:43 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-13 17:43 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-06-13 17:42 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-06-13 17:42 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-13 17:42 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-13 17:42 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-06-13 17:42 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-13 17:42 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-06-13 17:42 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-06-13 17:42 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-13 17:42 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-13 17:42 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-06-13 17:42 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-13 17:42 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 19:58 . 2013-04-24 13:09	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:58 . 2013-04-24 13:09	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:58 . 2013-04-24 13:09	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 16:10 . 2013-02-08 12:06	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-27 16:10 . 2013-02-08 12:06	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-13 20:14 . 2013-02-05 17:38	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-11 18:45 . 2013-02-04 19:23	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 18:45 . 2013-02-04 19:23	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 05:03 . 2012-07-17 13:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-04-24 13:09	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-04-24 13:09	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-24 13:09	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-04-24 13:09	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-04-24 13:09	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-04-24 13:08	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-04 19:10	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-06 13:39 . 2013-05-15 04:49	9060352	----a-w-	c:\windows\system32\mshtml.dll
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-19 19:06 . 2013-02-08 12:07	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-19 19:06 . 2013-02-08 12:07	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-18 13:55 . 2013-04-18 13:55	18456	----a-w-	c:\windows\system32\drivers\psi_mf_amd64.sys
2013-04-13 05:49 . 2013-05-15 04:50	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 04:50	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 04:50	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 04:50	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 04:50	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 04:50	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:29	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 04:50	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 04:50	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 04:49	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2013-03-09 12:31	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-05-01 04:12	197920	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"Yontoo Desktop"="c:\users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-05-01 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV"="c:\program files (x86)\ASUS\TurboV\TurboV.exe" [2010-04-08 5687424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
S3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-04 18:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extentions.y2layers.installId - 46837ead-54ed-49d5-86ee-d20c79c09ce7
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-28  19:24:16
ComboFix-quarantined-files.txt  2013-06-28 17:24
.
Vor Suchlauf: 7 Verzeichnis(se), 210.006.749.184 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 210.632.818.688 Bytes frei
.
- - End Of File - - 7231EFE495CCDFD0CCBA688F0245E703
A36C5E4F47E84449FF07ED3517B43A31
         
Ich habe noch eine Frage nebenher, die mich grad wurmt..
Es geht immernoch um dieses Yontoo.
Es wird mir unter Programme und Funktionen angezeigt, allerdings nicht wenn ich den Revo Uninstaller nutze.
Der findet sonst ja auch eigtl alles...


Geändert von DukeYGO (28.06.2013 um 18:34 Uhr)

Alt 28.06.2013, 18:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Das is Adware, die weigert sich halt en bissl

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.
__________________
--> FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}

Alt 28.06.2013, 19:17   #7
DukeYGO
 
FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Anmerkung...pfiffig wie ich bin, hab ich den ersten Log von AdwCleaner nicht gespeichert, hab dann den gleichen Scan nochmal durchgeführt, keine Ahnung ob das gleichwertig ist...

Anmerkung 2:
Neuerdings erscheint jetzt die Meldung beim Start...von Asus geöffnet offenbar:

C:\Users\xxx\AppData\Temp\205132Logs.iniis lost

Ist das ne wichtige Anmerkung?

Hier der AdwLog

Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 28/06/2013 um 19:56:15 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : xxx - xxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3298 octets] - [28/06/2013 19:52:34]
AdwCleaner[S2].txt - [782 octets] - [28/06/2013 19:56:15]

########## EOF - C:\AdwCleaner[S2].txt - [841 octets] ##########
         
JRT LOG

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by xxx on 28.06.2013 at 20:00:29,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\hf2irw73.default\minidumps [96 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.06.2013 at 20:04:48,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Neuer FRST Log:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by xxx (administrator) on 28-06-2013 20:05:09
Running from C:\Users\xxx\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5687424 2010-04-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins

==================== Services (Whitelisted) =================

R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)

==================== Drivers (Whitelisted) ====================

R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-28 20:04 - 2013-06-28 20:04 - 00000755 ____A C:\Users\xxx\Desktop\JRT.txt
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:58 - 2013-06-28 19:58 - 00000909 ____A C:\Users\xxx\Desktop\AdwCleaner[S2].txt
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:51 - 2013-06-28 19:51 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-06-28 19:50 - 2013-06-28 19:50 - 00648201 ____A C:\Users\xxx\Desktop\adwcleaner.exe
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\Qoobox
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\ComboFix
2013-06-28 19:07 - 2013-06-28 19:22 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-28 19:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-28 19:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-28 19:04 - 2013-06-28 19:04 - 05083661 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-06-28 11:14 - 2013-06-28 11:14 - 00018474 ____A C:\Users\xxx\Desktop\Addition.txt
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 08:40 - 2013-06-28 08:40 - 00096969 ____A C:\Users\xxx\Desktop\gmer.log
2013-06-28 05:48 - 2013-06-28 05:48 - 00065072 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:07 - 2013-06-27 18:08 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 04:29 - 2013-06-27 18:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:17 - 2013-06-19 21:18 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-19 20:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-19 20:45 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-19 20:45 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-19 20:45 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-19 20:45 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-19 20:45 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:27 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-16 16:27 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-16 16:20 - 2013-06-16 16:25 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-13 19:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 19:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 19:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 19:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 19:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 19:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 19:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-06-28 20:05 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 20:05 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 20:04 - 2013-06-28 20:04 - 00000755 ____A C:\Users\xxx\Desktop\JRT.txt
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 20:00 - 2013-02-08 21:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-06-28 19:58 - 2013-06-28 19:58 - 00000909 ____A C:\Users\xxx\Desktop\AdwCleaner[S2].txt
2013-06-28 19:57 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 19:57 - 2009-07-14 06:51 - 00056712 ____A C:\Windows\setupact.log
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:53 - 2013-02-04 20:43 - 01878552 ____A C:\Windows\WindowsUpdate.log
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:51 - 2013-06-28 19:51 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-06-28 19:50 - 2013-06-28 19:50 - 00648201 ____A C:\Users\xxx\Desktop\adwcleaner.exe
2013-06-28 19:45 - 2013-03-02 10:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 19:25 - 2010-11-21 05:47 - 00012716 ____A C:\Windows\PFRO.log
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\Qoobox
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\ComboFix
2013-06-28 19:22 - 2013-06-28 19:07 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-28 19:04 - 2013-06-28 19:04 - 05083661 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-06-28 11:14 - 2013-06-28 11:14 - 00018474 ____A C:\Users\xxx\Desktop\Addition.txt
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 09:14 - 2013-03-02 14:37 - 00000000 ____D C:\Users\xxx\Desktop\Systemüberprüfung
2013-06-28 08:40 - 2013-06-28 08:40 - 00096969 ____A C:\Users\xxx\Desktop\gmer.log
2013-06-28 05:48 - 2013-06-28 05:48 - 00065072 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-28 04:30 - 2013-03-30 19:07 - 00000000 ____D C:\Windows\Minidump
2013-06-28 04:29 - 2013-03-30 19:07 - 351309356 ____A C:\Windows\MEMORY.DMP
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 21:58 - 2013-04-24 15:09 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:10 - 2013-02-08 14:06 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-27 18:10 - 2013-02-08 14:06 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-27 18:08 - 2013-06-27 18:07 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 18:07 - 2013-06-27 04:29 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 17:55 - 2013-02-08 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-27 03:57 - 2013-04-12 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 03:57 - 2013-02-08 14:05 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-26 22:00 - 2013-05-24 20:45 - 00000000 ____D C:\Users\xxx\Desktop\DevPro
2013-06-22 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:18 - 2013-06-19 21:17 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:54 - 2013-03-22 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-19 20:30 - 2010-11-21 08:50 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-19 20:30 - 2010-11-21 08:50 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-19 20:30 - 2009-07-14 07:13 - 01518986 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-18 20:04 - 2013-05-25 18:39 - 00000000 ____D C:\Users\xxx\Desktop\TCG_A
2013-06-16 17:31 - 2013-02-16 01:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2013-02-16 01:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:25 - 2013-06-16 16:20 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-14 00:19 - 2013-03-02 05:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-14 00:19 - 2013-02-08 14:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 22:14 - 2013-02-05 19:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 20:33

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 29.06.2013, 09:04   #8
schrauber
/// the machine
/// TB-Ausbilder
 

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Da fehlt ne temp-Datei, entfernen wir nachher. erstmal nach Überresten scannen.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 10:48   #9
DukeYGO
 
FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



So, ich habe alle Scans durchgeführt und im Vorhinein nochmal eine Frage.
Java ist ja eh recht unsicher, ich halte das aber immer mit Secunia up to date.
Ich hab aber die 32 bit version installiert, mein Pc läuft aber auf 64 bit.
Wäre es sinnvoll umzusteigen?

Die MVP Hostfiles werde ich im Anschluss auch mal wieder updaten...wird nötig nach 3 Monaten Da hab ich zugegebener Maßen geschlampt ^^


Hier die Scans:

Eset

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c597cae99355c641a16eafe6358ce2cb
# engine=14197
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-29 09:21:58
# local_time=2013-06-29 11:21:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 134607 149211190 0 0
# compatibility_mode=5893 16776573 100 94 17217 124127568 0 0
# scanned=133086
# found=0
# cleaned=0
# scan_time=3606
         
Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Secunia PSI (3.0.0.7009)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST Log 3


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by xxx (administrator) on 29-06-2013 11:40:34
Running from C:\Users\xxx\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5687424 2010-04-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins

==================== Services (Whitelisted) =================

R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)

==================== Drivers (Whitelisted) ====================

R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 11:38 - 2013-06-29 11:38 - 00000820 ____A C:\Users\xxx\Desktop\checkup.txt
2013-06-29 10:18 - 2013-06-29 10:18 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-06-29 10:17 - 2013-06-29 10:17 - 02347384 ____A (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-28 20:51 - 2013-06-29 11:39 - 00000000 ____D C:\Users\xxx\Desktop\Neueste Scanversionen
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\Qoobox
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\ComboFix
2013-06-28 19:07 - 2013-06-28 19:22 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-28 19:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-28 19:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:07 - 2013-06-27 18:08 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 04:29 - 2013-06-28 23:33 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:17 - 2013-06-19 21:18 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-19 20:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-19 20:45 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-19 20:45 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-19 20:45 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-19 20:45 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-19 20:45 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:27 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-16 16:27 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-16 16:20 - 2013-06-16 16:25 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-13 19:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 19:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 19:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 19:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 19:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 19:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 19:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-06-29 11:39 - 2013-06-28 20:51 - 00000000 ____D C:\Users\xxx\Desktop\Neueste Scanversionen
2013-06-29 11:38 - 2013-06-29 11:38 - 00000820 ____A C:\Users\xxx\Desktop\checkup.txt
2013-06-29 11:37 - 2013-02-08 21:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-06-29 10:45 - 2013-03-02 10:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 10:18 - 2013-06-29 10:18 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-06-29 10:17 - 2013-06-29 10:17 - 02347384 ____A (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-29 09:50 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-29 09:50 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-29 09:47 - 2009-07-14 06:51 - 00057048 ____A C:\Windows\setupact.log
2013-06-29 09:44 - 2013-02-04 20:43 - 01934770 ____A C:\Windows\WindowsUpdate.log
2013-06-29 09:40 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 23:33 - 2013-06-27 04:29 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:25 - 2010-11-21 05:47 - 00012716 ____A C:\Windows\PFRO.log
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\Qoobox
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\ComboFix
2013-06-28 19:22 - 2013-06-28 19:07 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 09:14 - 2013-03-02 14:37 - 00000000 ____D C:\Users\xxx\Desktop\Systemüberprüfung
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-28 04:30 - 2013-03-30 19:07 - 00000000 ____D C:\Windows\Minidump
2013-06-28 04:29 - 2013-03-30 19:07 - 351309356 ____A C:\Windows\MEMORY.DMP
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 21:58 - 2013-04-24 15:09 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:10 - 2013-02-08 14:06 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-27 18:10 - 2013-02-08 14:06 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-27 18:08 - 2013-06-27 18:07 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 17:55 - 2013-02-08 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-27 03:57 - 2013-04-12 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 03:57 - 2013-02-08 14:05 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-26 22:00 - 2013-05-24 20:45 - 00000000 ____D C:\Users\xxx\Desktop\DevPro
2013-06-22 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:18 - 2013-06-19 21:17 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:54 - 2013-03-22 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-19 20:30 - 2010-11-21 08:50 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-19 20:30 - 2010-11-21 08:50 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-19 20:30 - 2009-07-14 07:13 - 01518986 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-18 20:04 - 2013-05-25 18:39 - 00000000 ____D C:\Users\xxx\Desktop\TCG_A
2013-06-16 17:31 - 2013-02-16 01:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2013-02-16 01:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:25 - 2013-06-16 16:20 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-14 00:19 - 2013-03-02 05:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-14 00:19 - 2013-02-08 14:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 22:14 - 2013-02-05 19:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 20:33

==================== End Of Log ============================
         
--- --- ---

Alt 29.06.2013, 11:45   #10
schrauber
/// the machine
/// TB-Ausbilder
 

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Zitat:
Wäre es sinnvoll umzusteigen?
auf die 64bit Version? Schon, ja

Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 11:46   #11
DukeYGO
 
FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Ich habe beim Neustart nochmal nachgesehen.
Diese temp Datei spinnert immernoch rum.

Alt 29.06.2013, 12:14   #12
schrauber
/// the machine
/// TB-Ausbilder
 

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Screenshot bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 13:40   #13
DukeYGO
 
FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Screenshot ist im Anhang.
Lösung wäre super

Edit: Muss Combofix nicht noch gelöscht werden?
Angehängte Grafiken
Dateityp: png Unbenannt.png (138,4 KB, 178x aufgerufen)

Geändert von DukeYGO (29.06.2013 um 14:11 Uhr)

Alt 29.06.2013, 14:31   #14
schrauber
/// the machine
/// TB-Ausbilder
 

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Wir löschen unsre Tools wenn wir fertig sind

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


FRST öffnen , Haken setzen bei Additions, scannen, beide Logs posten
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 14:47   #15
DukeYGO
 
FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Standard

FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}



Ich habe TFC drüberlaufen lassen.
Jetzt sind zwei Dateien namens Desktop.ini auf meinem Desktop
Die Fehler oben im Screen tauchten beim Neustart allerdings wieder auf.

FRST Log neu:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by xxx (administrator) on 29-06-2013 15:37:18
Running from C:\Users\xxx\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\userinit.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5687424 2010-04-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins

==================== Services (Whitelisted) =================

R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)

==================== Drivers (Whitelisted) ====================

R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 15:33 - 2013-06-29 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\xxx\Downloads\TFC(1).exe
2013-06-29 15:33 - 2013-06-29 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\xxx\Desktop\TFC.exe
2013-06-29 11:38 - 2013-06-29 11:38 - 00000820 ____A C:\Users\xxx\Desktop\checkup.txt
2013-06-29 10:18 - 2013-06-29 10:18 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-06-29 10:17 - 2013-06-29 10:17 - 02347384 ____A (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-28 20:51 - 2013-06-29 11:39 - 00000000 ____D C:\Users\xxx\Desktop\Neueste Scanversionen
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\Qoobox
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\ComboFix
2013-06-28 19:07 - 2013-06-28 19:22 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-28 19:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-28 19:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:07 - 2013-06-27 18:08 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 04:29 - 2013-06-28 23:33 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:17 - 2013-06-19 21:18 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-19 20:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-19 20:45 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-19 20:45 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-19 20:45 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-19 20:45 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-19 20:45 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:27 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-16 16:27 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-16 16:20 - 2013-06-16 16:25 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-13 19:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 19:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 19:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 19:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 19:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 19:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 19:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-06-29 15:37 - 2013-02-08 21:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-06-29 15:35 - 2009-07-14 06:51 - 00057328 ____A C:\Windows\setupact.log
2013-06-29 15:33 - 2013-06-29 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\xxx\Downloads\TFC(1).exe
2013-06-29 15:33 - 2013-06-29 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\xxx\Desktop\TFC.exe
2013-06-29 15:00 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-29 15:00 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-29 14:55 - 2013-02-04 20:43 - 01955624 ____A C:\Windows\WindowsUpdate.log
2013-06-29 14:52 - 2010-11-21 05:47 - 00013542 ____A C:\Windows\PFRO.log
2013-06-29 14:52 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 14:45 - 2013-03-02 10:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 11:39 - 2013-06-28 20:51 - 00000000 ____D C:\Users\xxx\Desktop\Neueste Scanversionen
2013-06-29 11:38 - 2013-06-29 11:38 - 00000820 ____A C:\Users\xxx\Desktop\checkup.txt
2013-06-29 10:18 - 2013-06-29 10:18 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-06-29 10:17 - 2013-06-29 10:17 - 02347384 ____A (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-28 23:33 - 2013-06-27 04:29 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\Qoobox
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\ComboFix
2013-06-28 19:22 - 2013-06-28 19:07 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 09:14 - 2013-03-02 14:37 - 00000000 ____D C:\Users\xxx\Desktop\Systemüberprüfung
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-28 04:30 - 2013-03-30 19:07 - 00000000 ____D C:\Windows\Minidump
2013-06-28 04:29 - 2013-03-30 19:07 - 351309356 ____A C:\Windows\MEMORY.DMP
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 21:58 - 2013-04-24 15:09 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:10 - 2013-02-08 14:06 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-27 18:10 - 2013-02-08 14:06 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-27 18:08 - 2013-06-27 18:07 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 17:55 - 2013-02-08 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-27 03:57 - 2013-04-12 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 03:57 - 2013-02-08 14:05 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-26 22:00 - 2013-05-24 20:45 - 00000000 ____D C:\Users\xxx\Desktop\DevPro
2013-06-22 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:18 - 2013-06-19 21:17 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:54 - 2013-03-22 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-19 20:30 - 2010-11-21 08:50 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-19 20:30 - 2010-11-21 08:50 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-19 20:30 - 2009-07-14 07:13 - 01518986 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-18 20:04 - 2013-05-25 18:39 - 00000000 ____D C:\Users\xxx\Desktop\TCG_A
2013-06-16 17:31 - 2013-02-16 01:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2013-02-16 01:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:25 - 2013-06-16 16:20 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-14 00:19 - 2013-03-02 05:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-14 00:19 - 2013-02-08 14:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 22:14 - 2013-02-05 19:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 20:33

==================== End Of Log ============================
         
--- --- ---


Addition Log

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by xxx at 2013-06-29 15:37:48
Running from C:\Users\xxx\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
AMD OverDrive (x32 Version: 3.2.2.0452)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.18)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Auslogics Disk Defrag (x32 Version: 3.6)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Light (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center HydraVision Full (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Localization All (x32 Version: 2009.0614.2131.36800)
CCC Help Chinese Standard (x32 Version: 2009.0614.2130.36800)
CCC Help Chinese Traditional (x32 Version: 2009.0614.2130.36800)
CCC Help Czech (x32 Version: 2009.0614.2130.36800)
CCC Help Danish (x32 Version: 2009.0614.2130.36800)
CCC Help Dutch (x32 Version: 2009.0614.2130.36800)
CCC Help English (x32 Version: 2009.0614.2130.36800)
CCC Help Finnish (x32 Version: 2009.0614.2130.36800)
CCC Help French (x32 Version: 2009.0614.2130.36800)
CCC Help German (x32 Version: 2009.0614.2130.36800)
CCC Help Greek (x32 Version: 2009.0614.2130.36800)
CCC Help Hungarian (x32 Version: 2009.0614.2130.36800)
CCC Help Italian (x32 Version: 2009.0614.2130.36800)
CCC Help Japanese (x32 Version: 2009.0614.2130.36800)
CCC Help Korean (x32 Version: 2009.0614.2130.36800)
CCC Help Norwegian (x32 Version: 2009.0614.2130.36800)
CCC Help Polish (x32 Version: 2009.0614.2130.36800)
CCC Help Portuguese (x32 Version: 2009.0614.2130.36800)
CCC Help Russian (x32 Version: 2009.0614.2130.36800)
CCC Help Spanish (x32 Version: 2009.0614.2130.36800)
CCC Help Swedish (x32 Version: 2009.0614.2130.36800)
CCC Help Thai (x32 Version: 2009.0614.2130.36800)
CCC Help Turkish (x32 Version: 2009.0614.2130.36800)
ccc-core-static (x32 Version: 2009.0614.2131.36800)
ccc-utility64 (Version: 2009.0614.2131.36800)
D3DX10 (x32 Version: 15.4.2368.0902)
Fotogalerie (x32 Version: 16.4.3508.0205)
HydraVision (x32 Version: 4.2.108.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5880)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Secunia PSI (3.0.0.7009) (x32 Version: 3.0.0.7009)
Skype™ 6.5 (x32 Version: 6.5.158)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (HKCU Version: 3.0.10.1)
TurboV (x32 Version: 1.02.05)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)

==================== Restore Points  =========================

19-06-2013 18:16:12 Revo Uninstaller's restore point - Secunia PSI (3.0.0.6005)
19-06-2013 18:28:14 Windows Update
19-06-2013 18:44:52 Windows Update
19-06-2013 18:45:01 Revo Uninstaller's restore point - Secunia PSI (3.0.0.7009)
19-06-2013 18:59:57 Windows Update
19-06-2013 19:17:11 Installed Java 7 Update 25
19-06-2013 19:18:47 Removed Java 7 Update 21 (64-bit)
25-06-2013 16:11:57 Windows Update
27-06-2013 16:08:45 Removed Java 7 Update 25
27-06-2013 16:09:58 Installed Java 7 Update 25
29-06-2013 04:34:33 Windows Update

==================== Hosts content: ==========================
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  cms.ad2click.nl
127.0.0.1  ad2games.com
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  banner.ad.nu

There are more than 1000 lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {02C9BA4F-42AC-45BF-AFC9-DD5D3D475C58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {145BDAD6-66C6-4E4E-A087-928E969C11AE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {2A889B86-5664-46B2-9EFE-864B53292EBD} - System32\Tasks\ASUS\i-Setup203735 => C:\Windows\AMD_Chipset_V307320_Windows7\AsusSetup.exe [2013-02-07] (ASUSTek)
Task: {AB561088-A822-47F0-B05E-6DFD95E74C4A} - System32\Tasks\ASUS\i-Setup205132 => C:\Windows\AMD_Chipset_V307320_Windows7\AsusSetup.exe [2013-02-07] (ASUSTek)
Task: {CF3BA66B-6CFB-43B3-9902-6E5CA599271B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {D7B33AC5-B255-4902-9371-AA31F96FE7DC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {E00A506D-365D-480A-B43B-E5E12F43D780} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: D-Link DWA-547 RangeBooster N650 Desktop Adapter
Description: D-Link DWA-547 RangeBooster N650 Desktop Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: D-Link Corporation
Service: athr
Problem: : Your computer's system firmware does not include enough information to properly configure and use this device. To use this device, contact your computer manufacturer to obtain a firmware or BIOS update. (Code 35)
Resolution: The Multiprocessor System (MPS) table, which stores the resource assignments for the BIOS, is missing an entry for your device and needs to be updated.
Obtain a new BIOS from the system vendor.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2013 03:35:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: winlogon.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79fa6
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000020a4a
ID des fehlerhaften Prozesses: 0x260
Startzeit der fehlerhaften Anwendung: 0xwinlogon.exe0
Pfad der fehlerhaften Anwendung: winlogon.exe1
Pfad des fehlerhaften Moduls: winlogon.exe2
Berichtskennung: winlogon.exe3

Error: (06/29/2013 02:53:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 11:35:39 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2013 10:20:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2013 10:20:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2013 10:20:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2013 10:17:22 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2013 09:42:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 06:31:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/29/2013 03:16:02 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/29/2013 03:16:01 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/29/2013 02:56:28 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/29/2013 02:56:28 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/29/2013 02:56:27 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/29/2013 02:56:26 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/29/2013 02:43:47 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/29/2013 02:43:47 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/29/2013 02:43:46 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (06/29/2013 02:39:54 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (06/29/2013 03:35:16 PM) (Source: Application Error)(User: )
Description: winlogon.exe6.1.7601.175144ce79fa6ntdll.dll6.1.7601.177254ec4aa8ec00000050000000000020a4a26001ce74c7771a5867C:\Windows\system32\winlogon.exeC:\Windows\SYSTEM32\ntdll.dllbb665d17-e0c0-11e2-9679-00248ca77df0

Error: (06/29/2013 02:53:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 11:35:39 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/29/2013 10:20:27 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe

Error: (06/29/2013 10:20:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe

Error: (06/29/2013 10:20:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe

Error: (06/29/2013 10:17:22 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe

Error: (06/29/2013 09:42:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 06:31:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 3839.18 MB
Available physical RAM: 2491.91 MB
Total Pagefile: 7676.54 MB
Available Pagefile: 6195.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:197.12 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:76.69 GB) (Free:9.92 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 47F55653)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 77 GB) (Disk ID: 275D275C)
Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Antwort

Themen zu FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}
adobe, adobe flash player, anschluss, antivirus, asus, autorun, avast, bereit, bho, explorer, firefox, flash player, format, helper, log, logfile, microsoft, mozilla, object, plug-in, programme, realtek, registry, scan, secunia psi, software, windows, winlogon




Ähnliche Themen: FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}


  1. Windows Vista: 17 infizierte Dateien nach Eset Scan + schwarzer Desktop nach GMER-Scan
    Log-Analyse und Auswertung - 18.10.2015 (23)
  2. Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr
    Log-Analyse und Auswertung - 25.09.2014 (18)
  3. avast scan kann Dateien nicht prüfen, blockiert an einem Tag mehrere Angriffe
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (25)
  4. Windows 7: Avast Startup-Scan entdeckt Win32:Malware-gen in BrCcBoot.exe
    Log-Analyse und Auswertung - 29.07.2014 (4)
  5. Windows 7: diverse Viren nach Avast Scan erkannt z.B. Win32:BProtect-D
    Log-Analyse und Auswertung - 24.01.2014 (12)
  6. FindLyrics auf Pc - er ist wieder da.
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (7)
  7. Avast zeigt einmalig rootkit, bei jedem weiteren Scan nicht mehr.
    Log-Analyse und Auswertung - 09.12.2013 (5)
  8. Mit Avast bei Boot-Scan viele Somoto-C,J,F / Maleware GEN gefunden!
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (14)
  9. Windows7PC - Win32Adware-gen und Win32:Dropper-gen erst nach vollst. Scan durch AVAST gefunden - Kreditkarte "gehackt"
    Log-Analyse und Auswertung - 28.10.2013 (9)
  10. FindLyrics entfernen
    Anleitungen, FAQs & Links - 25.10.2013 (2)
  11. Plus-HD Plugin und Adware.FindLyrics
    Plagegeister aller Art und deren Bekämpfung - 19.10.2013 (10)
  12. Win7 - Startseite Firefox auf QV06 umgeleitet - Scan u. Desinfektion mit MbAM, nun weitere Funde nach online-Scan mit ESET
    Log-Analyse und Auswertung - 24.08.2013 (9)
  13. Avast Scan findet Bedrohungen (z. B. Yabector)
    Log-Analyse und Auswertung - 14.07.2013 (14)
  14. avast kann beim Scan mehrere Pfade nicht finden
    Log-Analyse und Auswertung - 15.04.2013 (3)
  15. Avast Antivirus, sowie Malwarebytes stürzen bei Scan ab!
    Plagegeister aller Art und deren Bekämpfung - 01.02.2013 (2)
  16. Avast meldet einen Fehler beim Scan und zwar infiziert von Java: Agent-VN (Expl)
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (1)
  17. Avast Scan Problem
    Antiviren-, Firewall- und andere Schutzprogramme - 14.01.2006 (3)

Zum Thema FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} - Moin erstmal, ich habe nach einem Scan am heutigen frühen Morgen mit Avast herausgefunden, dass sich FindLyrics auf meinem Pc befindet. Leider weiß ich nicht wo ich den Avast Log - FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}...
Archiv
Du betrachtest: FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.