Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Virus auf meinem Rechner (Windows Vista)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.07.2013, 06:59   #1
stefan.w.
 
GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Hallo Zusammen,

ich habe mir gestern den GVU-Virus gefangen. Ich hoffe Ihr könnt mir helfen. Die von Euch vorgeschlagenen Schritte habe ich durchgeführt und die entsprechenden Dateien beigfügt. Die Extra.txt wurde von OTL nicht erstellt und ist deshalb nicht dabei.

Schon mal vielen Dank für Eure Hilfe bis hierhin!!!

Viele Grüße, Stefan

Alt 04.07.2013, 08:00   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 04.07.2013, 20:28   #3
stefan.w.
 
GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Hallo Schrauber,

vielen Dank für die schnelle Antwort.

Anbei die Dateien.

1. FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Stefan (administrator) on 04-07-2013 21:08:28
Running from G:\
MicrosoftÆ Windows Vistaô Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-05] (Synaptics, Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" [128296 2007-10-17] (CyberLink)
HKLM\...\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [71216 2007-02-09] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [52256 2007-01-08] ()
HKLM\...\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" [222504 2007-09-13] (CyberLink Corp.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [220160 2007-12-14] (Google)
HKLM\...\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [286720 2007-06-29] (Apple Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8501792 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe [90112 2008-01-17] (MAGIX AG)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2009-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-02-06] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-12-11] (Google)
HKLM\...\Run: []  [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1648264 2013-04-25] (Ask)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-25] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-03] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [202024 2007-10-15] (Nero AG)
HKCU\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_SD1B.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_S2636.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-01] (Google Inc.)
HKU\Mila\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mila\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKU\Mila\...\Run: [WEB.DE_WEB.DE MultiMessenger] "C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE" /hide [ 2009-04-17] (WEB.DE GmbH)
HKU\Mila\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_S690E.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Mila\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_SE899.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Mila\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mila\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-01-08] (Skype Technologies S.A.)
HKU\Mila\...\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background [ 2013-05-29] (Sony)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\YouTube Uploader for CASIO.lnk
ShortcutTarget: YouTube Uploader for CASIO.lnk -> C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe (CASIO COMPUTER CO.,LTD.)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Stefan\AppData\Local\Temp\wpbt0.dll (ggggggggggggggggggggggggggg)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/freenet/
HKCU SearchScopes: DefaultScope {657DF0D1-258C-4bea-8C18-1EAAB431E726} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=ie
SearchScopes: HKCU - {657DF0D1-258C-4bea-8C18-1EAAB431E726} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=ie
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ecosia Class - {7EE976C4-7B1F-47f5-8521-4527C905F3BB} - C:\Program Files\Ecosia\ecosia.dll ()
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default
FF SelectedSearchEngine: Ecosia
FF Homepage: hxxp://www.arfo-fototeam.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-03] (Avira Operations GmbH & Co. KG)
S2 AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [118784 2005-03-04] (AVM Berlin)
S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIXÆ)
S2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-12-14] (Google)
S2 gupdate1ca8e1824096050; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-05] (Google Inc.)
S2 MBAMScheduler; C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-07-02] (Protect Software GmbH)
S2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2008-03-01] (Protect Software GmbH)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-06-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-06-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-06-25] (Avira Operations GmbH & Co. KG)
S3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [131584 2007-06-26] (Genesys Logic, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation)
S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation)
S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation)
S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation)
S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation)
S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation)
S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation)
S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-25] (Avira GmbH)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-01-01] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST
2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log
2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable
2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira
2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 09:18 - 2013-06-25 09:09 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 09:18 - 2013-06-25 09:09 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 09:18 - 2013-06-25 09:09 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe
2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-20 10:51 - 2013-06-20 10:51 - 00000000 ____D C:\Users\Mila\AppData\Local\APN
2013-06-20 10:02 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 10:02 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 10:02 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-20 10:02 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-20 10:02 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 10:02 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 10:02 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 10:02 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-20 10:02 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-20 10:02 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 10:02 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 10:02 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-20 10:02 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 10:02 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 10:02 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 10:02 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 09:28 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-20 09:28 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-20 09:28 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-20 09:28 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-20 09:28 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-20 09:28 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-20 09:27 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys

==================== One Month Modified Files and Folders ========

2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST
2013-07-04 21:05 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 21:05 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 21:04 - 2012-06-12 07:56 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 21:04 - 2008-01-21 11:27 - 01608047 ____A C:\Windows\WindowsUpdate.log
2013-07-04 21:04 - 2007-11-30 17:27 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-04 21:04 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-04 21:04 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 21:01 - 2008-01-22 10:27 - 00054932 ____A C:\Users\Mila\AppData\Roaming\nvModes.001
2013-07-04 20:59 - 2008-01-22 12:05 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Skype
2013-07-04 20:58 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-04 20:56 - 2013-02-17 19:11 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log
2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable
2013-07-03 23:22 - 2008-01-21 21:35 - 00000000 ____D C:\users\Stefan
2013-07-03 23:00 - 2006-11-02 12:33 - 01481284 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 22:58 - 2008-02-04 13:44 - 00155166 ____A C:\Users\Stefan\AppData\Roaming\nvModes.001
2013-07-03 22:28 - 2008-01-21 21:35 - 00000000 ____D C:\Users\Stefan\AppData\Local\Google
2013-07-03 22:21 - 2013-02-17 19:11 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira
2013-06-25 16:16 - 2013-01-01 22:16 - 00159648 ____A C:\Windows\PFRO.log
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-06-25 09:55 - 2013-01-03 19:40 - 00004983 ____A C:\Windows\setupact.log
2013-06-25 09:38 - 2008-01-21 11:28 - 00000000 ___AD C:\users\Mila
2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira
2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 09:18 - 2008-04-27 13:33 - 00000000 ____D C:\Program Files\Avira
2013-06-25 09:09 - 2013-06-25 09:18 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 09:09 - 2013-06-25 09:18 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 09:09 - 2013-06-25 09:18 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 09:09 - 2008-04-27 13:33 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe
2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-06-25 08:42 - 2013-02-11 20:01 - 00575436 ____A C:\Windows\DPINST.LOG
2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-25 08:39 - 2007-11-30 17:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-25 08:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 08:07 - 2012-10-14 10:19 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-25 08:07 - 2011-05-08 21:45 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-25 08:07 - 2007-12-04 10:17 - 00000000 ____D C:\Program Files\Java
2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-25 07:58 - 2013-02-15 09:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2013-06-25 07:58 - 2009-12-29 18:41 - 00000000 ____D C:\ProgramData\Real
2013-06-25 07:58 - 2008-05-04 08:20 - 00000000 ____D C:\Program Files\Real
2013-06-25 07:57 - 2013-02-15 09:16 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2013-06-25 07:57 - 2013-02-15 09:16 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2013-06-25 07:57 - 2013-02-15 09:16 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2013-06-25 07:53 - 2008-01-21 11:28 - 00000000 ____D C:\Users\Mila\AppData\Local\Google
2013-06-20 10:51 - 2013-06-20 10:51 - 00000000 ____D C:\Users\Mila\AppData\Local\APN
2013-06-20 10:51 - 2013-02-17 20:45 - 00000000 ____D C:\Program Files\Ask.com
2013-06-20 10:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-20 10:02 - 2006-11-02 12:23 - 00000240 ____A C:\Windows\win.ini
2013-06-20 09:54 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2013-06-20 09:05 - 2012-06-12 07:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-20 09:05 - 2012-01-24 22:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\ezsid.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 21:02

==================== End Of Log ============================
         
--- --- ---



2. Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Stefan at 2013-07-04 21:09:56
Running from G:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Creative Suite 3 Design Premium hinzuf¸gen oder entfernen (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop 7.0.1 (Version: 7.0)
Adobe Reader 8.1.3 - Deutsch (Version: 8.1.3)
Adobe Reader 8.2.0 - Deutsch (Version: 8.2.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11 (Version: 11)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Version Cue CS3 Server {ko_KR}  (Version: 3.0.0.0 {ko_KR} )
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
ALDI Foto Manager Free Sued (Version: 3.4.0.466)
AMR to MP3 Converter 1.4
Ask Toolbar (Version: 1.15.25.0)
Ask Toolbar Updater (HKCU Version: 1.2.4.36191)
Avira Free Antivirus (Version: 13.0.0.3737)
AVM FRITZ!DSL
Bluetooth Stack for Windows by Toshiba (Version: v5.10.14)
Capture NX (Version: 1.3.0)
CCleaner (Version: 3.23)
Compatibility Pack f¸r 2007 Office System (Version: 12.0.6612.1000)
Corel Applications
CyberLink Power2Go (Version: 6.0.1109a)
CyberLink YouCam (Version: 1.0.1205)
CyberLink YouCam (Version: 1.00.0000)
Das Aquarium mit der Maus ScreenSaver
DC-Bodenmechanik (Version: 2.1.4)
DC-Grundbaustatik (Version: 2.4.8)
DVD Shrink 3.2
Ecosia Plugin 1.0
ElsterFormular f¸r Privatanwender (Version: 12.1.1.6214p)
Epson Easy Photo Print 2 (Version: 2.1.0.0)
Epson Event Manager (Version: 2.30.00)
Epson FAX Utility (Version: 1.00.000)
Epson PC-FAX Driver
Epson Printer Software Downloader
Epson Printer Software Downloader (Version: 2.0.0)
EPSON Scan
Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch
EPSON SX610FW Series Printer Uninstall
EpsonNet Print (Version: 2.4i)
EpsonNet Setup (Version: 3.1a)
ESET Online Scanner v3
FDRTools Basic 2.3.0beta1 (Version: 2.3.0)
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.13)
FormatFactory 2.50 (Version: 2.50)
Genesys PC Camera Device (Version: 0.1.0.0)
Google Chrome (Version: 27.0.1453.116)
Google Desktop (Version: -)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
Intel(R) Matrix Storage Manager
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
king.com (remove only)
Letstrade (Version: 1.00.0000)
MAGIX Filme auf DVD 8 8.0.0.11 (D) (Version: 8.0.0.11)
MAGIX Foto Clinic 6 6.0.10.0 (D) (Version: 6.0.10.0)
MAGIX Foto Manager 2008 5.0.0.255 (D) (Version: 5.0.0.255)
MAGIX Fotos auf CD & DVD 6.5 deluxe 6.5.0.21 (D) (Version: 6.5.0.21)
MAGIX Goya burnR 2.3.1.3 (D) (Version: 2.3.1.3)
MAGIX Music Cleaning Lab 2008 deluxe 9.0.1.0 (D) (Version: 9.0.1.0)
MAGIX Music Manager 2007 8.1.1.108 (D) (Version: 8.1.1.108)
MAGIX Online Druck Service 3.4.3.0 (D) (Version: 3.4.3.0)
MAGIX PC Visit (Version: 4.3.6.1987)
MAGIX USB-Videowandler 2 (Version: 1.00.0000)
MAGIXUSB-Videowandler 2 Device Driver
MakeDisc (Version: 3.0.2320)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Media Go (Version: 1.0.373)
MediaShow (Version: 3.0.4325)
MEDION Fotos auf CD Sued (Version: 6.0.2.0)
MEDIONbox (Version: 1.09.0000.00052)
Mein CEWE FOTOBUCH
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.0.7820.0)
Mozilla Firefox 18.0.2 (x86 de) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 18.0.2)
Mozilla Thunderbird (3.1.20) (Version: 3.1.20 (de))
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mufin MusicFinder Base 1.5.3.255 (D) (Version: 1.5.3.255)
Nero 8 Essentials (Version: 8.10.284)
neroxml (Version: 1.0.0)
Nikon Message Center (Version: 0.92.000)
Nikon RAW Codec (Version: 1.00.0000)
Nikon Transfer (Version: 1.0.1)
Norton Security Scan (Version: 1.4.0)
Norton Security Scan (Version: 2.7.3.34)
NVIDIA Drivers
PDF Settings (Version: 1.0)
Photomatix Pro version 3.1.3 (Version: 3.1.3)
PhotoNow! (Version: 1.0.4310)
Picture Control Utility (Version: 1.0.2)
PowerDirector (Version: 6.5.2209a)
PowerDVD (Version: 7.0.3118.0)
PowerProducer (Version: 4.2.2219)
QuickTime (Version: 7.2.0.240)
QuiltAssistent
Ralink Wireless LAN (Version: 1.00.0000)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5523)
Realtek USB 2.0 Card Reader (Version: )
RealUpgrade 1.1 (Version: 1.1.0)
RescuePRO Deluxe 4.0
Saal Digital 
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 (Version: 3.0.0.80301)
Samsung PC Studio 3 (Version: 3.2.2.80705)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Sceneo AbsolutTV
screensaver
SereneScreen Marine Aquarium 2.6 (Version: 2.6)
Skypeô 6.1 (Version: 6.1.129)
Sony Ericsson Media Manager 1.1 (Version: 1.1.550)
Sony Ericsson PC Suite 5.007.01 (Version: 5.007.01)
Sony Ericsson Update Engine (Version: 2.13.7.201306141231)
Sony PC Companion 2.10.165 (Version: 2.10.165)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Synaptics Pointing Device Driver (Version: 9.1.10.0)
TVsweeper 3 (Version: 3.0.3)
Ulead PhotoImpact 12 (Version: 12.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Service (Version: 2.9.2.12)
VCRedistSetup (Version: 1.0.0)
ViewNX (Version: 1.0.1)
WEB.DE MultiMessenger (Version: 3.70.2806)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WISO Mein Geld 2008 Professional (Version: 9.00.01.0023)
X10 Hardware(TM)
YouTube Uploader for CASIO (Version: 1.0.1.0)
Zylom Games Player Plugin

==================== Restore Points  =========================

25-06-2013 05:44:32 Windows Update
25-06-2013 05:49:52 Sony Ericsson PC Suite Drivers
25-06-2013 06:05:41 Installed Java 7 Update 25
25-06-2013 06:40:35 Sony Ericsson PC Suite Drivers
25-06-2013 06:41:02 Sony PC Companion
25-06-2013 06:49:13 Uninstalled Sony Ericsson Drivers
25-06-2013 06:49:34 Installed Sony Ericsson Drivers
25-06-2013 07:36:46 Installed Emma Device Driver(s)
25-06-2013 07:41:43 Uninstalled Sony Ericsson Drivers
25-06-2013 07:41:53 Installed Sony Ericsson Drivers
25-06-2013 07:42:33 Uninstalled Sony Ericsson Drivers

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0E792885-95E6-4E2F-9ACB-43B1F3938DBB} - System32\Tasks\WPD\SqmUpload_S-1-5-21-467133875-3664071592-3944233276-1003 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {0F264FB1-8C99-4E39-9955-005A150A606D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-20] (Adobe Systems Incorporated)
Task: {1B727954-581C-4821-BE59-FDB302AF3C51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {230DDC94-D88E-4274-A083-48FE894A899F} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {23E71B69-5E07-4FB0-90AB-929198A34463} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {25887E91-06E5-41B3-AAC3-C45C1BBFE032} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05] (Google Inc.)
Task: {3625F46C-1137-407E-B993-F955226665CB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5866B935-1244-499F-AD46-6F0ED64C1C2A} - System32\Tasks\WPD\SqmUpload_S-1-5-21-467133875-3664071592-3944233276-1004 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {59B580E1-B70F-4B9D-9399-3AAB3A61547D} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-08] (Google)
Task: {64D25247-C4DD-4F9A-99AE-3862422ABC3F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {6B8655A2-FC2A-4C77-BA9B-6FC23A18875B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {73FBDFF5-41B2-41DD-AA34-21D498E27CBE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-467133875-3664071592-3944233276-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {7A70BA79-FCAC-4E3F-8706-2C28D7B5150D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {934698F2-8651-4A89-A81A-4D8EF9133063} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {934C4FB9-15B2-4239-B4F9-0C7CF4159E64} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-25] ()
Task: {9A3F5134-86BF-4B1D-9DBF-5229BC09B62B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {9CAE9264-973A-48E4-BA8D-8AD6FB23E887} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23] (SEIKO EPSON CORPORATION)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {AF9538F9-7B81-45B8-9882-A85B8FD57DA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {DF29C40D-4C16-4BC6-9B4E-D9EA5F9EE0F4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-467133875-3664071592-3944233276-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EFCF90FE-0B46-47E9-9362-30DCB528F66D} - System32\Tasks\Norton Security Scan for Mila => C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28] (Symantec Corporation)
Task: {FFE0B2ED-F228-4A34-A34E-A71EC8EC013C} - System32\Tasks\User_Feed_Synchronization-{985A263B-1E14-4845-80C4-E588BDFF7266} => C:\Windows\system32\msfeedssync.exe [2012-02-28] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => ?
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Mila.job => C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2013 09:00:10 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/04/2013 00:03:14 AM) (Source: PerfNet) (User: )
Description: 

Error: (07/04/2013 00:03:14 AM) (Source: PerfNet) (User: )
Description: 

Error: (07/04/2013 00:03:14 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/04/2013 00:03:14 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (07/03/2013 10:59:31 PM) (Source: Avira Antivirus) (User: NT-AUTORITƒT)
Description: AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() f¸r die Datei
C:\Users\Public\Music\Sample Music\AlbumArt_{D4213C57-0F32-4AED-82E0-A6560E1EA35F}_Large.jpg.
 [ACCESS_VIOLATION Exception!! EIP = 0x704e8022]
 Bitte Avira informieren und die obige Datei ¸bersenden!

Error: (07/03/2013 10:58:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/03/2013 10:32:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/03/2013 10:28:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/03/2013 10:00:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: AFD
avipbb
avkmgr
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
ssmdrv
StarOpen
tdx
Tosrfcom
Wanarpv6

Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: NLA (Network Location Awareness)Netzwerkspeicher-Schnittstellendienst%%1068

Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068

Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: WebClientWebDav Client Redirector Driver%%1068

Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: SMB 1.x MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: SMB MiniRedirector Wrapper and EngineRedirected Buffering Sub Sysytem%%31

Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: WebDav Client Redirector DriverRedirected Buffering Sub Sysytem%%31

Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: ArbeitsstationsdienstNetzwerkspeicher-Schnittstellendienst%%1068


Microsoft Office Sessions:
=========================
Error: (07/04/2013 09:00:10 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/04/2013 00:03:14 AM) (Source: PerfNet)(User: )
Description: 

Error: (07/04/2013 00:03:14 AM) (Source: PerfNet)(User: )
Description: 

Error: (07/04/2013 00:03:14 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/04/2013 00:03:14 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (07/03/2013 10:59:31 PM) (Source: Avira Antivirus)(User: NT-AUTORITƒT)
Description: C:\Users\Public\Music\Sample Music\AlbumArt_{D4213C57-0F32-4AED-82E0-A6560E1EA35F}_Large.jpgACCESS_VIOLATION0x704e8022AVEPROC_TestFile()

Error: (07/03/2013 10:58:47 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/03/2013 10:32:57 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/03/2013 10:28:36 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/03/2013 10:00:03 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe


CodeIntegrity Errors:
===================================
  Date: 2013-01-05 00:05:27.108
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-05 00:05:26.740
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-05 00:05:26.382
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-05 00:05:26.022
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-05 00:04:18.296
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-05 00:04:17.945
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-05 00:04:17.594
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-05 00:04:17.235
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-04 19:06:11.510
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-04 19:06:11.115
  Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 2045.7 MB
Available physical RAM: 1630.68 MB
Total Pagefile: 4326.7 MB
Available Pagefile: 4090.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.91 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:212.88 GB) (Free:23.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:10.07 GB) FAT32
Drive g: (†††††††††††) (Removable) (Total:0.24 GB) (Free:0.2 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EAF9E588)
Partition 1: (Active) - (Size=213 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 250 MB) (Disk ID: 98698802)
Partition 1: (Active) - (Size=250 MB) - (Type=06)

==================== End Of Log ============================
         
__________________

Alt 05.07.2013, 07:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Stefan\AppData\Local\Temp\wpbt0.dll (ggggggggggggggggggggggggggg)
C:\ProgramData\ezsid.dat
         
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.07.2013, 20:14   #5
stefan.w.
 
GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Hallo Schrauber,

anbei die fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013
Ran by Stefan at 2013-07-05 21:10:15 Run:1
Running from G:\
Boot Mode: Safe Mode (minimal)

==============================================

C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\wpbt0.dll => Moved successfully.
C:\ProgramData\ezsid.dat => Moved successfully.

==== End of Fixlog ====
         
Viele Grüße,
Stefan


Alt 06.07.2013, 08:47   #6
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



normal booten?
__________________
--> GVU-Virus auf meinem Rechner (Windows Vista)

Alt 06.07.2013, 10:41   #7
stefan.w.
 
GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Ja, funktioniert.

Danke!!!


Alt 06.07.2013, 10:42   #8
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Dann jetzt Kontrollscans im normalen Windows

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.07.2013, 12:12   #9
stefan.w.
 
GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



OK, anbei die Dateien.

AdwCleaner

Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 06/07/2013 um 12:46:26 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgef¸hrt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Lˆschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelˆscht : C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\cwflsnih.default\searchplugins\Askcom.xml
Ordner Gelˆscht : C:\Program Files\Ask.com
Ordner Gelˆscht : C:\ProgramData\Ask
Ordner Gelˆscht : C:\Users\Mila\AppData\Local\APN
Ordner Gelˆscht : C:\Users\Mila\AppData\Local\Temp\boost_interprocess
Ordner Gelˆscht : C:\Users\Mila\AppData\LocalLow\AskToolbar
Ordner Gelˆscht : C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\cwflsnih.default\extensions\toolbar@ask.com
Ordner Gelˆscht : C:\Users\Stefan\AppData\Local\Temp\boost_interprocess
Ordner Gelˆscht : C:\Users\Stefan\AppData\LocalLow\AskToolbar
Ordner Gelˆscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schl¸ssel Gelˆscht : HKCU\Software\APN
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schl¸ssel Gelˆscht : HKLM\Software\APN
Schl¸ssel Gelˆscht : HKLM\Software\AskToolbar
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\cwflsnih.default\prefs.js

Gelˆscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelˆscht : user_pref("browser.search.order.1", "Ask.com");
Gelˆscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelˆscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gelˆscht : user_pref("extensions.asktb.apn_dbr", "ff_18.0.1");
Gelˆscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gelˆscht : user_pref("extensions.asktb.cbid", "^U3");
Gelˆscht : user_pref("extensions.asktb.config-updated", false);
Gelˆscht : user_pref("extensions.asktb.cr-o", "100000027cr");
Gelˆscht : user_pref("extensions.asktb.crumb", "2013.02.17+13.19.45-toolbar004iad-DE-Q29sb2duZSxHZXJtYW55");
Gelˆscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelˆscht : user_pref("extensions.asktb.displaybehavior", "");
Gelˆscht : user_pref("extensions.asktb.displaytext", "");
Gelˆscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Gelˆscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gelˆscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0018");
Gelˆscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gelˆscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelˆscht : user_pref("extensions.asktb.ff19-config-first-run", "true");
Gelˆscht : user_pref("extensions.asktb.fresh-install", false);
Gelˆscht : user_pref("extensions.asktb.guid", "91F0A156-3958-4D36-A101-AFE7B0477E76");
Gelˆscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelˆscht : user_pref("extensions.asktb.if", "su");
Gelˆscht : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Gelˆscht : user_pref("extensions.asktb.l", "dis");
Gelˆscht : user_pref("extensions.asktb.last-config-req", "1372140510602");
Gelˆscht : user_pref("extensions.asktb.last-search-timestamp", "1372170742778");
Gelˆscht : user_pref("extensions.asktb.locale", "de_DE");
Gelˆscht : user_pref("extensions.asktb.location", "Cologne,Germany");
Gelˆscht : user_pref("extensions.asktb.lstation", "");
Gelˆscht : user_pref("extensions.asktb.new-tab-opt-out", true);
Gelˆscht : user_pref("extensions.asktb.news-native-on", true);
Gelˆscht : user_pref("extensions.asktb.o", "100000027");
Gelˆscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelˆscht : user_pref("extensions.asktb.pstate", "");
Gelˆscht : user_pref("extensions.asktb.qsrc", "2871");
Gelˆscht : user_pref("extensions.asktb.r", "20");
Gelˆscht : user_pref("extensions.asktb.sa", "YES");
Gelˆscht : user_pref("extensions.asktb.saguid", "49C9EAEF-1377-425D-A636-6DC736323C6D");
Gelˆscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelˆscht : user_pref("extensions.asktb.silent-upgrade", true);
Gelˆscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelˆscht : user_pref("extensions.asktb.socialmini-first", true);
Gelˆscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelˆscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelˆscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelˆscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelˆscht : user_pref("extensions.asktb.socialmini-speed", "10000");
Gelˆscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelˆscht : user_pref("extensions.asktb.themeid", "");
Gelˆscht : user_pref("extensions.asktb.timeinstalled", "20.06.2013 10:51:34");
Gelˆscht : user_pref("extensions.asktb.to", "");
Gelˆscht : user_pref("extensions.asktb.v", "3.15.25.100013");
Gelˆscht : user_pref("extensions.asktb.version", "5.15.25.36191");
Gelˆscht : user_pref("extensions.asktb.volume", "");
Gelˆscht : user_pref("extensions.enabledAddons", "%7Bd04b0b40-3dab-4f0b-97a6-04ec3eddbfb0%7D:2.0.6,%7BEF522540-[...]

Datei : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\prefs.js

Gelˆscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelˆscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelˆscht : user_pref("browser.search.order.1", "Ask.com");
Gelˆscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[S1].txt - [11946 octets] - [06/07/2013 12:46:26]

########## EOF - C:\AdwCleaner[S1].txt - [12007 octets] ##########
         
JRT.TXT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Stefan on 06.07.2013 at 12:55:18,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files

Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\install.res.1031.dll



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\coddo3g4.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.07.2013 at 12:58:43,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und die FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Stefan (administrator) on 06-07-2013 13:02:45
Running from C:\Users\Stefan\Desktop
MicrosoftÆ Windows Vistaô Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe
(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
(CyberLink) C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
(Cyberlink Corp.) C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(CASIO COMPUTER CO.,LTD.) C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-05] (Synaptics, Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" [128296 2007-10-17] (CyberLink)
HKLM\...\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [71216 2007-02-09] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [52256 2007-01-08] ()
HKLM\...\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" [222504 2007-09-13] (CyberLink Corp.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [220160 2007-12-14] (Google)
HKLM\...\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [286720 2007-06-29] (Apple Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8501792 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe [90112 2008-01-17] (MAGIX AG)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2009-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-02-06] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-12-11] (Google)
HKLM\...\Run: []  [x]
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-25] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-03] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [202024 2007-10-15] (Nero AG)
HKCU\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_SD1B.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_S2636.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-01] (Google Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Mila\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mila\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKU\Mila\...\Run: [WEB.DE_WEB.DE MultiMessenger] "C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE" /hide [ 2009-04-17] (WEB.DE GmbH)
HKU\Mila\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_S690E.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Mila\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_SE899.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Mila\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mila\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-01-08] (Skype Technologies S.A.)
HKU\Mila\...\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background [ 2013-05-29] (Sony)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\YouTube Uploader for CASIO.lnk
ShortcutTarget: YouTube Uploader for CASIO.lnk -> C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe (CASIO COMPUTER CO.,LTD.)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/freenet/
SearchScopes: HKCU - {657DF0D1-258C-4bea-8C18-1EAAB431E726} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=ie
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ecosia Class - {7EE976C4-7B1F-47f5-8521-4527C905F3BB} - C:\Program Files\Ecosia\ecosia.dll ()
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default
FF SelectedSearchEngine: Ecosia
FF Homepage: hxxp://www.arfo-fototeam.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-03] (Avira Operations GmbH & Co. KG)
R2 AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [118784 2005-03-04] (AVM Berlin)
S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIXÆ)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-12-14] (Google)
S2 gupdate1ca8e1824096050; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-05] (Google Inc.)
R2 MBAMScheduler; C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-07-02] (Protect Software GmbH)
R2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2008-03-01] (Protect Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-06-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-06-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-06-25] (Avira Operations GmbH & Co. KG)
R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [131584 2007-06-26] (Genesys Logic, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation)
S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation)
S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation)
S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation)
S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation)
S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation)
S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation)
S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-25] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-01-01] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-06 13:02 - 2013-07-04 07:34 - 01373373 ____A (Farbar) C:\Users\Stefan\Desktop\FRST.exe
2013-07-06 12:58 - 2013-07-06 12:58 - 00001002 ____A C:\Users\Stefan\Desktop\JRT.txt
2013-07-06 12:55 - 2013-07-06 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:54 - 2013-07-06 12:54 - 00000000 ____D C:\JRT
2013-07-06 12:52 - 2013-05-07 00:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Stefan\Desktop\JRT.exe
2013-07-06 12:46 - 2013-07-06 12:47 - 00012077 ____A C:\AdwCleaner[S1].txt
2013-07-06 12:45 - 2013-07-06 12:34 - 00650027 ____A C:\Users\Stefan\Desktop\adwcleaner.exe
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST
2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log
2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable
2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira
2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 09:18 - 2013-06-25 09:09 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 09:18 - 2013-06-25 09:09 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 09:18 - 2013-06-25 09:09 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe
2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-20 10:02 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 10:02 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 10:02 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-20 10:02 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-20 10:02 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 10:02 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 10:02 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 10:02 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-20 10:02 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-20 10:02 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 10:02 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 10:02 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-20 10:02 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 10:02 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 10:02 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 10:02 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 09:28 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-20 09:28 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-20 09:28 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-20 09:28 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-20 09:28 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-20 09:28 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-20 09:27 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys

==================== One Month Modified Files and Folders ========

2013-07-06 12:58 - 2013-07-06 12:58 - 00001002 ____A C:\Users\Stefan\Desktop\JRT.txt
2013-07-06 12:55 - 2013-07-06 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:54 - 2013-07-06 12:54 - 00000000 ____D C:\JRT
2013-07-06 12:50 - 2008-02-04 13:44 - 00155166 ____A C:\Users\Stefan\AppData\Roaming\nvModes.001
2013-07-06 12:50 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-06 12:49 - 2013-02-17 19:11 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 12:48 - 2006-11-02 15:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-06 12:48 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 12:48 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 12:48 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 12:47 - 2013-07-06 12:46 - 00012077 ____A C:\AdwCleaner[S1].txt
2013-07-06 12:47 - 2008-01-21 11:27 - 01664172 ____A C:\Windows\WindowsUpdate.log
2013-07-06 12:47 - 2007-11-30 17:27 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-06 12:34 - 2013-07-06 12:45 - 00650027 ____A C:\Users\Stefan\Desktop\adwcleaner.exe
2013-07-05 21:04 - 2012-06-12 07:56 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-05 21:00 - 2008-01-22 12:05 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Skype
2013-07-05 20:58 - 2008-01-22 10:27 - 00054932 ____A C:\Users\Mila\AppData\Roaming\nvModes.001
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST
2013-07-04 07:34 - 2013-07-06 13:02 - 01373373 ____A (Farbar) C:\Users\Stefan\Desktop\FRST.exe
2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log
2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable
2013-07-03 23:22 - 2008-01-21 21:35 - 00000000 ____D C:\users\Stefan
2013-07-03 23:00 - 2006-11-02 12:33 - 01481284 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 22:28 - 2008-01-21 21:35 - 00000000 ____D C:\Users\Stefan\AppData\Local\Google
2013-07-03 22:21 - 2013-02-17 19:11 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira
2013-06-25 16:16 - 2013-01-01 22:16 - 00159648 ____A C:\Windows\PFRO.log
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-06-25 09:55 - 2013-01-03 19:40 - 00004983 ____A C:\Windows\setupact.log
2013-06-25 09:38 - 2008-01-21 11:28 - 00000000 ___AD C:\users\Mila
2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira
2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 09:18 - 2008-04-27 13:33 - 00000000 ____D C:\Program Files\Avira
2013-06-25 09:09 - 2013-06-25 09:18 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 09:09 - 2013-06-25 09:18 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 09:09 - 2013-06-25 09:18 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 09:09 - 2008-04-27 13:33 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe
2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-06-25 08:42 - 2013-02-11 20:01 - 00575436 ____A C:\Windows\DPINST.LOG
2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-25 08:39 - 2007-11-30 17:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-25 08:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 08:07 - 2012-10-14 10:19 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-25 08:07 - 2011-05-08 21:45 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-25 08:07 - 2007-12-04 10:17 - 00000000 ____D C:\Program Files\Java
2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-25 07:58 - 2013-02-15 09:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2013-06-25 07:58 - 2009-12-29 18:41 - 00000000 ____D C:\ProgramData\Real
2013-06-25 07:58 - 2008-05-04 08:20 - 00000000 ____D C:\Program Files\Real
2013-06-25 07:57 - 2013-02-15 09:16 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2013-06-25 07:57 - 2013-02-15 09:16 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2013-06-25 07:57 - 2013-02-15 09:16 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2013-06-25 07:53 - 2008-01-21 11:28 - 00000000 ____D C:\Users\Mila\AppData\Local\Google
2013-06-20 10:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-20 10:02 - 2006-11-02 12:23 - 00000240 ____A C:\Windows\win.ini
2013-06-20 09:54 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2013-06-20 09:05 - 2012-06-12 07:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-20 09:05 - 2012-01-24 22:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-06 12:55

==================== End Of Log ============================
         
--- --- ---


Viele Grüße, Stefan

Alt 06.07.2013, 14:57   #10
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Supi, ein Onlinescan und wir sind durch.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.07.2013, 11:36   #11
stefan.w.
 
GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Hallo Schrauber,

schonmal vielen Dank für Deine Hilfe bis hier hin. http://www.trojaner-board.de/images/...ankeschoen.gif

Anbei die gewünschten files:

log.txt

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=46ea2c5bbac6fb4c854dc55be0278eee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-14 12:44:29
# local_time=2012-10-14 02:44:29 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 317185 125105090 392201 0
# compatibility_mode=5892 16776573 100 100 86904 187741254 0 0
# compatibility_mode=8192 67108863 100 0 936 936 0 0
# scanned=269068
# found=1
# cleaned=1
# scan_time=10143
C:\Users\Mila\Downloads\registrybooster.exe	a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=46ea2c5bbac6fb4c854dc55be0278eee
# engine=14295
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-06 11:10:39
# local_time=2013-07-07 01:10:39 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 22450 195056478 15220 0
# compatibility_mode=5892 16776574 100 100 1008580 210684967 0 0
# scanned=279490
# found=2
# cleaned=0
# scan_time=20220
sh=59BB948DF73BD1F9F81FEC67025F00B27BAFBB1C ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\regmonstd.lnk"
sh=82BD5E86545D3918F85B19C4E4D06B20B95C0016 ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\0tbpw.js"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=46ea2c5bbac6fb4c854dc55be0278eee
# engine=14298
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-07 09:55:43
# local_time=2013-07-07 11:55:43 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 61154 195095182 10753 0
# compatibility_mode=5892 16776574 100 100 1047284 210723671 0 0
# scanned=279376
# found=3
# cleaned=0
# scan_time=10549
sh=59BB948DF73BD1F9F81FEC67025F00B27BAFBB1C ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\regmonstd.lnk"
sh=174E7CB4B66A24DE50143DDCD0AA7FE95BFED768 ft=1 fh=ec8c3725fec6f2e1 vn="a variant of Win32/Kryptik.BEYE trojan" ac=I fn="C:\FRST\Quarantine\wpbt0.dll"
sh=82BD5E86545D3918F85B19C4E4D06B20B95C0016 ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\0tbpw.js"
         
checkup.txt

Code:
ATTFilter
esults of screen317's Security Check version 0.99.68  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 25  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox 18.0.2 Firefox out of Date!  
 Mozilla Thunderbird (3.1.20) Thunderbird out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 mbamscheduler.exe    
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
und die FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Stefan (administrator) on 07-07-2013 12:27:55
Running from C:\Users\Stefan\Desktop
MicrosoftÆ Windows Vistaô Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe
(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
(CyberLink) C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
(Cyberlink Corp.) C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(CASIO COMPUTER CO.,LTD.) C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-05] (Synaptics, Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" [128296 2007-10-17] (CyberLink)
HKLM\...\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [71216 2007-02-09] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [52256 2007-01-08] ()
HKLM\...\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" [222504 2007-09-13] (CyberLink Corp.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [220160 2007-12-14] (Google)
HKLM\...\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [286720 2007-06-29] (Apple Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8501792 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe [90112 2008-01-17] (MAGIX AG)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2009-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-02-06] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-12-11] (Google)
HKLM\...\Run: []  [x]
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-25] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-03] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [202024 2007-10-15] (Nero AG)
HKCU\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_SD1B.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_S2636.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-01] (Google Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Mila\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mila\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKU\Mila\...\Run: [WEB.DE_WEB.DE MultiMessenger] "C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE" /hide [ 2009-04-17] (WEB.DE GmbH)
HKU\Mila\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_S690E.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Mila\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_SE899.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Mila\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mila\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-01-08] (Skype Technologies S.A.)
HKU\Mila\...\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background [ 2013-05-29] (Sony)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\YouTube Uploader for CASIO.lnk
ShortcutTarget: YouTube Uploader for CASIO.lnk -> C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe (CASIO COMPUTER CO.,LTD.)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/freenet/
SearchScopes: HKCU - {657DF0D1-258C-4bea-8C18-1EAAB431E726} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=ie
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ecosia Class - {7EE976C4-7B1F-47f5-8521-4527C905F3BB} - C:\Program Files\Ecosia\ecosia.dll ()
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default
FF SelectedSearchEngine: Ecosia
FF Homepage: hxxp://www.arfo-fototeam.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-03] (Avira Operations GmbH & Co. KG)
R2 AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [118784 2005-03-04] (AVM Berlin)
S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIXÆ)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-12-14] (Google)
S2 gupdate1ca8e1824096050; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-05] (Google Inc.)
R2 MBAMScheduler; C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-07-02] (Protect Software GmbH)
R2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2008-03-01] (Protect Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-06-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-06-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-06-25] (Avira Operations GmbH & Co. KG)
R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [131584 2007-06-26] (Genesys Logic, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation)
S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation)
S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation)
S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation)
S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation)
S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation)
S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation)
S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-25] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-01-01] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 12:21 - 2013-07-06 18:06 - 00890988 ____A C:\Users\Stefan\Desktop\SecurityCheck.exe
2013-07-06 18:09 - 2013-04-04 14:07 - 02347384 ____A (ESET) C:\Users\Stefan\Desktop\esetsmartinstaller_enu.exe
2013-07-06 13:02 - 2013-07-04 07:34 - 01373373 ____A (Farbar) C:\Users\Stefan\Desktop\FRST.exe
2013-07-06 12:58 - 2013-07-06 12:58 - 00001002 ____A C:\Users\Stefan\Desktop\JRT.txt
2013-07-06 12:55 - 2013-07-06 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:54 - 2013-07-06 12:54 - 00000000 ____D C:\JRT
2013-07-06 12:52 - 2013-05-07 00:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Stefan\Desktop\JRT.exe
2013-07-06 12:46 - 2013-07-06 12:47 - 00012077 ____A C:\AdwCleaner[S1].txt
2013-07-06 12:45 - 2013-07-06 12:34 - 00650027 ____A C:\Users\Stefan\Desktop\adwcleaner.exe
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST
2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log
2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable
2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira
2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 09:18 - 2013-06-25 09:09 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 09:18 - 2013-06-25 09:09 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 09:18 - 2013-06-25 09:09 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe
2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-20 10:02 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 10:02 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 10:02 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-20 10:02 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-20 10:02 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 10:02 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 10:02 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 10:02 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-20 10:02 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-20 10:02 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 10:02 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 10:02 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-20 10:02 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 10:02 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 10:02 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 10:02 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 09:28 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-20 09:28 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-20 09:28 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-20 09:28 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-20 09:28 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-20 09:28 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-20 09:27 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys

==================== One Month Modified Files and Folders ========

2013-07-07 12:17 - 2013-02-17 19:11 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-07 12:04 - 2012-06-12 07:56 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-07 11:22 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:22 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:17 - 2013-02-17 19:11 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 09:55 - 2008-01-21 11:27 - 01735871 ____A C:\Windows\WindowsUpdate.log
2013-07-07 08:49 - 2008-02-04 13:44 - 00155166 ____A C:\Users\Stefan\AppData\Roaming\nvModes.001
2013-07-07 03:24 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-07 03:22 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 03:20 - 2007-11-30 17:27 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-07 03:20 - 2006-11-02 15:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-07 03:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-07 03:02 - 2006-11-02 12:33 - 01505388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-06 20:00 - 2010-02-15 21:00 - 00000242 ____A C:\Windows\Tasks\Epson Printer Software Downloader.job
2013-07-06 18:06 - 2013-07-07 12:21 - 00890988 ____A C:\Users\Stefan\Desktop\SecurityCheck.exe
2013-07-06 12:58 - 2013-07-06 12:58 - 00001002 ____A C:\Users\Stefan\Desktop\JRT.txt
2013-07-06 12:55 - 2013-07-06 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:54 - 2013-07-06 12:54 - 00000000 ____D C:\JRT
2013-07-06 12:47 - 2013-07-06 12:46 - 00012077 ____A C:\AdwCleaner[S1].txt
2013-07-06 12:34 - 2013-07-06 12:45 - 00650027 ____A C:\Users\Stefan\Desktop\adwcleaner.exe
2013-07-05 21:00 - 2008-01-22 12:05 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Skype
2013-07-05 20:58 - 2008-01-22 10:27 - 00054932 ____A C:\Users\Mila\AppData\Roaming\nvModes.001
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST
2013-07-04 07:34 - 2013-07-06 13:02 - 01373373 ____A (Farbar) C:\Users\Stefan\Desktop\FRST.exe
2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log
2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable
2013-07-03 23:22 - 2008-01-21 21:35 - 00000000 ____D C:\users\Stefan
2013-07-03 22:28 - 2008-01-21 21:35 - 00000000 ____D C:\Users\Stefan\AppData\Local\Google
2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira
2013-06-25 16:16 - 2013-01-01 22:16 - 00159648 ____A C:\Windows\PFRO.log
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-06-25 09:55 - 2013-01-03 19:40 - 00004983 ____A C:\Windows\setupact.log
2013-06-25 09:38 - 2008-01-21 11:28 - 00000000 ___AD C:\users\Mila
2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira
2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 09:18 - 2008-04-27 13:33 - 00000000 ____D C:\Program Files\Avira
2013-06-25 09:09 - 2013-06-25 09:18 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 09:09 - 2013-06-25 09:18 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 09:09 - 2013-06-25 09:18 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 09:09 - 2008-04-27 13:33 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe
2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-06-25 08:42 - 2013-02-11 20:01 - 00575436 ____A C:\Windows\DPINST.LOG
2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-25 08:39 - 2007-11-30 17:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-25 08:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 08:07 - 2012-10-14 10:19 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-25 08:07 - 2011-05-08 21:45 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-25 08:07 - 2007-12-04 10:17 - 00000000 ____D C:\Program Files\Java
2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-25 07:58 - 2013-02-15 09:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2013-06-25 07:58 - 2009-12-29 18:41 - 00000000 ____D C:\ProgramData\Real
2013-06-25 07:58 - 2008-05-04 08:20 - 00000000 ____D C:\Program Files\Real
2013-06-25 07:57 - 2013-02-15 09:16 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2013-06-25 07:57 - 2013-02-15 09:16 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2013-06-25 07:57 - 2013-02-15 09:16 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2013-06-25 07:53 - 2008-01-21 11:28 - 00000000 ____D C:\Users\Mila\AppData\Local\Google
2013-06-20 10:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-20 10:02 - 2006-11-02 12:23 - 00000240 ____A C:\Windows\win.ini
2013-06-20 09:54 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2013-06-20 09:05 - 2012-06-12 07:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-20 09:05 - 2012-01-24 22:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-07 03:37

==================== End Of Log ============================
         
--- --- ---


Viele Grüße, Stefan

Alt 07.07.2013, 12:36   #12
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Flash, Adobe, Firefox und Thunderbird updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.07.2013, 15:24   #13
stefan.w.
 
GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Hallo Schrauber,

ich habe TFC nun laufen lassen. Wie geht es weiter?

Viele Grüße, Stefan

Alt 07.07.2013, 18:38   #14
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.07.2013, 21:11   #15
stefan.w.
 
GVU-Virus auf meinem Rechner (Windows Vista) - Standard

GVU-Virus auf meinem Rechner (Windows Vista)



Hallo Schrauber,

nochmals vielen, vielen Dank für Deine Hilfe!!!

Habe alles erledigt und es scheint alles wieder zu laufen.

Viele Grüße,
Stefan

Antwort

Themen zu GVU-Virus auf meinem Rechner (Windows Vista)
dateien, durchgeführt, erstell, erstellt, gestern, gvu-trojaner, gvu-virus, hallo zusammen, hoffe, rechner, schritte, stefan, vista, windows, windows vista, zusammen



Ähnliche Themen: GVU-Virus auf meinem Rechner (Windows Vista)


  1. GVU-Virus auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  2. Virus auf meinem Rechner ( System Care Antivirus )
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (8)
  3. Habe " bprotector for windows " als Programm auf meinem Rechner gefunden - ist das ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (19)
  4. Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (11)
  5. TR/Kazy - Trojaner in mehreren Varianten auf meinem Windows Vista Laptop
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (20)
  6. GVU-Virus auf meinem Rechner (Windows Vista)
    Log-Analyse und Auswertung - 15.10.2012 (6)
  7. Virus auf meinem Rechner (100euro psc für illigale Aktivitäten)
    Log-Analyse und Auswertung - 13.10.2012 (6)
  8. kp_0loor.pad auf meinem Vista Rechner!
    Log-Analyse und Auswertung - 07.08.2012 (4)
  9. Virus auf meinem Rechner - MSE findet Sirefef immer wieder
    Log-Analyse und Auswertung - 03.03.2012 (16)
  10. Virus/Trojaner/xxx auf meinem Rechner!
    Log-Analyse und Auswertung - 26.07.2011 (5)
  11. Win 7 Security 2011 Virus auf meinem Rechner
    Log-Analyse und Auswertung - 12.06.2011 (40)
  12. 100 Tan Trojaner auf meinem Rechner Windows 7
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (19)
  13. habe Virus, trojana oder so auf meinem rechner
    Plagegeister aller Art und deren Bekämpfung - 24.10.2008 (5)
  14. Virus oder ähnlich auf meinem Rechner
    Log-Analyse und Auswertung - 27.09.2008 (19)
  15. Virus und Würmer auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 02.09.2005 (1)
  16. Virus auf meinem Rechner?
    Log-Analyse und Auswertung - 22.09.2004 (1)
  17. Virus Auf meinem Rechner? XP Shutdown in 60 sec...
    Plagegeister aller Art und deren Bekämpfung - 08.02.2004 (4)

Zum Thema GVU-Virus auf meinem Rechner (Windows Vista) - Hallo Zusammen, ich habe mir gestern den GVU-Virus gefangen. Ich hoffe Ihr könnt mir helfen. Die von Euch vorgeschlagenen Schritte habe ich durchgeführt und die entsprechenden Dateien beigfügt. Die Extra.txt - GVU-Virus auf meinem Rechner (Windows Vista)...
Archiv
Du betrachtest: GVU-Virus auf meinem Rechner (Windows Vista) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.