Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Echtzeitscanner meldet Problem: services.exe w32/patched.uc

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.06.2013, 16:59   #16
schrauber
/// the machine
/// TB-Ausbilder
 

Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Auch nicht nach den Befehlen? Kommst Du auf den Router mit LAN? Das muss gehen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.06.2013, 20:06   #17
tha619
 
Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Nabend,

also folgendes:

Ich komme nach wie vor nicht ins netz mit dem Firefox und auch nicht Chrome. Allerdings komme ich nun mit dem IE rein, aber trzdm kann z.B Avira setup nicht ins Netz, komme per LAN und WLAN mit dem IE rein.

EDIT: Firefox schreibt kein hxxp:// vor die Seite, was denke ich das Problem ist, auch wenn ich es manuell eingebe schreibt Firefox zum Beispeil nur "www.google.de". AUch das Drucken über den WLAN Drucker geht, ich sehe alle Rechner im Netzwerk, also liegt das PRoblem wohl wahrscheinlich an Firefox und Chrome, aber leider auch eine Neuinstallation von Firefox ändert nichts. AVIRA Update kommt auch nicht rein, hm ich bin jetzt ehrlich gesgat überfragt.



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by Nico (administrator) on 24-06-2013 15:20:03
Running from C:\Users\Nico\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

() C:\Windows\system32\services.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
() C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
() C:\Users\Nico\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [CD- und DVD-Sharing] "C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe" [582256 2010-04-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [AdobeBridge]  [x]
HKCU\...\Run: [Google Update] "C:\Users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-26] (Google Inc.)
HKCU\...\Run: [Facebook Update] "C:\Users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-01-04] (Facebook Inc.)
MountPoints2: {ba655669-f6a7-11e1-8ea2-b870f487d6cf} - G:\Autorun.exe
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129648 2011-09-23] (VMware, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{16cdf~1\browse~1.dll  [2521552 2013-06-03] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
URLSearchHook: (No Name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} -  No File
URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=031012_ccp_4012_8&babsrc=SP_ss&mntrId=2cba4256000000000000d0df9a96774e
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=23B62FAA28623C9359D0A45077CD7277&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 C:\Windows\System32\socketspy.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\System32\socketspy.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.)
Winsock: Catalog9 14 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.)
Winsock: Catalog9 15 C:\Windows\System32\socketspy.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft)
Winsock: Catalog9-x64 02 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft)
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Winsock: Catalog9-x64 12 mswsock.dll File Not found ()
Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.)
Winsock: Catalog9-x64 14 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Lavasoft Search Plugin - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: DVDVideoSoftTB DE  - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
FF Extension: Yahoo! Toolbar - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: No Name - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR Extension: () - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.14.250.13_0
CHR Extension: () - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl\2.3.19.11_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (StumbleUpon) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [3085264 2013-06-03] ()
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [39528 2011-01-18] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-03-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
R2 StumbleUponUpdater; C:\Users\Nico\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-04] (Duplex Secure Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-07-19] (Oracle Corporation)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-24 14:20 - 2013-06-24 15:18 - 00000000 ____D C:\FRST
2013-06-24 14:19 - 2013-06-24 14:19 - 01931364 ____A (Farbar) C:\Users\Nico\Downloads\FRST64.exe
2013-06-23 13:01 - 2013-06-23 13:31 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar
2013-06-23 12:17 - 2013-06-24 15:17 - 93616457 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar.part
2013-06-23 11:21 - 2013-06-23 11:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{1D2962E8-3E0C-42C5-A949-111D92C99983}
2013-06-22 17:29 - 2013-06-22 17:29 - 00262144 ____A C:\Windows\Minidump\062213-26738-01.dmp
2013-06-22 13:45 - 2013-06-22 17:29 - 580052725 ____A C:\Windows\MEMORY.DMP
2013-06-22 13:45 - 2013-06-22 17:29 - 00000000 ____D C:\Windows\Minidump
2013-06-22 13:45 - 2013-06-22 13:45 - 00262144 ____A C:\Windows\Minidump\062213-29936-01.dmp
2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable
2013-06-22 12:29 - 2013-06-24 14:33 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus
2013-06-22 12:21 - 2013-06-23 12:16 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar
2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable
2013-06-21 14:19 - 2013-06-21 14:20 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe
2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-21 13:57 - 2013-06-24 15:17 - 00000672 ____A C:\Windows\setupact.log
2013-06-21 13:57 - 2013-06-21 13:57 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 13:56 - 2013-06-21 13:56 - 00000824 ____A C:\Windows\PFRO.log
2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd
2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico
2013-06-20 22:16 - 2013-06-20 22:30 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-20 22:15 - 2013-06-22 11:30 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc
2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN
2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe
2013-06-20 22:07 - 2013-06-20 22:42 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar
2013-06-20 20:02 - 2013-06-20 20:02 - 00000000 ____D C:\Users\Nico\AppData\Roaming\File Scout
2013-06-20 20:02 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe
2013-06-20 19:21 - 2013-06-20 19:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{F9859730-4A8B-4935-96F9-B5159219BD09}
2013-06-18 16:39 - 2013-06-18 16:39 - 00000000 ____D C:\Users\Nico\AppData\Local\{A3B9C5E6-D87F-4DB1-AA34-8258F0A6D317}
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS
2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982
2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod
2013-06-14 14:31 - 2013-06-12 21:15 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo
2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk
2013-06-13 17:22 - 2013-06-13 21:27 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar
2013-06-12 15:53 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 15:53 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 15:53 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 15:53 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 15:53 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 15:53 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 15:53 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 15:53 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 15:53 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 15:53 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 15:53 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 15:53 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 15:53 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 15:53 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 15:53 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 15:53 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 15:53 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 15:53 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 15:53 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 15:53 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 15:53 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 15:53 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-12 15:53 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 15:53 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 15:53 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 15:53 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-12 15:53 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-12 15:53 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 15:53 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 15:53 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 15:53 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 15:53 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 14:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 14:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 14:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 14:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 14:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 14:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 14:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 14:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 14:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 14:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 14:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 14:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 14:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 14:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 14:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 13:55 - 2013-06-11 13:55 - 00000000 ____D C:\Users\Nico\AppData\Local\{4FC71047-D567-49F4-BF1A-EE9BEC968BA8}
2013-06-08 18:41 - 2013-06-08 18:41 - 00000000 ____D C:\Users\Nico\AppData\Local\{D8BDBDB0-6714-480D-91FC-2F101077576A}
2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-06-24 15:18 - 2013-06-24 14:20 - 00000000 ____D C:\FRST
2013-06-24 15:18 - 2012-01-13 17:01 - 00000000 ____D C:\ProgramData\VMware
2013-06-24 15:17 - 2013-06-23 12:17 - 93616457 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar.part
2013-06-24 15:17 - 2013-06-21 13:57 - 00000672 ____A C:\Windows\setupact.log
2013-06-24 15:17 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-24 15:15 - 2012-04-21 12:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Skype
2013-06-24 14:33 - 2013-06-22 12:29 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus
2013-06-24 14:30 - 2012-08-29 20:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-24 14:30 - 2012-08-26 15:03 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job
2013-06-24 14:24 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-24 14:24 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-24 14:20 - 2011-08-18 13:46 - 00765954 ____A C:\Windows\System32\perfh007.dat
2013-06-24 14:20 - 2011-08-18 13:46 - 00174834 ____A C:\Windows\System32\perfc007.dat
2013-06-24 14:20 - 2009-07-14 07:13 - 01808082 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 14:19 - 2013-06-24 14:19 - 01931364 ____A (Farbar) C:\Users\Nico\Downloads\FRST64.exe
2013-06-23 21:00 - 2012-08-26 15:03 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job
2013-06-23 20:51 - 2013-01-04 00:04 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job
2013-06-23 13:31 - 2013-06-23 13:01 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar
2013-06-23 13:24 - 2012-06-06 21:16 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Spotify
2013-06-23 12:16 - 2013-06-22 12:21 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar
2013-06-23 11:48 - 2011-12-19 17:33 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-23 11:21 - 2013-06-23 11:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{1D2962E8-3E0C-42C5-A949-111D92C99983}
2013-06-22 17:29 - 2013-06-22 17:29 - 00262144 ____A C:\Windows\Minidump\062213-26738-01.dmp
2013-06-22 17:29 - 2013-06-22 13:45 - 580052725 ____A C:\Windows\MEMORY.DMP
2013-06-22 17:29 - 2013-06-22 13:45 - 00000000 ____D C:\Windows\Minidump
2013-06-22 13:45 - 2013-06-22 13:45 - 00262144 ____A C:\Windows\Minidump\062213-29936-01.dmp
2013-06-22 13:33 - 2011-12-14 09:59 - 00000000 ____D C:\Users\Nico\AppData\Local\CrashDumps
2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable
2013-06-22 12:41 - 2011-12-08 15:43 - 00000000 ____D C:\users\Nico
2013-06-22 11:30 - 2013-06-20 22:15 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc
2013-06-22 11:18 - 2013-03-19 22:58 - 00629248 __ASH C:\Users\Nico\Desktop\Thumbs.db
2013-06-21 23:08 - 2013-01-04 00:03 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job
2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable
2013-06-21 14:20 - 2013-06-21 14:19 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe
2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-21 13:57 - 2013-06-21 13:57 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 13:56 - 2013-06-21 13:56 - 00000824 ____A C:\Windows\PFRO.log
2013-06-20 22:42 - 2013-06-20 22:07 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar
2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd
2013-06-20 22:30 - 2013-06-20 22:16 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico
2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN
2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe
2013-06-20 22:08 - 2012-01-12 19:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\BitTorrent
2013-06-20 20:02 - 2013-06-20 20:02 - 00000000 ____D C:\Users\Nico\AppData\Roaming\File Scout
2013-06-20 19:44 - 2012-01-12 19:09 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe
2013-06-20 19:21 - 2013-06-20 19:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{F9859730-4A8B-4935-96F9-B5159219BD09}
2013-06-19 18:38 - 2012-06-06 21:17 - 00000000 ____D C:\Users\Nico\AppData\Local\Spotify
2013-06-19 15:31 - 2012-08-26 15:05 - 00002374 ____A C:\Users\Nico\Desktop\Google Chrome.lnk
2013-06-18 16:39 - 2013-06-18 16:39 - 00000000 ____D C:\Users\Nico\AppData\Local\{A3B9C5E6-D87F-4DB1-AA34-8258F0A6D317}
2013-06-18 15:50 - 2011-12-09 15:06 - 01786150 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-18 15:32 - 2012-03-26 20:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-06-18 15:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-06-17 21:28 - 2012-03-26 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS
2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982
2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 18:08 - 2012-10-13 14:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod
2013-06-14 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk
2013-06-13 21:27 - 2013-06-13 17:22 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar
2013-06-12 21:15 - 2013-06-14 14:31 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo
2013-06-12 21:15 - 2013-02-06 22:32 - 00000341 ____A C:\Users\Nico\Downloads\www.goldesel.to - www.charts.to .txt
2013-06-12 21:15 - 2013-02-06 22:32 - 00000291 ____A C:\Users\Nico\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url
2013-06-12 21:15 - 2013-02-06 22:32 - 00000220 ____A C:\Users\Nico\Downloads\Goldesel.to - Die Seite fuer Direkt-Downloads aller Art.url
2013-06-12 18:30 - 2012-04-14 15:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 18:30 - 2011-07-25 12:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 15:51 - 2011-12-17 14:27 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 15:07 - 2013-01-24 18:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-12 15:07 - 2011-07-25 11:54 - 00000000 ____D C:\ProgramData\Skype
2013-06-11 13:55 - 2013-06-11 13:55 - 00000000 ____D C:\Users\Nico\AppData\Local\{4FC71047-D567-49F4-BF1A-EE9BEC968BA8}
2013-06-10 16:40 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 18:41 - 2013-06-08 18:41 - 00000000 ____D C:\Users\Nico\AppData\Local\{D8BDBDB0-6714-480D-91FC-2F101077576A}
2013-06-08 17:43 - 2011-12-15 23:13 - 00000616 ____A C:\Users\Nico\Documents\ax_files.xml
2013-06-07 13:44 - 2012-11-05 18:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Origin
2013-06-07 13:44 - 2012-11-05 18:07 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-05 15:46 - 2013-04-13 19:06 - 00000000 __SHD C:\Users\Nico\wc
2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk
2013-06-05 09:21 - 2012-10-06 16:46 - 00000000 ____D C:\ProgramData\Browser Manager
2013-06-03 17:21 - 2013-04-07 11:47 - 01130496 ____A C:\Users\Nico\Desktop\Schuppenat_Noel_09A (2).lpo
2013-05-28 15:05 - 2013-06-20 20:02 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____N () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-14 22:11

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________


Geändert von tha619 (25.06.2013 um 20:32 Uhr)

Alt 25.06.2013, 21:13   #18
schrauber
/// the machine
/// TB-Ausbilder
 

Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Zitat:
Firefox schreibt kein hxxp:// vor die Seite, was denke ich das Problem ist, auch wenn ich es manuell eingebe schreibt Firefox zum Beispeil nur "www.google.de"
das is normal.

Bitte FRST löschen, neue Version laden und nochmal scannen.
__________________
__________________

Alt 25.06.2013, 21:46   #19
tha619
 
Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Oh, habe ich wohl nie drauf geachtet


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by Nico (administrator) on 25-06-2013 21:44:46
Running from C:\Users\Nico\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Facebook Inc.) C:\Users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [CD- und DVD-Sharing] "C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe" [582256 2010-04-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [Facebook Update] "C:\Users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-01-04] (Facebook Inc.)
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129648 2011-09-23] (VMware, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.)
Winsock: Catalog9 14 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.)
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9-x64 01 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft)
Winsock: Catalog9-x64 02 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft)
Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.)
Winsock: Catalog9-x64 14 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\pelki004.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultSearchURL: (blekko) - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=23B62FAA28623C9359D0A45077CD7277&q={searchTerms}
CHR DefaultSuggestURL: (blekko) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (fluxDVD Browser Plugin) - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Nico\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [39528 2011-01-18] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-03-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-04] (Duplex Secure Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-07-19] (Oracle Corporation)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-25 21:44 - 2013-06-25 21:44 - 01931854 ____A (Farbar) C:\Users\Nico\Desktop\FRST64.exe
2013-06-25 20:57 - 2013-06-25 20:57 - 00094494 ____A C:\Windows\PFRO.log
2013-06-25 20:28 - 2013-06-25 20:28 - 00001421 ____A C:\Users\Nico\Desktop\Internet Explorer (64-bit).lnk
2013-06-25 20:27 - 2013-06-25 20:27 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Avira
2013-06-25 20:24 - 2013-06-25 20:24 - 00002082 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 20:24 - 2013-06-25 20:24 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 20:24 - 2013-06-25 20:24 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-25 20:24 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 20:24 - 2013-02-26 16:56 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 20:24 - 2013-02-26 16:56 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 20:17 - 2013-06-25 20:20 - 102323272 ____A C:\Users\Nico\Downloads\avira_free_antivirus_de.exe
2013-06-25 20:07 - 2013-06-25 20:07 - 00001163 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 20:07 - 2013-06-25 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 20:02 - 2013-06-25 20:05 - 21703480 ____A (Mozilla) C:\Users\Nico\Downloads\Firefox Setup 22.0.exe
2013-06-25 08:58 - 2013-06-25 08:56 - 00355927 ____A (Farbar) C:\Users\Nico\Desktop\FSS.exe
2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\Windows\ERUNT
2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\JRT
2013-06-24 20:02 - 2013-06-24 20:03 - 00009721 ____A C:\AdwCleaner[S1].txt
2013-06-24 20:00 - 2013-06-25 20:57 - 00000392 ____A C:\Windows\setupact.log
2013-06-24 20:00 - 2013-06-24 20:00 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 19:59 - 2013-06-24 19:59 - 00648201 ____A C:\Users\Nico\Desktop\adwcleaner.exe
2013-06-24 19:57 - 2013-06-24 19:58 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Nico\Desktop\JRT.exe
2013-06-24 19:28 - 2013-06-24 19:28 - 00000000 ___SD C:\ComboFix
2013-06-24 18:42 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-24 18:42 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-24 18:42 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-24 18:38 - 2013-06-25 20:56 - 00108306 ____A C:\Windows\WindowsUpdate.log
2013-06-24 18:33 - 2013-06-24 18:33 - 02092792 ____A C:\Users\Nico\Downloads\avira_free_antivirus(1).exe
2013-06-24 18:24 - 2013-06-24 18:25 - 00000075 ____A C:\Users\Nico\Desktop\test.bat
2013-06-24 18:21 - 2013-06-24 19:28 - 00000000 ____D C:\Qoobox
2013-06-24 18:21 - 2013-06-24 19:04 - 00000000 ____D C:\Windows\erdnt
2013-06-24 18:16 - 2013-06-24 18:17 - 05082330 ____R (Swearware) C:\Users\Nico\Desktop\ComboFix.exe
2013-06-24 14:20 - 2013-06-24 15:18 - 00000000 ____D C:\FRST
2013-06-23 13:01 - 2013-06-23 13:31 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar
2013-06-23 12:17 - 2013-06-24 16:49 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar
2013-06-22 13:45 - 2013-06-24 19:29 - 00000000 ____D C:\Windows\Minidump
2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable
2013-06-22 12:29 - 2013-06-25 20:29 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus
2013-06-22 12:21 - 2013-06-23 12:16 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar
2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable
2013-06-21 14:19 - 2013-06-21 14:20 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe
2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd
2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico
2013-06-20 22:16 - 2013-06-20 22:30 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-20 22:15 - 2013-06-22 11:30 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc
2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN
2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe
2013-06-20 22:07 - 2013-06-20 22:42 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar
2013-06-20 20:02 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS
2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982
2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod
2013-06-14 14:31 - 2013-06-12 21:15 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo
2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk
2013-06-13 17:22 - 2013-06-13 21:27 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar
2013-06-12 15:53 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 15:53 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 15:53 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 15:53 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 15:53 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 15:53 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 15:53 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 15:53 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 15:53 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 15:53 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 15:53 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 15:53 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 15:53 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 15:53 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 15:53 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 15:53 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 15:53 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 15:53 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 15:53 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 15:53 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 15:53 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 15:53 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-12 15:53 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 15:53 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 15:53 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 15:53 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-12 15:53 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-12 15:53 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 15:53 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 15:53 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 15:53 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 15:53 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 14:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 14:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 14:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 14:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 14:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 14:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 14:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 14:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 14:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 14:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 14:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 14:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 14:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 14:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 14:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-06-25 21:44 - 2013-06-25 21:44 - 01931854 ____A (Farbar) C:\Users\Nico\Desktop\FRST64.exe
2013-06-25 21:30 - 2012-08-29 20:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-25 21:30 - 2012-08-26 15:03 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job
2013-06-25 21:05 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-25 21:05 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-25 21:02 - 2011-08-18 13:46 - 00765954 ____A C:\Windows\System32\perfh007.dat
2013-06-25 21:02 - 2011-08-18 13:46 - 00174834 ____A C:\Windows\System32\perfc007.dat
2013-06-25 21:02 - 2009-07-14 07:13 - 01808082 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-25 21:01 - 2013-06-24 18:38 - 00108306 ____A C:\Windows\WindowsUpdate.log
2013-06-25 20:58 - 2012-01-13 17:01 - 00000000 ____D C:\ProgramData\VMware
2013-06-25 20:57 - 2013-06-25 20:57 - 00094494 ____A C:\Windows\PFRO.log
2013-06-25 20:57 - 2013-06-24 20:00 - 00000392 ____A C:\Windows\setupact.log
2013-06-25 20:57 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 20:29 - 2013-06-22 12:29 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus
2013-06-25 20:28 - 2013-06-25 20:28 - 00001421 ____A C:\Users\Nico\Desktop\Internet Explorer (64-bit).lnk
2013-06-25 20:27 - 2013-06-25 20:27 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Avira
2013-06-25 20:24 - 2013-06-25 20:24 - 00002082 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 20:24 - 2013-06-25 20:24 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 20:24 - 2013-06-25 20:24 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-25 20:20 - 2013-06-25 20:17 - 102323272 ____A C:\Users\Nico\Downloads\avira_free_antivirus_de.exe
2013-06-25 20:09 - 2013-01-04 00:04 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job
2013-06-25 20:07 - 2013-06-25 20:07 - 00001163 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 20:07 - 2013-06-25 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 20:07 - 2011-12-08 16:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Mozilla
2013-06-25 20:05 - 2013-06-25 20:02 - 21703480 ____A (Mozilla) C:\Users\Nico\Downloads\Firefox Setup 22.0.exe
2013-06-25 19:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 08:56 - 2013-06-25 08:58 - 00355927 ____A (Farbar) C:\Users\Nico\Desktop\FSS.exe
2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\Windows\ERUNT
2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\JRT
2013-06-24 20:03 - 2013-06-24 20:02 - 00009721 ____A C:\AdwCleaner[S1].txt
2013-06-24 20:00 - 2013-06-24 20:00 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 19:59 - 2013-06-24 19:59 - 00648201 ____A C:\Users\Nico\Desktop\adwcleaner.exe
2013-06-24 19:58 - 2013-06-24 19:57 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Nico\Desktop\JRT.exe
2013-06-24 19:34 - 2013-03-19 22:58 - 00691712 __ASH C:\Users\Nico\Desktop\Thumbs.db
2013-06-24 19:30 - 2012-08-26 15:03 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job
2013-06-24 19:29 - 2013-06-22 13:45 - 00000000 ____D C:\Windows\Minidump
2013-06-24 19:29 - 2012-09-04 17:44 - 00000000 ____D C:\Users\Nico\AppData\Roaming\DAEMON Tools Pro
2013-06-24 19:29 - 2012-01-12 19:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\BitTorrent
2013-06-24 19:29 - 2011-12-14 09:59 - 00000000 ____D C:\Users\Nico\AppData\Local\CrashDumps
2013-06-24 19:28 - 2013-06-24 19:28 - 00000000 ___SD C:\ComboFix
2013-06-24 19:28 - 2013-06-24 18:21 - 00000000 ____D C:\Qoobox
2013-06-24 19:04 - 2013-06-24 18:21 - 00000000 ____D C:\Windows\erdnt
2013-06-24 19:00 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-24 18:33 - 2013-06-24 18:33 - 02092792 ____A C:\Users\Nico\Downloads\avira_free_antivirus(1).exe
2013-06-24 18:25 - 2013-06-24 18:24 - 00000075 ____A C:\Users\Nico\Desktop\test.bat
2013-06-24 18:17 - 2013-06-24 18:16 - 05082330 ____R (Swearware) C:\Users\Nico\Desktop\ComboFix.exe
2013-06-24 16:49 - 2013-06-23 12:17 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar
2013-06-24 16:49 - 2012-04-21 12:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Skype
2013-06-24 15:18 - 2013-06-24 14:20 - 00000000 ____D C:\FRST
2013-06-23 13:31 - 2013-06-23 13:01 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar
2013-06-23 13:24 - 2012-06-06 21:16 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Spotify
2013-06-23 12:16 - 2013-06-22 12:21 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar
2013-06-23 11:48 - 2011-12-19 17:33 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable
2013-06-22 12:41 - 2011-12-08 15:43 - 00000000 ____D C:\users\Nico
2013-06-22 11:30 - 2013-06-20 22:15 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc
2013-06-21 23:08 - 2013-01-04 00:03 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job
2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable
2013-06-21 14:20 - 2013-06-21 14:19 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe
2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-20 22:42 - 2013-06-20 22:07 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar
2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd
2013-06-20 22:30 - 2013-06-20 22:16 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico
2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN
2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe
2013-06-20 19:44 - 2012-01-12 19:09 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe
2013-06-19 18:38 - 2012-06-06 21:17 - 00000000 ____D C:\Users\Nico\AppData\Local\Spotify
2013-06-19 15:31 - 2012-08-26 15:05 - 00002374 ____A C:\Users\Nico\Desktop\Google Chrome.lnk
2013-06-18 15:50 - 2011-12-09 15:06 - 01786150 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-18 15:32 - 2012-03-26 20:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-06-18 15:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-06-17 21:28 - 2012-03-26 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS
2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982
2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 18:08 - 2012-10-13 14:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod
2013-06-14 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk
2013-06-13 21:27 - 2013-06-13 17:22 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar
2013-06-12 21:15 - 2013-06-14 14:31 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo
2013-06-12 21:15 - 2013-02-06 22:32 - 00000341 ____A C:\Users\Nico\Downloads\www.goldesel.to - www.charts.to .txt
2013-06-12 21:15 - 2013-02-06 22:32 - 00000291 ____A C:\Users\Nico\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url
2013-06-12 21:15 - 2013-02-06 22:32 - 00000220 ____A C:\Users\Nico\Downloads\Goldesel.to - Die Seite fuer Direkt-Downloads aller Art.url
2013-06-12 18:30 - 2012-04-14 15:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 18:30 - 2011-07-25 12:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 15:51 - 2011-12-17 14:27 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 15:07 - 2013-01-24 18:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-12 15:07 - 2011-07-25 11:54 - 00000000 ____D C:\ProgramData\Skype
2013-06-10 16:40 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 17:43 - 2011-12-15 23:13 - 00000616 ____A C:\Users\Nico\Documents\ax_files.xml
2013-06-07 13:44 - 2012-11-05 18:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Origin
2013-06-07 13:44 - 2012-11-05 18:07 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-05 15:46 - 2013-04-13 19:06 - 00000000 __SHD C:\Users\Nico\wc
2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk
2013-06-03 17:21 - 2013-04-07 11:47 - 01130496 ____A C:\Users\Nico\Desktop\Schuppenat_Noel_09A (2).lpo
2013-05-28 15:05 - 2013-06-20 20:02 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 20:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
WSAStartup() failes, or you have the incorrect version of WinSock installed.
         
liegt das Problem evtl daran?

Alt 26.06.2013, 09:27   #20
schrauber
/// the machine
/// TB-Ausbilder
 

Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Zitat:
WSAStartup() failes, or you have the incorrect version of WinSock installed.
Deswegen ja obige Befehle.

Windows-taste+R, schreibe

netsh winsock reset
ipconfig /flushdns

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.06.2013, 11:48   #21
tha619
 
Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



So, hatte ich bereits mehrmals gemacht.

ich hab die zeilen jetzt einfach in eine bat geschrieben und mit pause am ende das fenster beibehalten, dort standen die Gründe warum netsh winsock reset nihct funktioniert hat, Problem war die fehlenden Rechte. Bat einfach als Admin ausgeführt, und zack Rechner neu gestartet und mein Firefox funktioniert wieder.

Danke für deine große Hilfe. Ist mein Rechner jetzt sauber?

Falls ja, könntest du mir sagen was genau war, was diese Malware "angerichtet" hat, Folgeschäden etc. und evtl Software die sowas verhindert.

Ich weiss die beste Methode ist den Benutzer zu schule, doch leider nutze nicht den Laptop nicht alleine

Alt 26.06.2013, 13:01   #22
schrauber
/// the machine
/// TB-Ausbilder
 

Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Supi


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log, dan sollten wir durch sein. Rest machen wir dann im Anschluss
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.06.2013, 19:13   #23
tha619
 
Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Ist das normal das eset so ewig braucht

Schon 1:45 und erst 33% 0.o ?

Alt 26.06.2013, 20:35   #24
schrauber
/// the machine
/// TB-Ausbilder
 

Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Jap
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.06.2013, 16:32   #25
tha619
 
Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



verrückt.. 14 stunden

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=acd322b1d69b2642a5b2aec95bf85ca1
# engine=14161
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-27 06:21:22
# local_time=2013-06-27 08:21:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16774141 100 96 129426 237737372 0 0
# compatibility_mode=5893 16776574 100 94 51060 123943932 0 0
# scanned=279642
# found=5
# cleaned=0
# scan_time=53424
sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\FRST\Quarantine\000000cb.@"
sh=061A3739739904F13A5B9ADCBF4AC2E8A3157B18 ft=1 fh=3f70b78fb0084ee4 vn="Win64/Sirefef.AW trojan" ac=I fn="C:\FRST\Quarantine\80000000.@"
sh=B13BD8868B583578C5146AFB237DC55B85512158 ft=1 fh=cc5cb84c7733d7f0 vn="a variant of Win32/Sirefef.FV trojan" ac=I fn="C:\FRST\Quarantine\80000032.@"
sh=48C3E4403B2099D7CE9BBB89FF0F0CCBF77981F4 ft=1 fh=1d52409ede4e2f84 vn="Win64/Sirefef.AN trojan" ac=I fn="C:\FRST\Quarantine\80000064.@"
sh=A0E57BAC8B2A6FF64937D45029FF31FA0F873B30 ft=1 fh=bbc320f44d9ef8bc vn="Win64/Sirefef.W trojan" ac=I fn="C:\FRST\Quarantine\Desktop.ini"
         

Alt 27.06.2013, 17:20   #26
schrauber
/// the machine
/// TB-Ausbilder
 

Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Dann noch den Rest bitte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.06.2013, 17:27   #27
tha619
 
Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Zitat:
Zitat von tha619 Beitrag anzeigen
verrückt.. 14 stunden

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=acd322b1d69b2642a5b2aec95bf85ca1
# engine=14161
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-27 06:21:22
# local_time=2013-06-27 08:21:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16774141 100 96 129426 237737372 0 0
# compatibility_mode=5893 16776574 100 94 51060 123943932 0 0
# scanned=279642
# found=5
# cleaned=0
# scan_time=53424
sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\FRST\Quarantine\000000cb.@"
sh=061A3739739904F13A5B9ADCBF4AC2E8A3157B18 ft=1 fh=3f70b78fb0084ee4 vn="Win64/Sirefef.AW trojan" ac=I fn="C:\FRST\Quarantine\80000000.@"
sh=B13BD8868B583578C5146AFB237DC55B85512158 ft=1 fh=cc5cb84c7733d7f0 vn="a variant of Win32/Sirefef.FV trojan" ac=I fn="C:\FRST\Quarantine\80000032.@"
sh=48C3E4403B2099D7CE9BBB89FF0F0CCBF77981F4 ft=1 fh=1d52409ede4e2f84 vn="Win64/Sirefef.AN trojan" ac=I fn="C:\FRST\Quarantine\80000064.@"
sh=A0E57BAC8B2A6FF64937D45029FF31FA0F873B30 ft=1 fh=bbc320f44d9ef8bc vn="Win64/Sirefef.W trojan" ac=I fn="C:\FRST\Quarantine\Desktop.ini"
         

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 31  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by Nico (administrator) on 27-06-2013 17:25:48
Running from C:\Users\Nico\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Users\Nico\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [CD- und DVD-Sharing] "C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe" [582256 2010-04-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [Facebook Update] "C:\Users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-01-04] (Facebook Inc.)
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129648 2011-09-23] (VMware, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\pelki004.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\pelki004.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR DefaultSearchURL: (blekko) - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=23B62FAA28623C9359D0A45077CD7277&q={searchTerms}
CHR DefaultSuggestURL: (blekko) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (fluxDVD Browser Plugin) - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Nico\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [39528 2011-01-18] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-03-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-04] (Duplex Secure Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-07-19] (Oracle Corporation)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-26 17:39 - 2013-06-27 11:39 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-26 13:49 - 2013-06-26 13:49 - 00890988 ____A C:\Users\Nico\Desktop\SecurityCheck.exe
2013-06-26 13:42 - 2013-06-26 13:42 - 02347384 ____A (ESET) C:\Users\Nico\Desktop\esetsmartinstaller_enu.exe
2013-06-25 21:44 - 2013-06-25 21:44 - 01931854 ____A (Farbar) C:\Users\Nico\Desktop\FRST64.exe
2013-06-25 20:57 - 2013-06-25 20:57 - 00094494 ____A C:\Windows\PFRO.log
2013-06-25 20:28 - 2013-06-25 20:28 - 00001421 ____A C:\Users\Nico\Desktop\Internet Explorer (64-bit).lnk
2013-06-25 20:27 - 2013-06-25 20:27 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Avira
2013-06-25 20:24 - 2013-06-25 20:24 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 20:24 - 2013-06-25 20:24 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-25 20:24 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 20:24 - 2013-02-26 16:56 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 20:24 - 2013-02-26 16:56 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 20:17 - 2013-06-25 20:20 - 102323272 ____A C:\Users\Nico\Downloads\avira_free_antivirus_de.exe
2013-06-25 20:07 - 2013-06-25 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 20:02 - 2013-06-25 20:05 - 21703480 ____A (Mozilla) C:\Users\Nico\Downloads\Firefox Setup 22.0.exe
2013-06-25 08:58 - 2013-06-25 08:56 - 00355927 ____A (Farbar) C:\Users\Nico\Desktop\FSS.exe
2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\Windows\ERUNT
2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\JRT
2013-06-24 20:02 - 2013-06-24 20:03 - 00009721 ____A C:\AdwCleaner[S1].txt
2013-06-24 20:00 - 2013-06-26 17:23 - 00000616 ____A C:\Windows\setupact.log
2013-06-24 20:00 - 2013-06-24 20:00 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 19:59 - 2013-06-24 19:59 - 00648201 ____A C:\Users\Nico\Desktop\adwcleaner.exe
2013-06-24 19:57 - 2013-06-24 19:58 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Nico\Desktop\JRT.exe
2013-06-24 19:28 - 2013-06-24 19:28 - 00000000 ___SD C:\ComboFix
2013-06-24 18:42 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-24 18:42 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-24 18:42 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-24 18:42 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-24 18:38 - 2013-06-27 06:02 - 00140683 ____A C:\Windows\WindowsUpdate.log
2013-06-24 18:33 - 2013-06-24 18:33 - 02092792 ____A C:\Users\Nico\Downloads\avira_free_antivirus(1).exe
2013-06-24 18:24 - 2013-06-26 11:39 - 00000050 ____A C:\Users\Nico\Desktop\test.bat
2013-06-24 18:21 - 2013-06-24 19:28 - 00000000 ____D C:\Qoobox
2013-06-24 18:21 - 2013-06-24 19:04 - 00000000 ____D C:\Windows\erdnt
2013-06-24 18:16 - 2013-06-24 18:17 - 05082330 ____R (Swearware) C:\Users\Nico\Desktop\ComboFix.exe
2013-06-24 14:20 - 2013-06-24 15:18 - 00000000 ____D C:\FRST
2013-06-23 13:01 - 2013-06-23 13:31 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar
2013-06-23 12:17 - 2013-06-24 16:49 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar
2013-06-22 13:45 - 2013-06-24 19:29 - 00000000 ____D C:\Windows\Minidump
2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable
2013-06-22 12:29 - 2013-06-25 20:29 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus
2013-06-22 12:21 - 2013-06-23 12:16 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar
2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable
2013-06-21 14:19 - 2013-06-21 14:20 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe
2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\aus in 66 Minuten.cmd
2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico
2013-06-20 22:16 - 2013-06-20 22:30 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-20 22:15 - 2013-06-22 11:30 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc
2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN
2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe
2013-06-20 22:07 - 2013-06-20 22:42 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar
2013-06-20 20:02 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS
2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982
2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod
2013-06-14 14:31 - 2013-06-12 21:15 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo
2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk
2013-06-13 17:22 - 2013-06-13 21:27 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar
2013-06-12 15:53 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 15:53 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 15:53 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 15:53 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 15:53 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 15:53 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 15:53 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 15:53 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 15:53 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 15:53 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 15:53 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 15:53 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 15:53 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 15:53 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 15:53 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 15:53 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 15:53 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 15:53 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 15:53 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 15:53 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 15:53 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 15:53 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-12 15:53 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 15:53 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 15:53 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 15:53 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-12 15:53 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-12 15:53 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 15:53 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 15:53 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 15:53 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 15:53 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 14:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 14:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 14:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 14:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 14:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 14:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 14:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 14:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 14:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 14:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 14:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 14:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 14:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 14:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 14:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-06-27 17:09 - 2013-01-04 00:04 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job
2013-06-27 16:30 - 2012-08-29 20:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 16:30 - 2012-08-26 15:03 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job
2013-06-27 11:39 - 2013-06-26 17:39 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-27 06:02 - 2013-06-24 18:38 - 00140683 ____A C:\Windows\WindowsUpdate.log
2013-06-26 23:08 - 2013-01-04 00:03 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job
2013-06-26 20:25 - 2013-03-19 22:58 - 00703488 __ASH C:\Users\Nico\Desktop\Thumbs.db
2013-06-26 19:30 - 2012-08-26 15:03 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job
2013-06-26 17:31 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 17:31 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 17:28 - 2011-08-18 13:46 - 00765954 ____A C:\Windows\System32\perfh007.dat
2013-06-26 17:28 - 2011-08-18 13:46 - 00174834 ____A C:\Windows\System32\perfc007.dat
2013-06-26 17:28 - 2009-07-14 07:13 - 01808082 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 17:24 - 2012-01-13 17:01 - 00000000 ____D C:\ProgramData\VMware
2013-06-26 17:23 - 2013-06-24 20:00 - 00000616 ____A C:\Windows\setupact.log
2013-06-26 17:23 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 13:49 - 2013-06-26 13:49 - 00890988 ____A C:\Users\Nico\Desktop\SecurityCheck.exe
2013-06-26 13:42 - 2013-06-26 13:42 - 02347384 ____A (ESET) C:\Users\Nico\Desktop\esetsmartinstaller_enu.exe
2013-06-26 11:39 - 2013-06-24 18:24 - 00000050 ____A C:\Users\Nico\Desktop\test.bat
2013-06-25 21:44 - 2013-06-25 21:44 - 01931854 ____A (Farbar) C:\Users\Nico\Desktop\FRST64.exe
2013-06-25 20:57 - 2013-06-25 20:57 - 00094494 ____A C:\Windows\PFRO.log
2013-06-25 20:29 - 2013-06-22 12:29 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus
2013-06-25 20:28 - 2013-06-25 20:28 - 00001421 ____A C:\Users\Nico\Desktop\Internet Explorer (64-bit).lnk
2013-06-25 20:27 - 2013-06-25 20:27 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Avira
2013-06-25 20:24 - 2013-06-25 20:24 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 20:24 - 2013-06-25 20:24 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-25 20:20 - 2013-06-25 20:17 - 102323272 ____A C:\Users\Nico\Downloads\avira_free_antivirus_de.exe
2013-06-25 20:07 - 2013-06-25 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 20:07 - 2011-12-08 16:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Mozilla
2013-06-25 20:05 - 2013-06-25 20:02 - 21703480 ____A (Mozilla) C:\Users\Nico\Downloads\Firefox Setup 22.0.exe
2013-06-25 19:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 08:56 - 2013-06-25 08:58 - 00355927 ____A (Farbar) C:\Users\Nico\Desktop\FSS.exe
2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\Windows\ERUNT
2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\JRT
2013-06-24 20:03 - 2013-06-24 20:02 - 00009721 ____A C:\AdwCleaner[S1].txt
2013-06-24 20:00 - 2013-06-24 20:00 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 19:59 - 2013-06-24 19:59 - 00648201 ____A C:\Users\Nico\Desktop\adwcleaner.exe
2013-06-24 19:58 - 2013-06-24 19:57 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Nico\Desktop\JRT.exe
2013-06-24 19:29 - 2013-06-22 13:45 - 00000000 ____D C:\Windows\Minidump
2013-06-24 19:29 - 2012-09-04 17:44 - 00000000 ____D C:\Users\Nico\AppData\Roaming\DAEMON Tools Pro
2013-06-24 19:29 - 2012-01-12 19:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\BitTorrent
2013-06-24 19:29 - 2011-12-14 09:59 - 00000000 ____D C:\Users\Nico\AppData\Local\CrashDumps
2013-06-24 19:28 - 2013-06-24 19:28 - 00000000 ___SD C:\ComboFix
2013-06-24 19:28 - 2013-06-24 18:21 - 00000000 ____D C:\Qoobox
2013-06-24 19:04 - 2013-06-24 18:21 - 00000000 ____D C:\Windows\erdnt
2013-06-24 19:00 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-24 18:33 - 2013-06-24 18:33 - 02092792 ____A C:\Users\Nico\Downloads\avira_free_antivirus(1).exe
2013-06-24 18:17 - 2013-06-24 18:16 - 05082330 ____R (Swearware) C:\Users\Nico\Desktop\ComboFix.exe
2013-06-24 16:49 - 2013-06-23 12:17 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar
2013-06-24 16:49 - 2012-04-21 12:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Skype
2013-06-24 15:18 - 2013-06-24 14:20 - 00000000 ____D C:\FRST
2013-06-23 13:31 - 2013-06-23 13:01 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar
2013-06-23 13:24 - 2012-06-06 21:16 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Spotify
2013-06-23 12:16 - 2013-06-22 12:21 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar
2013-06-23 11:48 - 2011-12-19 17:33 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable
2013-06-22 12:41 - 2011-12-08 15:43 - 00000000 ____D C:\users\Nico
2013-06-22 11:30 - 2013-06-20 22:15 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc
2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable
2013-06-21 14:20 - 2013-06-21 14:19 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe
2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-20 22:42 - 2013-06-20 22:07 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar
2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\aus in 66 Minuten.cmd
2013-06-20 22:30 - 2013-06-20 22:16 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico
2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN
2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe
2013-06-20 19:44 - 2012-01-12 19:09 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe
2013-06-19 18:38 - 2012-06-06 21:17 - 00000000 ____D C:\Users\Nico\AppData\Local\Spotify
2013-06-19 15:31 - 2012-08-26 15:05 - 00002374 ____A C:\Users\Nico\Desktop\Google Chrome.lnk
2013-06-18 15:50 - 2011-12-09 15:06 - 01786150 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-18 15:32 - 2012-03-26 20:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-06-18 15:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-06-17 21:28 - 2012-03-26 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS
2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982
2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 18:08 - 2012-10-13 14:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod
2013-06-14 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk
2013-06-13 21:27 - 2013-06-13 17:22 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar
2013-06-12 21:15 - 2013-06-14 14:31 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo
2013-06-12 21:15 - 2013-02-06 22:32 - 00000341 ____A C:\Users\Nico\Downloads\www.goldesel.to - www.charts.to .txt
2013-06-12 21:15 - 2013-02-06 22:32 - 00000291 ____A C:\Users\Nico\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url
2013-06-12 21:15 - 2013-02-06 22:32 - 00000220 ____A C:\Users\Nico\Downloads\Goldesel.to - Die Seite fuer Direkt-Downloads aller Art.url
2013-06-12 18:30 - 2012-04-14 15:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 18:30 - 2011-07-25 12:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 15:51 - 2011-12-17 14:27 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 15:07 - 2013-01-24 18:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-12 15:07 - 2011-07-25 11:54 - 00000000 ____D C:\ProgramData\Skype
2013-06-10 16:40 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 17:43 - 2011-12-15 23:13 - 00000616 ____A C:\Users\Nico\Documents\ax_files.xml
2013-06-07 13:44 - 2012-11-05 18:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Origin
2013-06-07 13:44 - 2012-11-05 18:07 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-05 15:46 - 2013-04-13 19:06 - 00000000 __SHD C:\Users\Nico\wc
2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk
2013-06-03 17:21 - 2013-04-07 11:47 - 01130496 ____A C:\Users\Nico\Desktop\Schuppenat_Noel_09A (2).lpo
2013-05-28 15:05 - 2013-06-20 20:02 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 20:31

==================== End Of Log ============================
         
--- --- ---




Alt 27.06.2013, 17:29   #28
schrauber
/// the machine
/// TB-Ausbilder
 

Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Java und Adobe bitte updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.06.2013, 19:26   #29
tha619
 
Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Sorry das ich mich so spät erst melde, ich wollte mich natürlich ganz ganz herzlich bei dir bedanken und dir sagen das du echt Super Arbeit leistest.. Den danke Thread gibt es natürlich auch noch ..

Eine abschließende frage.. Was hat der "Trojaner" angerichtet oder gemacht?

Alt 30.06.2013, 20:27   #30
schrauber
/// the machine
/// TB-Ausbilder
 

Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Standard

Echtzeitscanner meldet Problem: services.exe w32/patched.uc



Das war ein derzeit gängiges Rootkit. Aber sauber entfernt. Bitte trotzdem alle Passwörter ändern, Standard bei Befall
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Echtzeitscanner meldet Problem: services.exe w32/patched.uc
avira, avira echtzeitscanner, bluescreen, browser, converter, desktop, entfernen, error, excel, filescout.exe, flash player, google, home, install.exe, launch, logfile, mozilla, mp3, origin, packard bell, problem, realtek, registry, scan, security, server, software, svchost.exe, trojaner, usb, visual studio, w32/patched.uc' [virus] in 'c:\windows\system32\services.exe, windows



Ähnliche Themen: Echtzeitscanner meldet Problem: services.exe w32/patched.uc


  1. Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht
    Log-Analyse und Auswertung - 29.07.2014 (7)
  2. Avira Echtzeitscanner findet TR/Patched.Ren.Gen
    Log-Analyse und Auswertung - 07.11.2013 (11)
  3. Echtzeitscanner meldet Problem: services.exe w32/patched.uc
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (1)
  4. W32/Patched.UC - services.exe anscheinend infiziert.
    Log-Analyse und Auswertung - 02.07.2013 (17)
  5. Infektion mit TR/Crypt.X.PACK.Gen bzw. w32.patched.uc in services.exe
    Log-Analyse und Auswertung - 01.06.2013 (33)
  6. W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 23.05.2013 (54)
  7. 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'
    Log-Analyse und Auswertung - 15.05.2013 (24)
  8. Avira findet W32/Patched.UC in C:\windows\system32\services.exe
    Log-Analyse und Auswertung - 08.01.2013 (19)
  9. W32/Patched.UA in services.exe
    Log-Analyse und Auswertung - 27.08.2012 (3)
  10. Avira meldet Viren über Echtzeitscanner
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (9)
  11. Trojan.Patched.Sirefef.B in C:\Windows\System32\services.exe
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (3)
  12. W32/Patched.UB in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 02.08.2012 (7)
  13. Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  14. W32/Patched.UB in services.exe (Win7 32-Bit)
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  15. W32/Patched.ZA - services.exe
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  16. avira antivirus premium meldet in c:\windows\system32\services.exe Virus w32/patched.ub
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (22)
  17. Avira Echtzeitscanner meldet TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (4)

Zum Thema Echtzeitscanner meldet Problem: services.exe w32/patched.uc - Auch nicht nach den Befehlen? Kommst Du auf den Router mit LAN? Das muss gehen. - Echtzeitscanner meldet Problem: services.exe w32/patched.uc...
Archiv
Du betrachtest: Echtzeitscanner meldet Problem: services.exe w32/patched.uc auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.