Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unaufgeforderter Start von Programm-Deinstallation

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.09.2013, 08:09   #1
kakuzu
 
Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Guten Tag,

seit einigen Tagen verfolge ich nun folgendes Geschehen, in unregelmäßigen Abständen meldet mir avast Antivirus den Start einer Deinstallation, ohne meine Aufforderungen. Bei der zu deinstallierenden Software handelt es sich immer wieder um andere auf meinem PC Installierter Software. Desweiteren kommen diese Aufforderungen in unregelmäßigen Abständen.

Ich wollte mich nun mal erkundigen ob so ein verhalten schon einmal bei jemandem Aufgetaucht ist, bzw wie man dagegen angeht, bzw heraus findet an was es liegt.

Als AntiVirus Software benutze ich avast AntiVirus Free Edition.
Desweiteren Scanne ich meinen PC regelmäßig (einmal die Woche) mit Malwarebytes.

Mfg
Kakuzu

PS: Genutztes Betriebssystem: Windows 8

Alt 06.09.2013, 08:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 06.09.2013, 19:06   #3
kakuzu
 
Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



So bin mittlerweile wieder zuhause gerade mal den gewünschten Scan durchlaufen lassen.

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by Foxy (administrator) on FOXYNET on 06-09-2013 20:03:29
Running from C:\Users\Foxy\Downloads
Windows 8 Enterprise (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
() C:\Program Files (x86)\CPUCooL\CooLSrv.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Program Files (x86)\ICW\bin\cygrunsrv.exe
() C:\Program Files (x86)\ICW\bin\sshd.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(Apache Software Foundation) C:\Program Files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVAST Software) C:\Program Files\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OldTimer Tools) C:\Users\Foxy\Downloads\OTL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [uTorrent] - C:\Users\Foxy\AppData\Roaming\uTorrent\uTorrent.exe [1045072 2013-06-16] (BitTorrent Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1549120 2013-08-16] (IObit)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1360192 2013-09-02] (Spigot, Inc.)
Startup: C:\Users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Foxy\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
URLSearchHook: (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File
SearchScopes: HKCU - DefaultScope {D68B32F3-17D3-4C24-A643-C561B7FD4C08} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {D68B32F3-17D3-4C24-A643-C561B7FD4C08} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll (Spigot, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{17082057-B53A-4C4D-945D-52D2AFB6D3C6}: [NameServer]192.168.178.1,192.168.178.2

FireFox:
========
FF ProfilePath: C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default
FF Homepage: hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ff
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Foxy\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Address Bar Search - C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF Extension: iobitapps - C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\Extensions\iobitapps@mybrowserbar.com
FF Extension: No Name - C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\Extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (ProxTube) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Webpage Screenshot Capture) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.1_0
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0
CHR Extension: (AdBlock) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Webpage Screenshot Gallery) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohfjeijmlcjiofmmcfichimcnbclkhp\1.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)
R2 CPUCooLServer; C:\Program Files (x86)\CPUCooL\CooLSrv.exe [743936 2011-12-01] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OpenSSHServer; C:\Program Files (x86)\ICW\bin\cygrunsrv.exe [68096 2009-05-14] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-05-02] (IObit)
R2 uberSVNportal; C:\Program Files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe [74752 2011-08-02] (Apache Software Foundation)
S3 wampapache; E:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [22016 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; E:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] ()
S3 WANdiscouberSVNSubversionServer; C:\Program Files (x86)\WANdisco\uberSVN\bin\httpd.exe [18432 2012-07-17] (Apache Software Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 SystemStoreService; "C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
U3 aswMBR; \??\C:\Users\Foxy\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-06 20:02 - 2013-09-06 20:03 - 01948360 _____ (Farbar) C:\Users\Foxy\Downloads\FRST64.exe
2013-09-06 09:15 - 2013-09-06 09:15 - 00061788 _____ C:\Users\Foxy\Downloads\Extras.Txt
2013-09-06 09:11 - 2013-09-06 09:11 - 00094980 _____ C:\Users\Foxy\Downloads\OTL.Txt
2013-09-06 08:57 - 2013-09-06 08:57 - 00602112 _____ (OldTimer Tools) C:\Users\Foxy\Downloads\OTL.exe
2013-09-06 08:53 - 2013-09-06 08:53 - 04745728 _____ (AVAST Software) C:\Users\Foxy\Downloads\aswMBR.exe
2013-09-04 23:13 - 2013-09-04 23:13 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-09-04 23:13 - 2013-09-04 23:13 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-09-04 23:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-09-04 23:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-09-04 23:10 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-09-04 23:10 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-09-04 23:10 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-09-04 23:09 - 2013-09-04 23:09 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-04 23:09 - 2013-09-04 23:09 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-09-04 23:09 - 2013-09-04 23:09 - 00000000 ____D C:\Riot Games
2013-09-04 23:08 - 2013-09-04 23:38 - 00000000 ____D C:\Users\Foxy\AppData\Local\PMB Files
2013-09-04 23:08 - 2013-09-04 23:08 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-04 23:06 - 2013-09-04 23:07 - 34888568 _____ (Riot Games) C:\Users\Foxy\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-08-26 22:37 - 2013-08-26 23:43 - 977100800 _____ C:\Users\Foxy\Downloads\Percy.Jackson.Im.Bann.des.Zyklopen.2013.German.MD.Ts.XviD-KMOA.avi
2013-08-25 00:08 - 2013-08-25 00:08 - 11775928 _____ C:\Users\Foxy\Downloads\isorpg_copyfree.zip
2013-08-22 21:57 - 2013-08-22 21:57 - 01002952 _____ C:\Users\Foxy\Downloads\VuhDo_3.29.zip
2013-08-22 20:22 - 2013-08-30 13:49 - 00000000 ____D C:\Users\Foxy\Downloads\Musik
2013-08-21 23:06 - 2013-08-21 23:06 - 00003166 _____ C:\Windows\System32\Tasks\StartMenuAutoupdate
2013-08-21 23:06 - 2013-08-21 23:06 - 00001981 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 23:01 - 2013-08-21 23:06 - 00000000 ____D C:\ProgramData\IObit
2013-08-21 23:00 - 2013-08-21 23:06 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-21 23:00 - 2013-08-21 23:03 - 00001177 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-08-21 23:00 - 2013-08-21 23:00 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\IObit
2013-08-14 23:24 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 23:24 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 23:24 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:22 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:22 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:22 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:22 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:22 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:22 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:22 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:22 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:22 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 23:22 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 23:22 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 23:21 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:21 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:21 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:21 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:20 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:19 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 23:19 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 23:19 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 23:19 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 23:19 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 23:19 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 23:19 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 23:19 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 23:19 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 19:56 - 2013-08-14 19:57 - 00001592 _____ C:\Windows\setupact.log
2013-08-14 19:56 - 2013-08-14 19:56 - 00000000 _____ C:\Windows\setuperr.log
2013-08-10 07:12 - 2013-08-10 07:12 - 00000000 ____D C:\Output
2013-08-10 07:06 - 2013-08-10 07:06 - 00000627 _____ C:\Users\Public\Desktop\MP4 To MP3 Converter.lnk
2013-08-10 07:06 - 2013-08-10 07:06 - 00000000 ____D C:\MP4ToMP3Converter
2013-08-09 19:10 - 2013-08-09 19:10 - 00001426 _____ C:\Users\Foxy\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-09 19:04 - 2013-08-09 19:08 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Mp3tag
2013-08-09 18:45 - 2013-08-09 18:46 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-09 18:42 - 2013-08-09 18:42 - 00000983 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-08-09 18:42 - 2013-08-09 18:42 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-08-07 10:27 - 2013-08-07 10:27 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Subversion
2013-08-07 09:53 - 2013-08-07 09:53 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uberSVN
2013-08-07 09:52 - 2013-08-07 09:52 - 00001024 _____ C:\.rnd
2013-08-07 09:50 - 2013-08-07 09:50 - 00000000 ____D C:\Program Files (x86)\WANdisco
2013-08-07 09:45 - 2013-08-07 09:45 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-07 09:38 - 2013-08-07 09:38 - 00000000 ____D C:\Users\Foxy\AppData\Local\TGitCache
2013-08-07 09:30 - 2013-08-07 09:44 - 00000000 ____D C:\Program Files\TortoiseGit

==================== One Month Modified Files and Folders =======

2013-09-06 20:03 - 2013-09-06 20:03 - 00000000 ____D C:\FRST
2013-09-06 20:03 - 2013-09-06 20:02 - 01948360 _____ (Farbar) C:\Users\Foxy\Downloads\FRST64.exe
2013-09-06 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-06 19:33 - 2013-05-24 00:17 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 18:48 - 2013-05-24 00:43 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001UA.job
2013-09-06 09:24 - 2013-05-23 23:45 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3466370061-3238665318-1221741988-1001
2013-09-06 09:15 - 2013-09-06 09:15 - 00061788 _____ C:\Users\Foxy\Downloads\Extras.Txt
2013-09-06 09:11 - 2013-09-06 09:11 - 00094980 _____ C:\Users\Foxy\Downloads\OTL.Txt
2013-09-06 08:57 - 2013-09-06 08:57 - 00602112 _____ (OldTimer Tools) C:\Users\Foxy\Downloads\OTL.exe
2013-09-06 08:57 - 2013-07-27 00:03 - 01190159 _____ C:\Windows\WindowsUpdate.log
2013-09-06 08:53 - 2013-09-06 08:53 - 04745728 _____ (AVAST Software) C:\Users\Foxy\Downloads\aswMBR.exe
2013-09-06 08:44 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-06 08:43 - 2013-06-16 19:35 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\uTorrent
2013-09-06 08:41 - 2013-05-24 00:17 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 08:41 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-06 08:28 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-06 00:48 - 2013-05-24 00:43 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001Core.job
2013-09-04 23:38 - 2013-09-04 23:08 - 00000000 ____D C:\Users\Foxy\AppData\Local\PMB Files
2013-09-04 23:13 - 2013-09-04 23:13 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-09-04 23:13 - 2013-09-04 23:13 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-09-04 23:09 - 2013-09-04 23:09 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-04 23:09 - 2013-09-04 23:09 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-09-04 23:09 - 2013-09-04 23:09 - 00000000 ____D C:\Riot Games
2013-09-04 23:08 - 2013-09-04 23:08 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-04 23:07 - 2013-09-04 23:06 - 34888568 _____ (Riot Games) C:\Users\Foxy\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-09-04 20:00 - 2013-05-26 01:40 - 00001456 _____ C:\Users\Foxy\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-09-04 14:46 - 2013-05-24 00:19 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-01 04:40 - 2013-06-30 02:13 - 00000000 ____D C:\Users\Foxy\Desktop\CAKE 3.0
2013-09-01 04:40 - 2013-06-30 00:28 - 00000000 ____D C:\Users\Foxy\Desktop\PHPanda
2013-09-01 04:33 - 2013-06-08 03:26 - 00000000 ____D C:\Users\Foxy\Desktop\pandasoft
2013-09-01 03:55 - 2013-06-24 16:31 - 00004152 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-01 03:53 - 2013-07-22 19:36 - 04943568 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-30 13:49 - 2013-08-22 20:22 - 00000000 ____D C:\Users\Foxy\Downloads\Musik
2013-08-30 09:18 - 2013-06-30 23:51 - 00000000 ____D C:\Users\Foxy\Documents\Grimloards
2013-08-29 15:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-27 16:12 - 2013-05-24 20:14 - 00004144 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-08-27 16:12 - 2013-05-24 20:13 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
2013-08-26 23:43 - 2013-08-26 22:37 - 977100800 _____ C:\Users\Foxy\Downloads\Percy.Jackson.Im.Bann.des.Zyklopen.2013.German.MD.Ts.XviD-KMOA.avi
2013-08-25 00:10 - 2013-06-03 00:33 - 00000000 ____D C:\Users\Foxy\Documents\NetBeansProjects
2013-08-25 00:08 - 2013-08-25 00:08 - 11775928 _____ C:\Users\Foxy\Downloads\isorpg_copyfree.zip
2013-08-23 05:49 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-22 21:57 - 2013-08-22 21:57 - 01002952 _____ C:\Users\Foxy\Downloads\VuhDo_3.29.zip
2013-08-22 18:57 - 2013-08-01 20:56 - 00001974 _____ C:\Windows\PFRO.log
2013-08-22 13:16 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-22 13:16 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-21 23:06 - 2013-08-21 23:06 - 00003166 _____ C:\Windows\System32\Tasks\StartMenuAutoupdate
2013-08-21 23:06 - 2013-08-21 23:06 - 00001981 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 23:06 - 2013-08-21 23:01 - 00000000 ____D C:\ProgramData\IObit
2013-08-21 23:06 - 2013-08-21 23:00 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-21 23:03 - 2013-08-21 23:00 - 00001177 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-08-21 23:00 - 2013-08-21 23:00 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\IObit
2013-08-20 22:13 - 2013-05-24 00:00 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-20 22:12 - 2013-05-23 23:58 - 00000000 ____D C:\Program Files\Avast
2013-08-15 00:22 - 2013-07-18 03:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:19 - 2013-05-24 03:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 19:58 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-14 19:58 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-14 19:58 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 19:57 - 2013-08-14 19:56 - 00001592 _____ C:\Windows\setupact.log
2013-08-14 19:56 - 2013-08-14 19:56 - 00000000 _____ C:\Windows\setuperr.log
2013-08-10 07:12 - 2013-08-10 07:12 - 00000000 ____D C:\Output
2013-08-10 07:06 - 2013-08-10 07:06 - 00000627 _____ C:\Users\Public\Desktop\MP4 To MP3 Converter.lnk
2013-08-10 07:06 - 2013-08-10 07:06 - 00000000 ____D C:\MP4ToMP3Converter
2013-08-09 19:10 - 2013-08-09 19:10 - 00001426 _____ C:\Users\Foxy\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-09 19:08 - 2013-08-09 19:04 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Mp3tag
2013-08-09 18:46 - 2013-08-09 18:45 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-09 18:45 - 2013-05-29 22:20 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\DVDVideoSoft
2013-08-09 18:42 - 2013-08-09 18:42 - 00000983 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-08-09 18:42 - 2013-08-09 18:42 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-08-07 10:59 - 2013-06-09 15:18 - 00000000 ____D C:\Users\Foxy\Documents\Neuer Ordner (2)
2013-08-07 10:58 - 2013-07-06 20:17 - 00063488 ___SH C:\Users\Foxy\Documents\Thumbs.db
2013-08-07 10:27 - 2013-08-07 10:27 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Subversion
2013-08-07 09:53 - 2013-08-07 09:53 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uberSVN
2013-08-07 09:52 - 2013-08-07 09:52 - 00001024 _____ C:\.rnd
2013-08-07 09:50 - 2013-08-07 09:50 - 00000000 ____D C:\Program Files (x86)\WANdisco
2013-08-07 09:45 - 2013-08-07 09:45 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-07 09:45 - 2013-08-06 20:41 - 00000000 ____D C:\Program Files (x86)\ICW
2013-08-07 09:44 - 2013-08-07 09:30 - 00000000 ____D C:\Program Files\TortoiseGit
2013-08-07 09:38 - 2013-08-07 09:38 - 00000000 ____D C:\Users\Foxy\AppData\Local\TGitCache
2013-08-07 09:23 - 2013-08-06 20:54 - 00000600 _____ C:\Users\Foxy\AppData\Local\PUTTY.RND

Files to move or delete:
====================
C:\Users\Foxy\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Foxy\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Foxy\AppData\Local\Temp\SDIAG_cb24013c-4689-497e-853d-16a35f7f458f\NetworkDiagnosticSnapIn.dll
C:\Users\Foxy\AppData\Local\Temp\SDIAG_af0e0e1f-0ab3-4de9-abfe-35061bba1613\NetworkDiagnosticSnapIn.dll
C:\Users\Foxy\AppData\Local\Temp\SDIAG_01c45d66-5052-4e75-8648-feffe479134c\NetworkDiagnosticSnapIn.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\0fdf6651ec58af7738a5f192a16308f3.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\37dbb36b1afb4153f311e1937d13beb9.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\463172d63e5c347ebd2a2c9f3e30a769.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\4698d6dad1d9192f189448cd2250e41c.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\4e2f70cf514e42eb8319b6c42723ed06.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\613ea4841bea6de29dc932d703d0dde7.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\619eb23c53abde1a9d9d6b8d81ccd746.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\62f580db311d9710e3727a4d8a6dca87.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\8c0f69bb352095ef39300609890e985c.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\b44b56de153a5879c1b84993c5cdadfa.dll
C:\Users\Foxy\AppData\Local\Temp\pdk-Foxy\5f4010392d26de2972604a5df777f946\perl58.dll
C:\Users\Foxy\AppData\Local\Temp\is-3O8GM.tmp\iobitappsToolbar-stub-1.exe
C:\Users\Foxy\AppData\Local\Temp\ct3297265\ism.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-31 03:00

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013
Ran by Foxy at 2013-09-06 20:04:18
Running from C:\Users\Foxy\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.3.0.29677)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop CS6 (x32 Version: 13.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bandizip (HKCU Version: 3.04)
BetterPoEditor version 1.1 (x32 Version: 1.1)
CCleaner (Version: 4.01)
Composer - Php Dependency Manager (x32)
Copssh (remove only) (x32)
CPUCooL (remove only) (x32)
DivX-Setup (x32 Version: 2.6.1.44)
Ember (x32)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
File-Upload.net (x32 Version: 1.0)
FlashFXP 4 (x32 Version: 4.4.0.1991)
Foxit Reader (x32 Version: 6.0.5.618)
Free System Utilities (x32 Version: 1.1.0.70)
Free SystemUtilities (x32 Version: 1.1.0.70)
Free YouTube to MP3 Converter version 3.12.9.725 (x32 Version: 3.12.9.725)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
HD Tune 2.55 (x32)
IObit Apps Toolbar v7.6 (x32 Version: 7.6)
IObit Malware Fighter (x32 Version: 2.1)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
League of Legends (x32 Version: 3.0.1)
LibreOffice 3.6 (x32 Version: 3.6.6.2)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.6 (x86 de) (x32 Version: 17.0.6)
Mp3tag v2.57 (x32 Version: v2.57)
MP4 To MP3 Converter V3.0.4 (x32)
nder (Version: 2.67b)
NetBeans IDE 7.3 (Version: 7.3)
NetBeans IDE Build 201306052301 (Version: Build 201306052301)
Notepad++ (x32 Version: 6.3.3)
NVIDIA Grafiktreiber 320.18 (Version: 320.18)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA Systemsteuerung 320.18 (Version: 320.18)
OpenSSL 1.0.1e Light (32-bit) (x32)
ORM Designer 2 (x32 Version: 2.2.1.736)
Pando Media Booster (x32 Version: 2.6.0.7)
PDF Settings CS6 (x32 Version: 11.0)
PerformanceTest v8.0 (Version: 8.0.1020.0)
PHP Processor (x32 Version: 1.5)
phpDesigner 8 version 8.1.2 (x32)
Picture Resize Genius 3.0.1 (x32)
Poedit (x32 Version: 1.5.5)
PuTTY version 0.63 (x32 Version: 0.63)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
Slik Subversion 1.7.9 (x64) (Version: 1.7.9.0)
Start Menu 8 (x32 Version: 1.1.0.0)
TeamViewer 8 (x32 Version: 8.0.20202)
Tiled - Tiled Map Editor (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
WampServer 2.2 (x32)
WANdisco uberSVN (x32)
WinHTTrack Website Copier 3.47-20 (x32 Version: 3.47.20)
WinMerge 2.14.0 (x32 Version: 2.14.0)
World of Warcraft (x32 Version: 5.3.0.17128)

==================== Restore Points  =========================

21-08-2013 21:05:21 Removed Classic Shell
29-08-2013 01:21:01 Geplanter Prüfpunkt
04-09-2013 21:08:23 Microsoft Visual C++ 2005 Redistributable wird installiert

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-07-17 20:24 - 00001073 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       mvc
127.0.0.1       zend
127.0.0.1	panadsoft
127.0.0.1	pandaone
127.0.0.1 www.google-analytics.com
127.0.0.1 www.googlesyndication.com
127.0.0.1 google-analytics.com
127.0.0.1 googlesyndication.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0A4FBDAD-F3DC-46B1-8C11-B858A73417FC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001UA => C:\Users\Foxy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-24] (Facebook Inc.)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {10E3E64A-DE59-41F3-891E-A7A1166681A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4034EDF0-E926-49F0-8F42-7C79A0AA337C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {45DA38F6-7A52-467D-A6D2-F627FC37B973} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5797FEF3-3B0B-46D9-AC1E-587304674CDE} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {73B75CC4-071A-44C7-A87B-AA7E2EB76D68} - System32\Tasks\Freemium1ClickMaint => D:\Backup\Programme\1Click.exe
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {806CCAFD-BF51-484F-8647-807E1404C954} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {97B81937-6392-4BF1-A5E4-4A89CA49597C} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A3FDFCFA-D6B2-4072-BFA2-0A3D6408CAC5} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe
Task: {A407AB28-6718-4197-B2B5-AA978D609C8F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B40322E3-3207-4CB2-A3FF-821E4BD0231A} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C41BDAC6-2447-4795-9444-5F05D8C4212D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D3306AC5-C41D-4B0C-B5F9-401215A3E74B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {D5AD0C0A-45F8-420E-A97E-CC62A7780A8B} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {D5D6A3C6-B498-42FD-9A5D-36BB6F745318} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-05-13] (IObit)
Task: {D5ECEBBD-2FA5-48D8-B939-CE932921545F} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F2F430DC-D50A-4269-997D-8B01F6BEA46F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001Core => C:\Users\Foxy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-24] (Facebook Inc.)
Task: {F3393345-FF69-4752-A553-A1447D7A3192} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3466370061-3238665318-1221741988-1001
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001Core.job => C:\Users\Foxy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001UA.job => C:\Users\Foxy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-04 11:59 - 2012-10-11 07:46 - 01395712 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
2012-07-26 01:33 - 2012-07-26 05:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
2012-07-25 22:22 - 2013-05-12 23:42 - 15910736 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvwgf2umx.dll
2012-07-26 02:04 - 2012-07-26 05:07 - 00046592 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\windows.globalization.fontgroups.dll
2013-08-21 23:06 - 2013-04-07 16:17 - 00225600 _____ (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuDll64.dll
2013-09-02 13:03 - 2013-09-02 13:03 - 00144192 _____ (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx166.dll
2013-05-24 00:56 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2013-08-21 23:00 - 2013-03-25 10:08 - 00106816 _____ (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll
2013-07-06 15:39 - 2013-07-06 15:39 - 00402432 _____ (Florian Heidenreich) C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2013-07-02 16:37 - 2013-04-06 13:38 - 00206296 _____ (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll
2013-05-15 08:24 - 2013-05-15 08:24 - 00318880 _____ (Bandisoft.com) C:\Users\Foxy\AppData\Local\Bandizip\bdzshl64.dll
2010-08-31 10:00 - 2010-08-31 10:00 - 02648181 _____ (Red Hat) C:\Program Files (x86)\ICW\bin\cygwin1.dll
2009-05-14 02:22 - 2009-05-14 02:22 - 00006656 _____ () C:\Program Files (x86)\ICW\bin\cygcrypt-0.dll
2010-06-23 10:56 - 2010-06-23 10:56 - 01176078 _____ () C:\Program Files (x86)\ICW\bin\cygcrypto-0.9.8.dll
2010-03-28 11:02 - 2010-03-28 11:02 - 00028174 _____ () C:\Program Files (x86)\ICW\bin\cygwrap-0.dll
2010-08-01 23:04 - 2010-08-01 23:04 - 00077838 _____ () C:\Program Files (x86)\ICW\bin\cygz.dll
2009-12-11 10:23 - 2009-12-11 10:23 - 00046094 _____ () C:\Program Files (x86)\ICW\bin\cyggcc_s-1.dll
2009-12-11 10:24 - 2009-12-11 10:24 - 00010254 _____ () C:\Program Files (x86)\ICW\bin\cygssp-0.dll
2013-08-21 23:06 - 2013-01-19 17:03 - 01101632 _____ (Embarcadero Technologies, Inc.) C:\Program Files (x86)\IObit\Start Menu 8\rtl120.bpl
2013-08-21 23:06 - 2013-01-19 17:03 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2013-08-21 23:06 - 2013-01-19 17:02 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2013-08-21 23:06 - 2013-01-19 17:02 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2013-08-21 23:06 - 2013-01-19 17:03 - 02002240 _____ (Embarcadero Technologies, Inc.) C:\Program Files (x86)\IObit\Start Menu 8\vcl120.bpl
2013-08-21 23:06 - 2012-12-03 16:16 - 00065408 _____ (IObit) C:\Program Files (x86)\IObit\Start Menu 8\datastate.dll
2013-09-02 13:03 - 2013-09-02 13:03 - 00117568 _____ (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth166.dll
2012-07-26 04:14 - 2012-07-26 05:04 - 00029184 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\msgsm32.acm
2012-07-26 04:14 - 2012-07-26 05:04 - 00015360 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\msg711.acm
2012-07-26 04:13 - 2012-07-26 05:04 - 00079872 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SYSTEM32\l3codeca.acm
2012-07-26 04:14 - 2012-07-26 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\imaadp32.acm
2012-07-26 04:14 - 2012-07-26 05:04 - 00024064 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\msadp32.acm
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-04 14:46 - 2013-09-02 22:35 - 09962960 _____ (The ICU Project) C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\icudt.dll
2012-07-26 02:39 - 2012-07-26 05:07 - 01483264 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll
2013-05-24 00:52 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2013-06-04 12:12 - 2012-09-20 08:33 - 01304064 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll
2013-09-04 14:46 - 2013-09-02 22:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-04 14:46 - 2013-09-02 22:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-04 14:46 - 2013-09-02 22:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-04 14:46 - 2013-09-02 22:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-04 14:46 - 2013-09-02 22:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-06-04 12:15 - 2012-09-20 07:53 - 00311296 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcLayers.DLL

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Foxy\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Foxy\Downloads\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Foxy\Documents\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft® Keyboard with Fingerprint Reader
Description: Microsoft® Keyboard with Fingerprint Reader
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2013 08:04:16 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T18:04:16Z. Fehlercode: 0x80041316.

Error: (09/06/2013 08:03:46 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T18:03:46Z. Fehlercode: 0x80041316.

Error: (09/06/2013 08:03:16 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T18:03:16Z. Fehlercode: 0x80041316.

Error: (09/06/2013 08:02:46 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T18:02:46Z. Fehlercode: 0x80041316.

Error: (09/06/2013 08:02:16 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T18:02:16Z. Fehlercode: 0x80041316.

Error: (09/06/2013 08:01:46 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T18:01:46Z. Fehlercode: 0x80041316.

Error: (09/06/2013 08:01:16 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T18:01:16Z. Fehlercode: 0x80041316.

Error: (09/06/2013 08:00:46 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T18:00:46Z. Fehlercode: 0x80041316.

Error: (09/06/2013 08:00:16 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T18:00:16Z. Fehlercode: 0x80041316.

Error: (09/06/2013 07:59:46 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-08-13T17:59:46Z. Fehlercode: 0x80041316.


System errors:
=============
Error: (09/06/2013 08:41:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/06/2013 08:40:36 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (09/06/2013 08:31:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/06/2013 08:29:13 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (09/06/2013 08:25:07 AM) (Source: Service Control Manager) (User: )
Description: Dienst "WANdisco uberSVN Portal" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2013 05:28:22 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (09/01/2013 04:25:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/01/2013 04:24:57 AM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (09/01/2013 04:24:49 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (09/01/2013 04:25:04 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎01.‎09.‎2013 um 04:23:37 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (09/06/2013 08:04:16 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T18:04:16Z

Error: (09/06/2013 08:03:46 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T18:03:46Z

Error: (09/06/2013 08:03:16 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T18:03:16Z

Error: (09/06/2013 08:02:46 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T18:02:46Z

Error: (09/06/2013 08:02:16 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T18:02:16Z

Error: (09/06/2013 08:01:46 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T18:01:46Z

Error: (09/06/2013 08:01:16 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T18:01:16Z

Error: (09/06/2013 08:00:46 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T18:00:46Z

Error: (09/06/2013 08:00:16 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T18:00:16Z

Error: (09/06/2013 07:59:46 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800413162113-08-13T17:59:46Z


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 4090.56 MB
Available physical RAM: 2192.12 MB
Total Pagefile: 5754.56 MB
Available Pagefile: 3496.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:277.73 GB) (Free:50.33 GB) NTFS
Drive e: (Server) (Fixed) (Total:20.02 GB) (Free:18.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9EAA88FF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 07.09.2013, 07:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.09.2013, 20:51   #5
kakuzu
 
Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Code:
ATTFilter
ComboFix 13-09-06.01 - Foxy 07.09.2013  21:37:47.2.2 - x64
Microsoft Windows 8 Enterprise  6.2.9200.0.1252.49.1031.18.4091.2433 [GMT 2:00]
ausgeführt von:: c:\users\Foxy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-07 bis 2013-09-07  ))))))))))))))))))))))))))))))
.
.
2013-09-07 19:47 . 2013-09-07 19:47	--------	d-----w-	c:\users\kakuzu\AppData\Local\temp
2013-09-07 19:47 . 2013-09-07 19:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-06 21:12 . 2013-09-06 21:12	--------	d-----w-	c:\windows\ERUNT
2013-09-06 21:06 . 2013-09-06 21:08	--------	d-----w-	C:\AdwCleaner
2013-09-06 18:03 . 2013-09-06 18:03	--------	d-----w-	C:\FRST
2013-09-04 21:10 . 2008-07-31 08:41	68616	----a-w-	c:\windows\SysWow64\XAPOFX1_1.dll
2013-09-04 21:10 . 2008-07-31 08:40	509448	----a-w-	c:\windows\SysWow64\XAudio2_2.dll
2013-09-04 21:10 . 2008-07-12 06:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2013-09-04 21:10 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2013-09-04 21:10 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2013-09-04 21:09 . 2013-09-04 21:09	--------	d-----w-	C:\Riot Games
2013-09-04 21:07 . 2013-09-04 21:07	--------	d-----w-	c:\program files (x86)\Pando Networks
2013-09-04 21:07 . 2013-09-04 21:07	--------	d-----w-	c:\users\Foxy\AppData\Roaming\Riot Games
2013-08-21 21:01 . 2013-08-21 21:06	--------	d-----w-	c:\programdata\IObit
2013-08-21 21:00 . 2013-08-21 21:00	--------	d-----w-	c:\users\Foxy\AppData\Roaming\IObit
2013-08-21 21:00 . 2013-08-21 21:06	--------	d-----w-	c:\program files (x86)\IObit
2013-08-14 21:24 . 2013-05-23 23:02	1314816	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-14 21:24 . 2013-05-23 22:25	694272	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-08-14 21:24 . 2013-07-09 06:07	2233168	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-14 21:21 . 2013-07-26 05:12	15405056	----a-w-	c:\windows\system32\ieframe.dll
2013-08-14 21:21 . 2013-07-26 05:12	148992	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2013-08-14 21:21 . 2013-07-26 05:12	855552	----a-w-	c:\windows\system32\jscript.dll
2013-08-14 21:21 . 2013-07-26 05:12	19239424	----a-w-	c:\windows\system32\mshtml.dll
2013-08-14 21:21 . 2013-07-26 05:12	2647040	----a-w-	c:\windows\system32\iertutil.dll
2013-08-14 21:20 . 2013-07-26 05:12	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-08-14 21:20 . 2013-07-26 03:12	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-08-14 21:20 . 2013-07-26 03:12	108032	----a-w-	c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 21:19 . 2013-07-13 06:16	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-08-14 21:19 . 2013-07-13 04:23	1568256	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-14 21:19 . 2013-07-13 06:18	337408	----a-w-	c:\windows\system32\wintrust.dll
2013-08-14 21:19 . 2013-07-13 06:15	124416	----a-w-	c:\windows\system32\apprepapi.dll
2013-08-14 21:19 . 2013-07-13 04:24	261120	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-08-14 21:19 . 2013-07-13 06:16	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-14 21:19 . 2013-07-13 04:23	87040	----a-w-	c:\windows\SysWow64\apprepapi.dll
2013-08-14 21:19 . 2013-07-13 06:15	98304	----a-w-	c:\windows\system32\apprepsync.dll
2013-08-14 21:19 . 2013-07-13 04:23	74240	----a-w-	c:\windows\SysWow64\apprepsync.dll
2013-08-10 05:12 . 2013-08-10 05:12	--------	d-----w-	C:\Output
2013-08-10 05:06 . 2013-08-10 05:06	--------	d-----w-	C:\MP4ToMP3Converter
2013-08-09 17:04 . 2013-08-09 17:08	--------	d-----w-	c:\users\Foxy\AppData\Roaming\Mp3tag
2013-08-09 16:45 . 2013-08-09 16:46	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-08-09 16:45 . 2013-08-09 16:46	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-08-09 16:42 . 2013-08-09 16:42	--------	d-----w-	c:\program files (x86)\Mp3tag
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 22:19 . 2013-05-24 01:43	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-06-27 22:50 . 2013-05-23 22:00	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-27 22:50 . 2013-05-23 22:00	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 22:50 . 2013-05-23 22:00	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-27 22:04 . 2013-05-24 17:17	78200	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2013-05-24 17:17	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41 . 2013-07-16 23:23	997632	----a-w-	c:\windows\system32\drivers\ndis.sys
2013-06-09 19:59 . 2013-07-02 14:37	216064	----a-w-	c:\windows\SysWow64\gcapi_dll.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Foxy\AppData\Roaming\uTorrent\uTorrent.exe" [2013-06-16 1045072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Avast\avastUI.exe" [2013-05-09 4858968]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Foxy\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 OpenSSHServer;Openssh SSHD;c:\program files (x86)\ICW\bin\cygrunsrv.exe;c:\program files (x86)\ICW\bin\cygrunsrv.exe [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 WANdiscouberSVNSubversionServer;WANdisco uberSVN Subversion Server;c:\program files (x86)\WANdisco\uberSVN\bin\httpd.exe;c:\program files (x86)\WANdisco\uberSVN\bin\httpd.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 StartMenuService;StartMenu8 Service;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 uberSVNportal;WANdisco uberSVN Portal;c:\program files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe;c:\program files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 12:34	1177552	----a-w-	c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001Core.job
- c:\users\Foxy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-23 22:43]
.
2013-09-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001UA.job
- c:\users\Foxy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-23 22:43]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-23 22:17]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-23 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{17082057-B53A-4C4D-945D-52D2AFB6D3C6}: NameServer = 192.168.178.1,192.168.178.2
FF - ProfilePath - c:\users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ff
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF - ExtSQL: 2013-07-13 16:46; {1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}; c:\users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}.xpi
FF - ExtSQL: 2013-07-28 12:27; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-08-21 23:03; iobitapps@mybrowserbar.com; c:\program files (x86)\IObit Apps Toolbar\FF
FF - ExtSQL: 2013-08-30 23:10; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-09-07  21:49:34
ComboFix-quarantined-files.txt  2013-09-07 19:49
ComboFix.txt  2013-09-07 19:27
.
Vor Suchlauf: 24 Verzeichnis(se), 51.696.234.496 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 51.506.446.336 Bytes frei
.
- - End Of File - - 24C989365C8268648F88A065EA917592
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 09.09.2013, 05:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Unaufgeforderter Start von Programm-Deinstallation

Alt 09.09.2013, 05:59   #7
kakuzu
 
Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.09.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16660
Foxy :: FOXYNET [Administrator]

Schutz: Aktiviert

09.09.2013 06:54:03
mbam-log-2013-09-09 (06-54-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244996
Laufzeit: 4 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9B26D82-7D82-F815-E611-53D5975C5484} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\InstallMate\{511AE579-54BB-4668-A483-1C998AF9C78F}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\InstallMate\{511AE579-54BB-4668-A483-1C998AF9C78F}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
# AdwCleaner v3.003 - Bericht erstellt am 09/09/2013 um 07:06:42
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 8 Enterprise  (64 bits)
# Benutzername : Foxy - FOXYNET
# Gestartet von : C:\Users\Foxy\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v22.0 (de)

[ Datei : C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ Datei : C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [3313 octets] - [06/09/2013 23:06:22]
AdwCleaner[R1].txt - [1181 octets] - [09/09/2013 07:05:42]
AdwCleaner[S0].txt - [3039 octets] - [06/09/2013 23:07:55]
AdwCleaner[S1].txt - [986 octets] - [09/09/2013 07:06:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1045 octets] ##########
         
JRT Laufen lassen als Administrator, Scan hält beim Scannen der Registry mit der meldung Zugriff verweigert an.

Geändert von kakuzu (09.09.2013 um 06:22 Uhr)

Alt 09.09.2013, 06:28   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



dann FRST
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.09.2013, 06:30   #9
kakuzu
 
Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



doch nicht als Admin ausgeführt sorry.

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 8 Enterprise x64
Ran by Foxy on 09.09.2013 at  7:23:03,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.09.2013 at  7:28:45,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013
Ran by Foxy (administrator) on FOXYNET on 09-09-2013 07:31:04
Running from C:\Users\Foxy\Downloads
Windows 8 Enterprise (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
() C:\Program Files (x86)\CPUCooL\CooLSrv.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\ICW\bin\cygrunsrv.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
() C:\Program Files (x86)\ICW\bin\sshd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Apache Software Foundation) C:\Program Files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe
(Facebook) C:\Users\Foxy\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVAST Software) C:\Program Files\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - C:\Users\Foxy\AppData\Roaming\uTorrent\uTorrent.exe [1045072 2013-06-16] (BitTorrent Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
Startup: C:\Users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Foxy\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {D68B32F3-17D3-4C24-A643-C561B7FD4C08} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\..\Interfaces\{17082057-B53A-4C4D-945D-52D2AFB6D3C6}: [NameServer]192.168.178.1,192.168.178.2

FireFox:
========
FF ProfilePath: C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default
FF Homepage: hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ff
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Foxy\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Address Bar Search - C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF Extension: iobitapps - C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\Extensions\iobitapps@mybrowserbar.com
FF Extension: No Name - C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\Extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR Extension: (ProxTube) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Webpage Screenshot Capture) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.1_0
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0
CHR Extension: (AdBlock) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Webpage Screenshot Gallery) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohfjeijmlcjiofmmcfichimcnbclkhp\1.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)
R2 CPUCooLServer; C:\Program Files (x86)\CPUCooL\CooLSrv.exe [743936 2011-12-01] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OpenSSHServer; C:\Program Files (x86)\ICW\bin\cygrunsrv.exe [68096 2009-05-14] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-05-02] (IObit)
R2 uberSVNportal; C:\Program Files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe [74752 2011-08-02] (Apache Software Foundation)
S3 wampapache; E:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [22016 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; E:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] ()
S3 WANdiscouberSVNSubversionServer; C:\Program Files (x86)\WANdisco\uberSVN\bin\httpd.exe [18432 2012-07-17] (Apache Software Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-09 07:28 - 2013-09-09 07:28 - 00000622 _____ C:\Users\Foxy\Desktop\JRT.txt
2013-09-09 07:13 - 2013-09-09 07:13 - 01029490 _____ (Thisisu) C:\Users\Foxy\Downloads\JRT.exe
2013-09-09 06:54 - 2013-09-09 06:54 - 01037278 _____ C:\Users\Foxy\Downloads\adwcleaner.exe
2013-09-09 05:15 - 2013-09-09 05:15 - 00382288 _____ C:\Users\Foxy\Downloads\Recount-v5.0.5b_release.zip
2013-09-07 21:49 - 2013-09-07 21:49 - 00012166 _____ C:\ComboFix.txt
2013-09-07 21:12 - 2013-09-07 21:49 - 00000000 ____D C:\Qoobox
2013-09-07 21:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-07 21:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-07 21:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-07 21:11 - 2013-09-07 21:25 - 00000000 ____D C:\Windows\erdnt
2013-09-07 21:10 - 2013-09-07 21:11 - 05120615 ____R (Swearware) C:\Users\Foxy\Desktop\ComboFix.exe
2013-09-06 23:12 - 2013-09-06 23:12 - 00000000 ____D C:\Windows\ERUNT
2013-09-06 23:06 - 2013-09-09 07:06 - 00000000 ____D C:\AdwCleaner
2013-09-06 20:04 - 2013-09-06 20:04 - 00027421 _____ C:\Users\Foxy\Downloads\Addition.txt
2013-09-06 20:03 - 2013-09-06 20:03 - 00000000 ____D C:\FRST
2013-09-06 09:15 - 2013-09-06 09:15 - 00061788 _____ C:\Users\Foxy\Downloads\Extras.Txt
2013-09-06 09:11 - 2013-09-06 09:11 - 00094980 _____ C:\Users\Foxy\Downloads\OTL.Txt
2013-09-06 08:57 - 2013-09-06 08:57 - 00602112 _____ (OldTimer Tools) C:\Users\Foxy\Downloads\OTL.exe
2013-09-06 08:53 - 2013-09-06 08:53 - 04745728 _____ (AVAST Software) C:\Users\Foxy\Downloads\aswMBR.exe
2013-09-04 23:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-09-04 23:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-09-04 23:10 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-09-04 23:10 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-09-04 23:10 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-09-04 23:09 - 2013-09-04 23:09 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-04 23:09 - 2013-09-04 23:09 - 00000000 ____D C:\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-04 23:06 - 2013-09-04 23:07 - 34888568 _____ (Riot Games) C:\Users\Foxy\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-08-26 22:37 - 2013-08-26 23:43 - 977100800 _____ C:\Users\Foxy\Downloads\Percy.Jackson.Im.Bann.des.Zyklopen.2013.German.MD.Ts.XviD-KMOA.avi
2013-08-25 00:08 - 2013-08-25 00:08 - 11775928 _____ C:\Users\Foxy\Downloads\isorpg_copyfree.zip
2013-08-22 21:57 - 2013-08-22 21:57 - 01002952 _____ C:\Users\Foxy\Downloads\VuhDo_3.29.zip
2013-08-22 20:22 - 2013-09-08 19:50 - 00000000 ____D C:\Users\Foxy\Downloads\Musik
2013-08-21 23:06 - 2013-08-21 23:06 - 00003166 _____ C:\Windows\System32\Tasks\StartMenuAutoupdate
2013-08-21 23:06 - 2013-08-21 23:06 - 00001981 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 23:01 - 2013-08-21 23:06 - 00000000 ____D C:\ProgramData\IObit
2013-08-21 23:00 - 2013-08-21 23:06 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-21 23:00 - 2013-08-21 23:00 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\IObit
2013-08-14 23:24 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 23:24 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 23:24 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:22 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:22 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:22 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:22 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:22 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:22 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:22 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:22 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:22 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 23:22 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 23:22 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 23:21 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:21 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:21 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:21 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:20 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:19 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 23:19 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 23:19 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 23:19 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 23:19 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 23:19 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 23:19 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 23:19 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 23:19 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 19:56 - 2013-08-14 19:57 - 00001592 _____ C:\Windows\setupact.log
2013-08-14 19:56 - 2013-08-14 19:56 - 00000000 _____ C:\Windows\setuperr.log
2013-08-10 07:12 - 2013-08-10 07:12 - 00000000 ____D C:\Output
2013-08-10 07:06 - 2013-08-10 07:06 - 00000627 _____ C:\Users\Public\Desktop\MP4 To MP3 Converter.lnk
2013-08-10 07:06 - 2013-08-10 07:06 - 00000000 ____D C:\MP4ToMP3Converter

==================== One Month Modified Files and Folders =======

2013-09-09 07:30 - 2013-09-09 07:30 - 01948948 _____ (Farbar) C:\Users\Foxy\Downloads\FRST64.exe
2013-09-09 07:30 - 2013-05-23 23:45 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3466370061-3238665318-1221741988-1001
2013-09-09 07:28 - 2013-09-09 07:28 - 00000622 _____ C:\Users\Foxy\Desktop\JRT.txt
2013-09-09 07:21 - 2013-07-27 00:03 - 01289297 _____ C:\Windows\WindowsUpdate.log
2013-09-09 07:13 - 2013-09-09 07:13 - 01029490 _____ (Thisisu) C:\Users\Foxy\Downloads\JRT.exe
2013-09-09 07:08 - 2013-05-24 00:17 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 07:08 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 07:07 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-09 07:06 - 2013-09-06 23:06 - 00000000 ____D C:\AdwCleaner
2013-09-09 07:01 - 2013-08-01 20:56 - 00003734 _____ C:\Windows\PFRO.log
2013-09-09 07:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-09 06:54 - 2013-09-09 06:54 - 01037278 _____ C:\Users\Foxy\Downloads\adwcleaner.exe
2013-09-09 06:48 - 2013-05-24 00:43 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001UA.job
2013-09-09 06:33 - 2013-05-24 00:17 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 05:15 - 2013-09-09 05:15 - 00382288 _____ C:\Users\Foxy\Downloads\Recount-v5.0.5b_release.zip
2013-09-09 00:48 - 2013-05-24 00:43 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001Core.job
2013-09-08 19:55 - 2013-06-16 19:35 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\uTorrent
2013-09-08 19:50 - 2013-08-22 20:22 - 00000000 ____D C:\Users\Foxy\Downloads\Musik
2013-09-07 22:07 - 2013-09-07 22:07 - 00891115 _____ C:\Users\Foxy\Downloads\SecurityCheck.exe
2013-09-07 21:54 - 2013-06-24 16:31 - 00004152 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-07 21:49 - 2013-09-07 21:12 - 00000000 ____D C:\Qoobox
2013-09-07 21:47 - 2012-07-26 07:26 - 00000215 _____ C:\Windows\system.ini
2013-09-07 21:25 - 2013-09-07 21:11 - 00000000 ____D C:\Windows\erdnt
2013-09-07 21:11 - 2013-09-07 21:10 - 05120615 ____R (Swearware) C:\Users\Foxy\Desktop\ComboFix.exe
2013-09-06 23:26 - 2013-07-27 05:22 - 00000000 ____D C:\Program Files (x86)\Worldforge
2013-09-06 23:12 - 2013-09-06 23:12 - 00000000 ____D C:\Windows\ERUNT
2013-09-06 20:04 - 2013-09-06 20:04 - 00027421 _____ C:\Users\Foxy\Downloads\Addition.txt
2013-09-06 20:03 - 2013-09-06 20:03 - 00000000 ____D C:\FRST
2013-09-06 09:15 - 2013-09-06 09:15 - 00061788 _____ C:\Users\Foxy\Downloads\Extras.Txt
2013-09-06 09:11 - 2013-09-06 09:11 - 00094980 _____ C:\Users\Foxy\Downloads\OTL.Txt
2013-09-06 08:57 - 2013-09-06 08:57 - 00602112 _____ (OldTimer Tools) C:\Users\Foxy\Downloads\OTL.exe
2013-09-06 08:53 - 2013-09-06 08:53 - 04745728 _____ (AVAST Software) C:\Users\Foxy\Downloads\aswMBR.exe
2013-09-06 08:44 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-04 23:09 - 2013-09-04 23:09 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-04 23:09 - 2013-09-04 23:09 - 00000000 ____D C:\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-04 23:07 - 2013-09-04 23:06 - 34888568 _____ (Riot Games) C:\Users\Foxy\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-09-04 20:00 - 2013-05-26 01:40 - 00001456 _____ C:\Users\Foxy\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-09-04 14:46 - 2013-05-24 00:19 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-01 04:40 - 2013-06-30 02:13 - 00000000 ____D C:\Users\Foxy\Desktop\CAKE 3.0
2013-09-01 04:40 - 2013-06-30 00:28 - 00000000 ____D C:\Users\Foxy\Desktop\PHPanda
2013-09-01 04:33 - 2013-06-08 03:26 - 00000000 ____D C:\Users\Foxy\Desktop\pandasoft
2013-09-01 03:53 - 2013-07-22 19:36 - 04943568 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-30 09:18 - 2013-06-30 23:51 - 00000000 ____D C:\Users\Foxy\Documents\Grimloards
2013-08-29 15:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-26 23:43 - 2013-08-26 22:37 - 977100800 _____ C:\Users\Foxy\Downloads\Percy.Jackson.Im.Bann.des.Zyklopen.2013.German.MD.Ts.XviD-KMOA.avi
2013-08-25 00:10 - 2013-06-03 00:33 - 00000000 ____D C:\Users\Foxy\Documents\NetBeansProjects
2013-08-25 00:08 - 2013-08-25 00:08 - 11775928 _____ C:\Users\Foxy\Downloads\isorpg_copyfree.zip
2013-08-23 05:49 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-22 21:57 - 2013-08-22 21:57 - 01002952 _____ C:\Users\Foxy\Downloads\VuhDo_3.29.zip
2013-08-22 13:16 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-22 13:16 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-21 23:06 - 2013-08-21 23:06 - 00003166 _____ C:\Windows\System32\Tasks\StartMenuAutoupdate
2013-08-21 23:06 - 2013-08-21 23:06 - 00001981 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 23:06 - 2013-08-21 23:01 - 00000000 ____D C:\ProgramData\IObit
2013-08-21 23:06 - 2013-08-21 23:00 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-21 23:00 - 2013-08-21 23:00 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\IObit
2013-08-20 22:13 - 2013-05-24 00:00 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-20 22:12 - 2013-05-23 23:58 - 00000000 ____D C:\Program Files\Avast
2013-08-15 00:22 - 2013-07-18 03:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:19 - 2013-05-24 03:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 19:58 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-14 19:58 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-14 19:58 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 19:57 - 2013-08-14 19:56 - 00001592 _____ C:\Windows\setupact.log
2013-08-14 19:56 - 2013-08-14 19:56 - 00000000 _____ C:\Windows\setuperr.log
2013-08-10 07:12 - 2013-08-10 07:12 - 00000000 ____D C:\Output
2013-08-10 07:06 - 2013-08-10 07:06 - 00000627 _____ C:\Users\Public\Desktop\MP4 To MP3 Converter.lnk
2013-08-10 07:06 - 2013-08-10 07:06 - 00000000 ____D C:\MP4ToMP3Converter

Files to move or delete:
====================
C:\Users\Foxy\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-31 03:00

==================== End Of Log ============================
         
--- --- ---


So sollten nun alle geforderten Logs sein. Sollte ich gleich nicht Antworten, bin ich erstmal unterwegs. Schau dann heute Abend wieder rein

Geändert von kakuzu (09.09.2013 um 06:35 Uhr)

Alt 09.09.2013, 16:33   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Wie siehts mit den Problemen aus?


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.09.2013, 23:40   #11
kakuzu
 
Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Zitat:
Wie siehts mit den Problemen aus?
Behalte den Rechner mal ein paar Tage im Auge, aber seit wir die Bereinigungen gemacht haben kein Unerwünschtes Verhalten mehr festgestellt.

Scan logg folgen gleich

So Scan hat etwas gedauert. hier die gewünschten Logs.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=78d92515fab29145856ea8c7b9a19b41
# engine=15064
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-09 10:34:25
# local_time=2013-09-10 12:34:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 1595856 38272176 0 0
# scanned=392019
# found=0
# cleaned=0
# scan_time=13104
         
Code:
ATTFilter
Results of screen317's Security Check version 0.99.73  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	11.7.700.224  
 Mozilla Firefox 22.0 Firefox out of Date!  
 Mozilla Thunderbird (17.0.6) 
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Avast AvastSvc.exe   
 Avast AvastUI.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Firefox Out of Date, habs mal Aktualisiert. Nutze den Browser zu selten ^^

Alt 10.09.2013, 08:57   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Dann bitte noch ein frisches FRST log und Rückmeldung ob die Probleme nochmal kamen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2013, 08:13   #13
kakuzu
 
Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Dachte schon alles ist OK, bis der Rechner übernacht wieder an war und ich wieder die Meldung hatte.

Hier mal Der log von Avast
Code:
ATTFilter
11.09.2013 03:04:29	Autosandbox candidate: C:\Program Files\NetBeans 7.3\uninstall.exe
	[Source: local://*C:\Program Files\Java\jre7\bin\java.exe		local://C:\Windows\Installer\MSI9464.tmp		local://*C:\Windows\System32\msiexec.exe		]
	[Opened by: C:\Windows\System32\rundll32.exe]
	[Reason: 0x00020000]
	 --> Result: Denying execution (based on user's decision).
         
UNd ein frischer FRST Log


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by Foxy (administrator) on FOXYNET on 11-09-2013 09:07:32
Running from C:\Users\Foxy\Downloads
Windows 8 Enterprise (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
() C:\Program Files (x86)\CPUCooL\CooLSrv.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\ICW\bin\cygrunsrv.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
() C:\Program Files (x86)\ICW\bin\sshd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Apache Software Foundation) C:\Program Files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(AVAST Software) C:\Program Files\Avast\AvastUI.exe
(Facebook) C:\Users\Foxy\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - C:\Users\Foxy\AppData\Roaming\uTorrent\uTorrent.exe [1045072 2013-06-16] (BitTorrent Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
Startup: C:\Users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Foxy\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x02596B5A4D8BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {D68B32F3-17D3-4C24-A643-C561B7FD4C08} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\..\Interfaces\{17082057-B53A-4C4D-945D-52D2AFB6D3C6}: [NameServer]192.168.178.1,192.168.178.2

FireFox:
========
FF ProfilePath: C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Foxy\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Address Bar Search - C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF Extension: No Name - C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\vphn63bh.default\Extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=ct2736476&SearchSource=48", "hxxp://www.google.com", "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=6e11ca8e000000000000022100956099", "hxxp://www.giga.de/!22/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (ProxTube) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Webpage Screenshot Capture) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.1_0
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0
CHR Extension: (AdBlock) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Webpage Screenshot Gallery) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohfjeijmlcjiofmmcfichimcnbclkhp\1.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Foxy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)
R2 CPUCooLServer; C:\Program Files (x86)\CPUCooL\CooLSrv.exe [743936 2011-12-01] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OpenSSHServer; C:\Program Files (x86)\ICW\bin\cygrunsrv.exe [68096 2009-05-14] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-05-02] (IObit)
R2 uberSVNportal; C:\Program Files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe [74752 2011-08-02] (Apache Software Foundation)
S3 wampapache; E:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [22016 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; E:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] ()
S3 WANdiscouberSVNSubversionServer; C:\Program Files (x86)\WANdisco\uberSVN\bin\httpd.exe [18432 2012-07-17] (Apache Software Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 23:54 - 2013-09-10 23:54 - 01038690 _____ C:\Users\Foxy\Downloads\GatherMate2-1.22-4-gc890ff1.zip
2013-09-10 23:54 - 2013-09-10 23:54 - 00290665 _____ C:\Users\Foxy\Downloads\GatherMate2_Data-v13.7.zip
2013-09-10 23:52 - 2013-09-10 23:52 - 00692869 _____ C:\Users\Foxy\Downloads\Gatherer-4.0.6.zip
2013-09-10 00:37 - 2013-09-10 00:38 - 00891144 _____ C:\Users\Foxy\Downloads\SecurityCheck.exe
2013-09-09 20:53 - 2013-09-09 20:53 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 20:51 - 2013-09-09 20:51 - 02347384 _____ (ESET) C:\Users\Foxy\Downloads\Der.exe
2013-09-09 07:28 - 2013-09-09 07:28 - 00000622 _____ C:\Users\Foxy\Desktop\JRT.txt
2013-09-09 07:13 - 2013-09-09 07:13 - 01029490 _____ (Thisisu) C:\Users\Foxy\Downloads\JRT.exe
2013-09-09 06:54 - 2013-09-09 06:54 - 01037278 _____ C:\Users\Foxy\Downloads\adwcleaner.exe
2013-09-09 05:15 - 2013-09-09 05:15 - 00382288 _____ C:\Users\Foxy\Downloads\Recount-v5.0.5b_release.zip
2013-09-07 21:49 - 2013-09-07 21:49 - 00012166 _____ C:\ComboFix.txt
2013-09-07 21:12 - 2013-09-07 21:49 - 00000000 ____D C:\Qoobox
2013-09-07 21:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-07 21:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-07 21:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-07 21:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-07 21:11 - 2013-09-07 21:25 - 00000000 ____D C:\Windows\erdnt
2013-09-07 21:10 - 2013-09-07 21:11 - 05120615 ____R (Swearware) C:\Users\Foxy\Desktop\ComboFix.exe
2013-09-06 23:12 - 2013-09-06 23:12 - 00000000 ____D C:\Windows\ERUNT
2013-09-06 23:06 - 2013-09-09 07:06 - 00000000 ____D C:\AdwCleaner
2013-09-06 20:04 - 2013-09-06 20:04 - 00027421 _____ C:\Users\Foxy\Downloads\Addition.txt
2013-09-06 20:03 - 2013-09-06 20:03 - 00000000 ____D C:\FRST
2013-09-06 09:15 - 2013-09-06 09:15 - 00061788 _____ C:\Users\Foxy\Downloads\Extras.Txt
2013-09-06 09:11 - 2013-09-06 09:11 - 00094980 _____ C:\Users\Foxy\Downloads\OTL.Txt
2013-09-06 08:57 - 2013-09-06 08:57 - 00602112 _____ (OldTimer Tools) C:\Users\Foxy\Downloads\OTL.exe
2013-09-06 08:53 - 2013-09-06 08:53 - 04745728 _____ (AVAST Software) C:\Users\Foxy\Downloads\aswMBR.exe
2013-09-04 23:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-09-04 23:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-09-04 23:10 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-09-04 23:10 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-09-04 23:10 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-09-04 23:09 - 2013-09-04 23:09 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-04 23:09 - 2013-09-04 23:09 - 00000000 ____D C:\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-04 23:06 - 2013-09-04 23:07 - 34888568 _____ (Riot Games) C:\Users\Foxy\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-08-26 22:37 - 2013-08-26 23:43 - 977100800 _____ C:\Users\Foxy\Downloads\Percy.Jackson.Im.Bann.des.Zyklopen.2013.German.MD.Ts.XviD-KMOA.avi
2013-08-25 00:08 - 2013-08-25 00:08 - 11775928 _____ C:\Users\Foxy\Downloads\isorpg_copyfree.zip
2013-08-22 21:57 - 2013-08-22 21:57 - 01002952 _____ C:\Users\Foxy\Downloads\VuhDo_3.29.zip
2013-08-22 20:22 - 2013-09-08 19:50 - 00000000 ____D C:\Users\Foxy\Downloads\Musik
2013-08-21 23:06 - 2013-08-21 23:06 - 00003166 _____ C:\Windows\System32\Tasks\StartMenuAutoupdate
2013-08-21 23:06 - 2013-08-21 23:06 - 00001981 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 23:01 - 2013-08-21 23:06 - 00000000 ____D C:\ProgramData\IObit
2013-08-21 23:00 - 2013-08-21 23:06 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-21 23:00 - 2013-08-21 23:00 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\IObit
2013-08-14 23:24 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 23:24 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 23:24 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 23:22 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:22 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:22 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:22 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:22 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:22 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:22 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:22 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:22 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:22 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:22 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:22 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 23:22 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 23:22 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 23:21 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:21 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:21 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:21 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:20 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:20 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:19 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 23:19 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 23:19 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 23:19 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 23:19 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 23:19 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 23:19 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 23:19 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 23:19 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 19:56 - 2013-08-14 19:57 - 00001592 _____ C:\Windows\setupact.log
2013-08-14 19:56 - 2013-08-14 19:56 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-09-11 09:07 - 2013-09-11 09:07 - 01949408 _____ (Farbar) C:\Users\Foxy\Downloads\FRST64.exe
2013-09-11 09:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-11 08:45 - 2013-07-27 00:03 - 01578972 _____ C:\Windows\WindowsUpdate.log
2013-09-11 08:33 - 2013-05-24 00:17 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 06:48 - 2013-05-24 00:43 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001UA.job
2013-09-11 02:33 - 2013-05-24 00:17 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 00:48 - 2013-05-24 00:43 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3466370061-3238665318-1221741988-1001Core.job
2013-09-10 23:54 - 2013-09-10 23:54 - 01038690 _____ C:\Users\Foxy\Downloads\GatherMate2-1.22-4-gc890ff1.zip
2013-09-10 23:54 - 2013-09-10 23:54 - 00290665 _____ C:\Users\Foxy\Downloads\GatherMate2_Data-v13.7.zip
2013-09-10 23:52 - 2013-09-10 23:52 - 00692869 _____ C:\Users\Foxy\Downloads\Gatherer-4.0.6.zip
2013-09-10 00:42 - 2013-05-24 00:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 00:38 - 2013-09-10 00:37 - 00891144 _____ C:\Users\Foxy\Downloads\SecurityCheck.exe
2013-09-09 20:53 - 2013-09-09 20:53 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 20:51 - 2013-09-09 20:51 - 02347384 _____ (ESET) C:\Users\Foxy\Downloads\Der.exe
2013-09-09 16:10 - 2013-05-23 23:45 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3466370061-3238665318-1221741988-1001
2013-09-09 07:28 - 2013-09-09 07:28 - 00000622 _____ C:\Users\Foxy\Desktop\JRT.txt
2013-09-09 07:13 - 2013-09-09 07:13 - 01029490 _____ (Thisisu) C:\Users\Foxy\Downloads\JRT.exe
2013-09-09 07:08 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 07:07 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-09 07:06 - 2013-09-06 23:06 - 00000000 ____D C:\AdwCleaner
2013-09-09 07:01 - 2013-08-01 20:56 - 00003734 _____ C:\Windows\PFRO.log
2013-09-09 06:54 - 2013-09-09 06:54 - 01037278 _____ C:\Users\Foxy\Downloads\adwcleaner.exe
2013-09-09 05:15 - 2013-09-09 05:15 - 00382288 _____ C:\Users\Foxy\Downloads\Recount-v5.0.5b_release.zip
2013-09-08 19:55 - 2013-06-16 19:35 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\uTorrent
2013-09-08 19:50 - 2013-08-22 20:22 - 00000000 ____D C:\Users\Foxy\Downloads\Musik
2013-09-07 21:54 - 2013-06-24 16:31 - 00004152 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-07 21:49 - 2013-09-07 21:49 - 00012166 _____ C:\ComboFix.txt
2013-09-07 21:49 - 2013-09-07 21:12 - 00000000 ____D C:\Qoobox
2013-09-07 21:47 - 2012-07-26 07:26 - 00000215 _____ C:\Windows\system.ini
2013-09-07 21:25 - 2013-09-07 21:11 - 00000000 ____D C:\Windows\erdnt
2013-09-07 21:11 - 2013-09-07 21:10 - 05120615 ____R (Swearware) C:\Users\Foxy\Desktop\ComboFix.exe
2013-09-06 23:26 - 2013-07-27 05:22 - 00000000 ____D C:\Program Files (x86)\Worldforge
2013-09-06 23:12 - 2013-09-06 23:12 - 00000000 ____D C:\Windows\ERUNT
2013-09-06 20:04 - 2013-09-06 20:04 - 00027421 _____ C:\Users\Foxy\Downloads\Addition.txt
2013-09-06 20:03 - 2013-09-06 20:03 - 00000000 ____D C:\FRST
2013-09-06 09:15 - 2013-09-06 09:15 - 00061788 _____ C:\Users\Foxy\Downloads\Extras.Txt
2013-09-06 09:11 - 2013-09-06 09:11 - 00094980 _____ C:\Users\Foxy\Downloads\OTL.Txt
2013-09-06 08:57 - 2013-09-06 08:57 - 00602112 _____ (OldTimer Tools) C:\Users\Foxy\Downloads\OTL.exe
2013-09-06 08:53 - 2013-09-06 08:53 - 04745728 _____ (AVAST Software) C:\Users\Foxy\Downloads\aswMBR.exe
2013-09-06 08:44 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-04 23:09 - 2013-09-04 23:09 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-04 23:09 - 2013-09-04 23:09 - 00000000 ____D C:\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\Riot Games
2013-09-04 23:07 - 2013-09-04 23:07 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-04 23:07 - 2013-09-04 23:06 - 34888568 _____ (Riot Games) C:\Users\Foxy\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-09-04 20:00 - 2013-05-26 01:40 - 00001456 _____ C:\Users\Foxy\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-09-04 14:46 - 2013-05-24 00:19 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-01 04:40 - 2013-06-30 02:13 - 00000000 ____D C:\Users\Foxy\Desktop\CAKE 3.0
2013-09-01 04:40 - 2013-06-30 00:28 - 00000000 ____D C:\Users\Foxy\Desktop\PHPanda
2013-09-01 04:33 - 2013-06-08 03:26 - 00000000 ____D C:\Users\Foxy\Desktop\pandasoft
2013-09-01 03:53 - 2013-07-22 19:36 - 04943568 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-30 09:18 - 2013-06-30 23:51 - 00000000 ____D C:\Users\Foxy\Documents\Grimloards
2013-08-29 15:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-26 23:43 - 2013-08-26 22:37 - 977100800 _____ C:\Users\Foxy\Downloads\Percy.Jackson.Im.Bann.des.Zyklopen.2013.German.MD.Ts.XviD-KMOA.avi
2013-08-25 00:10 - 2013-06-03 00:33 - 00000000 ____D C:\Users\Foxy\Documents\NetBeansProjects
2013-08-25 00:08 - 2013-08-25 00:08 - 11775928 _____ C:\Users\Foxy\Downloads\isorpg_copyfree.zip
2013-08-23 05:49 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-22 21:57 - 2013-08-22 21:57 - 01002952 _____ C:\Users\Foxy\Downloads\VuhDo_3.29.zip
2013-08-22 13:16 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-22 13:16 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-21 23:06 - 2013-08-21 23:06 - 00003166 _____ C:\Windows\System32\Tasks\StartMenuAutoupdate
2013-08-21 23:06 - 2013-08-21 23:06 - 00001981 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 23:06 - 2013-08-21 23:01 - 00000000 ____D C:\ProgramData\IObit
2013-08-21 23:06 - 2013-08-21 23:00 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-21 23:00 - 2013-08-21 23:00 - 00000000 ____D C:\Users\Foxy\AppData\Roaming\IObit
2013-08-20 22:13 - 2013-05-24 00:00 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-20 22:12 - 2013-05-23 23:58 - 00000000 ____D C:\Program Files\Avast
2013-08-15 00:22 - 2013-07-18 03:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:19 - 2013-05-24 03:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 19:58 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-14 19:58 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-14 19:58 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 19:57 - 2013-08-14 19:56 - 00001592 _____ C:\Windows\setupact.log
2013-08-14 19:56 - 2013-08-14 19:56 - 00000000 _____ C:\Windows\setuperr.log

Files to move or delete:
====================
C:\Users\Foxy\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-10 04:06

==================== End Of Log ============================
         
--- --- ---



Durch die Log Info nehme ich an das es Etwas mit Java Zu tun hat. Aber die Auswertung überlasse ich dir.

Alt 11.09.2013, 09:11   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Deinstalliere alles von java.

Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2013, 20:59   #15
kakuzu
 
Unaufgeforderter Start von Programm-Deinstallation - Standard

Unaufgeforderter Start von Programm-Deinstallation



Guten Abend,

die Version vom Programm auf der von dir geposteten Seite ist v1.9.15 beim Starten bekomme ich die meldung das bereits v1.9.17 verfügbar ist.
Dennoch die veraltete Version verwenden? Falls nein, reicht die auf der Herstellerseite angebotene Portable Edition?

Herstellerseite: hxxp://www.tweaking.com/content/page/windows_repair_all_in_one.html

So habe nun die Aktuellste Version verwendet und alles Komplett wie in der Anleitung laufen bis auf den Hacken bei "Reset Registry Permissions" alles gesetzt, da diese Funktion bei Windows 8 Deaktiviert ist, da es sonst zu Schäden am Windows 8 Store kommen kann.

Geändert von kakuzu (11.09.2013 um 18:35 Uhr) Grund: Url eingefügt, da Links Posten nicht möglich

Antwort

Themen zu Unaufgeforderter Start von Programm-Deinstallation
abständen, andere, antivirus, aufgetaucht, avast, avast antivirus, deinstallation, deinstalliere, folgendes, free, guten, immer wieder, jemandem, melde, meldet, regelmäßigen, scan, scanne, software, start, tagen, unregelmäßige, verhalten, woche




Ähnliche Themen: Unaufgeforderter Start von Programm-Deinstallation


  1. Deinstallation von PC Performer
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (18)
  2. Win 7: RegSvr32 Fehlermeldung beim Start und blockiertes Avira Programm
    Log-Analyse und Auswertung - 03.01.2015 (11)
  3. SoftwareUpdater deinstallation?
    Plagegeister aller Art und deren Bekämpfung - 06.04.2014 (7)
  4. Win7:Pc startet erst mit dem"start up repair"-Programm
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (12)
  5. C:\Programm Files\HomeTab\TBUpdater.dll erscheint beim Win7 Start / toolbar web1Enhance stört
    Log-Analyse und Auswertung - 16.11.2013 (7)
  6. C:\Programm Files\HomeTab\TBUpdater.dll erscheint beim Win7 Start
    Log-Analyse und Auswertung - 22.09.2013 (14)
  7. Laptop wird langsamer beim programm start und im internet
    Log-Analyse und Auswertung - 27.05.2013 (8)
  8. weisses Fenster beim Start (Programm kann Website nicht öffnen [o.ä.])
    Log-Analyse und Auswertung - 07.09.2012 (5)
  9. Fake-Programm "Security Shield 2012" beim PC-Start
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  10. loadtbs-2.1 unbekanntes programm in programmliste - was ist das für ein programm?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (1)
  11. "Windows Restore" Fenster - Nachrichtenfenster über Systemfehler - unaufgeforderter Systemneustart
    Log-Analyse und Auswertung - 24.04.2011 (13)
  12. komische meldung bei itunes start/installation/deinstallation dringend!
    Alles rund um Windows - 25.12.2010 (4)
  13. Load Programm wird nicht installiert und Malwarebytes nach Start wieder geschlossen
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (37)
  14. ZoneAlarm Deinstallation
    Diskussionsforum - 01.06.2010 (1)
  15. AVG Deinstallation
    Antiviren-, Firewall- und andere Schutzprogramme - 20.12.2008 (5)
  16. Problem mit Deinstallation von AVG
    Antiviren-, Firewall- und andere Schutzprogramme - 20.05.2007 (7)
  17. Probleme mit Deinstallation
    Alles rund um Windows - 12.01.2007 (5)

Zum Thema Unaufgeforderter Start von Programm-Deinstallation - Guten Tag, seit einigen Tagen verfolge ich nun folgendes Geschehen, in unregelmäßigen Abständen meldet mir avast Antivirus den Start einer Deinstallation, ohne meine Aufforderungen. Bei der zu deinstallierenden Software handelt - Unaufgeforderter Start von Programm-Deinstallation...
Archiv
Du betrachtest: Unaufgeforderter Start von Programm-Deinstallation auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.