Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.07.2013, 09:03   #1
gonde
 
PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Hallo,
ich habe von Malwarebytes diese Einträge gefunden und durch das Prg. entfernen lassen. Nach Neustart habe ich ungewohnterweise den Malwarebyte nocheinmal, zur Bestätigung der Entfernung der Reg Einträge, laufen lassen. Siehe da: Die Einträge sind noch immer da!
Neuerlicher Start als Administrator und dann sogar im abgesicherten Modus halfen leider nicht. Ebensowenig wie Löschversuche in der Reg.

Dann fand ich bei meinen Recherchen den Hinweis auf Kaspersky Virus Removal Tool, dieses Programm fand zwar angeblich gleich in den ersten 3% drei Hinweise, aber ich kann das nicht belegen, weil ich einen BlueScreen bekam mit den Hinweis auf Bad_Pool_Header.

Daher heute meine Bitte, könnt ihr meine Logs anschauen und mir helfen?

Zuerst die Meldung von Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.11.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Standard :: PC-I7 [Administrator]

11.07.2013 14:20:59
MBAM-log-2013-07-11 (14-33-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 268912
Laufzeit: 5 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Standard\LOCALS~1\Temp\msuryr.cmd -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Standard\LOCALS~1\Temp\msuryr.cmd -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL
Code:
ATTFilter
OTL logfile created on: 13.07.2013 08:53:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Standard\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 62,83% Memory free
6,99 Gb Paging File | 5,71 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,28 Gb Total Space | 389,98 Gb Free Space | 79,87% Space Free | Partition Type: NTFS
Drive D: | 443,13 Gb Total Space | 46,05 Gb Free Space | 10,39% Space Free | Partition Type: NTFS
Drive E: | 915,75 Gb Total Space | 428,80 Gb Free Space | 46,83% Space Free | Partition Type: NTFS
Drive F: | 947,26 Gb Total Space | 280,59 Gb Free Space | 29,62% Space Free | Partition Type: NTFS
 
Computer Name: PC-I7 | User Name: Standard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.13 08:39:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe
PRC - [2013.06.24 11:35:54 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.24 11:35:41 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.06.24 11:35:40 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.06.24 11:35:38 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.06.24 11:35:37 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.24 11:35:37 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.10 02:35:07 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.09 10:00:00 | 001,314,000 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNABCSWK.EXE
PRC - [2012.07.04 11:49:06 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.07.04 11:49:04 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.02.16 13:31:20 | 001,110,480 | ---- | M] (Hagel Technologies Ltd.) -- C:\Programme\DU Meter\DUMeterSvc.exe
PRC - [2012.02.16 13:31:16 | 001,946,352 | ---- | M] (Hagel Technologies Ltd.) -- C:\Programme\DU Meter\DUMeter.exe
PRC - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.01.15 09:12:36 | 000,337,888 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\GwkTools\USBDLM\USBDLM.exe
PRC - [2012.01.15 09:11:32 | 000,022,496 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\GwkTools\USBDLM\USBDLM_usr.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.10.15 10:00:00 | 000,226,784 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
PRC - [2010.10.15 10:00:00 | 000,181,696 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
PRC - [2009.10.02 19:42:22 | 006,154,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\Six Engine\SixEngine.exe
PRC - [2009.03.02 16:33:00 | 000,643,600 | ---- | M] (TypingMaster, Inc) -- C:\GwkTools\QuickPhrase\quickphrase.exe
PRC - [2008.04.23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll
MOD - [2009.08.27 19:41:46 | 000,565,248 | ---- | M] () -- C:\Programme\ASUS\Six Engine\pngio.dll
MOD - [2009.08.27 19:41:46 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Programme\ASUS\Six Engine\AsusService.dll
MOD - [2007.05.23 15:26:26 | 000,027,928 | ---- | M] () -- C:\GwkTools\QuickPhrase\PhraseDll.dll
MOD - [2006.01.12 22:20:26 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.DEU
MOD - [2006.01.12 22:13:46 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.11 17:33:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.27 09:22:06 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.24 11:35:54 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.24 11:35:41 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.06.24 11:35:38 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.06.24 11:35:37 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.13 02:15:26 | 000,101,888 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.10 11:20:38 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.31 18:57:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.10.22 17:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Disabled | Stopped] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2012.09.17 07:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012.07.04 11:49:04 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.02.16 13:31:20 | 001,110,480 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.01.15 09:12:36 | 000,337,888 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\GwkTools\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.28 09:10:40 | 000,189,776 | ---- | M] (DATA BECKER GmbH & Co KG) [Disabled | Stopped] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003.07.28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.07.04 16:38:20 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2013.07.04 16:37:08 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013.07.04 16:37:08 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013.07.04 16:37:08 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2013.07.04 16:37:08 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2013.03.25 14:12:09 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.25 14:12:09 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.25 14:12:09 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.23 20:23:32 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013.02.13 12:12:06 | 000,063,464 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2013.02.10 11:20:38 | 008,944,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.19 13:41:52 | 000,154,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.11.20 15:48:13 | 000,011,936 | ---- | M] (Highresolution Enterprises [www.highrez.co.uk]) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\inpout32.sys -- (inpout32)
DRV - [2012.11.20 10:57:46 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\Windows\System32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2012.10.22 17:43:36 | 001,841,272 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.30 11:24:30 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2012.06.21 19:30:36 | 000,085,088 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2012.06.21 19:30:34 | 000,048,224 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2012.06.11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.05.03 11:43:34 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.13 11:05:06 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012.03.08 18:42:38 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.02.16 13:31:26 | 000,019,832 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Programme\DU Meter\DUMetr32.sys -- (DUMeterDrv)
DRV - [2012.01.19 09:24:16 | 000,276,784 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mv91xx.sys -- (mv91xx)
DRV - [2011.12.01 11:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.12.01 11:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.11.04 16:00:00 | 000,039,696 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CH341SER.SYS -- (CH341SER)
DRV - [2011.09.15 10:46:02 | 000,005,248 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\giveio.sys -- (giveio)
DRV - [2011.05.28 11:25:00 | 000,035,776 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011.02.10 15:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011.02.10 15:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011.01.27 20:18:32 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2011.01.10 12:35:42 | 000,050,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcdriver.sys -- (hcdriver)
DRV - [2010.11.25 11:27:32 | 000,103,000 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.31 13:43:36 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010.07.21 16:51:20 | 000,058,112 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.09.23 03:18:07 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2009.08.04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.06.11 14:09:56 | 001,516,544 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD)
DRV - [2005.03.30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [1998.11.25 17:48:36 | 000,013,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\GLPNTDRV.SYS -- (glpntdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=AT&userid=75bfa797-4670-495a-9c80-40a02cc290f4&searchtype=ds&q={searchTerms}&installDate=09/05/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 55 D3 AA 5A E4 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=0fc19f6f-25b3-434c-a122-a869b70aea4c&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "file:///C:/Program%20Files/Mozilla%20Firefox/bookmarks.html"
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.3.3.15
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B81328583-3CA7-4809-B4BA-570A85818FBB%7D:0.9
FF - prefs.js..extensions.enabledAddons: scrapbookplus%40addons.mozilla.org:1.9.23.40
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.05.21 10:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.25 08:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.18 07:06:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.31 17:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.14.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2013.01.31 17:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.14.1\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2013.05.18 07:06:24 | 000,000,000 | ---D | M]
 
[2013.01.31 17:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions
[2010.04.26 19:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.04.29 08:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2013.07.05 09:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\extensions
[2013.03.31 10:56:06 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.05.29 13:05:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.13 08:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\SeaMonkey\Profiles\5z0bbbd1.default\extensions
[2013.02.09 17:24:54 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Standard\AppData\Roaming\mozilla\SeaMonkey\Profiles\5z0bbbd1.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.05.13 08:48:59 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Standard\AppData\Roaming\mozilla\SeaMonkey\Profiles\5z0bbbd1.default\extensions\inspector@mozilla.org
[2013.07.05 09:57:16 | 000,254,237 | ---- | M] () (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\extensions\scrapbookplus@addons.mozilla.org.xpi
[2013.07.01 07:14:42 | 000,043,390 | ---- | M] () (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\extensions\{81328583-3CA7-4809-B4BA-570A85818FBB}.xpi
[2013.05.09 11:33:59 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.01 12:15:25 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.05.21 10:23:42 | 000,021,695 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\searchplugins\Web Search.xml
[2013.05.25 08:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.27 09:22:06 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.21 10:23:29 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
 
O1 HOSTS File: ([2011.09.07 18:49:37 | 000,000,832 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quickphrase.exe.lnk = C:\GwkTools\QuickPhrase\quickphrase.exe (TypingMaster, Inc)
F3 - HKCU WinNT: Load - (C:\Users\Standard\LOCALS~1\Temp\mshwuuj.bat) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An SchnapperPlus senden - C:\Programme\SchnapperPlus\SchnapperPlusMenu.js ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - Reg Error: Value error. File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - Reg Error: Value error. File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: SchnapperPlus - {D6243B39-211B-440D-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7425F3EA-3376-4D0E-8E9A-656428B7CB97}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.12 16:12:11 | 000,167,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.b8df.deleteme
[2013.07.12 16:10:53 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine
[2013.07.12 16:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013.07.12 12:09:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.07.11 07:39:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.07.10 19:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013.07.06 10:50:16 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Liqube
[2013.07.06 10:50:13 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resonic Alpha
[2013.07.06 10:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Liqube
[2013.07.04 19:40:24 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\My Kindle Content
[2013.07.04 19:40:18 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013.07.04 19:40:11 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Amazon
[2013.06.18 10:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.13 15:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2013.06.13 15:35:00 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2013.06.13 15:35:00 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2013.06.13 15:35:00 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2013.06.13 15:35:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2013.06.13 15:35:00 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2013.06.13 15:35:00 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2013.06.13 15:35:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2013.06.13 15:35:00 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2013.06.13 15:35:00 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2013.06.13 15:35:00 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2013.06.13 15:35:00 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2013.06.13 15:35:00 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2013.06.13 15:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2013.06.13 15:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2013.06.13 15:07:29 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\FreemakeVideoConverter
[2013.06.13 15:06:55 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\Freemake
[2013.06.13 15:06:55 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.06.13 15:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.06.13 15:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.06.13 15:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2013.06.13 14:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2013.06.13 14:45:54 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\Aimersoft DVD Ripper
[2013.06.13 14:45:45 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Aimersoft
[2013.06.13 14:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aimersoft
[2013.06.13 14:45:42 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2013.06.13 14:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft DVD Ripper
[2013.06.13 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Standard\AppData\Local\*.tmp files -> C:\Users\Standard\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.13 08:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.13 07:45:36 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.13 07:45:36 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.13 07:38:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.13 07:38:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.12 16:12:09 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.b8df.deleteme
[2013.07.12 16:07:10 | 000,694,592 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.12 16:07:10 | 000,652,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.12 16:07:10 | 000,146,780 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.12 16:07:10 | 000,121,428 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.12 07:29:41 | 000,049,805 | ---- | M] () -- C:\Users\Standard\Documents\Edith_Avira Online Shop.pdf
[2013.07.11 17:58:34 | 000,000,000 | ---- | M] () -- C:\Users\Standard\defogger_reenable
[2013.07.11 07:32:54 | 004,094,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.07.10 19:25:29 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.07.09 13:27:07 | 000,000,787 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\myAVR_ProgTool.cfg
[2013.07.06 10:50:14 | 000,001,214 | ---- | M] () -- C:\Users\Standard\Desktop\Resonic MP3.lnk
[2013.07.04 19:40:18 | 000,002,251 | ---- | M] () -- C:\Users\Standard\Desktop\Kindle.lnk
[2013.07.03 09:04:09 | 000,002,358 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2013.07.01 13:50:10 | 000,853,578 | ---- | M] () -- C:\Users\Standard\Documents\A1_BA-Box.pdf
[2013.07.01 07:03:15 | 000,011,664 | ---- | M] () -- C:\Users\Standard\gsview32.ini
[2013.06.30 12:07:46 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013.06.25 14:57:35 | 000,000,214 | ---- | M] () -- C:\Users\Standard\Documents\led_blink.aws
[2013.06.25 14:57:29 | 000,001,522 | ---- | M] () -- C:\Users\Standard\Documents\LED_blink.asm
[2013.06.25 14:56:14 | 000,002,295 | ---- | M] () -- C:\Users\Standard\Documents\LED_blink.aps
[2013.06.25 14:37:59 | 000,000,318 | ---- | M] () -- C:\Users\Standard\Documents\test2.aws
[2013.06.25 14:37:25 | 000,002,267 | ---- | M] () -- C:\Users\Standard\Documents\test2.aps
[2013.06.25 14:37:25 | 000,000,000 | ---- | M] () -- C:\Users\Standard\Documents\test2.asm
[2013.06.25 08:45:30 | 000,000,345 | ---- | M] () -- C:\Users\Standard\Documents\test1.aws
[2013.06.25 08:44:50 | 000,002,649 | ---- | M] () -- C:\Users\Standard\Documents\test1.aps
[2013.06.25 08:44:50 | 000,000,000 | ---- | M] () -- C:\Users\Standard\Documents\test1.asm
[2013.06.24 11:35:57 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.20 10:22:12 | 000,001,046 | ---- | M] () -- C:\Users\Standard\Desktop\Cathy.exe.lnk
[2013.06.18 10:21:03 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.16 13:58:22 | 000,695,204 | ---- | M] () -- C:\Users\Standard\Documents\WebseitenBau_ct_ 14 2013.pdf
[2013.06.13 15:35:00 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2013.06.13 15:06:55 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Standard\AppData\Local\*.tmp files -> C:\Users\Standard\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.12 07:29:41 | 000,049,805 | ---- | C] () -- C:\Users\Standard\Documents\Edith_Avira Online Shop.pdf
[2013.07.11 17:58:34 | 000,000,000 | ---- | C] () -- C:\Users\Standard\defogger_reenable
[2013.07.10 19:25:29 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.07.06 10:50:14 | 000,001,214 | ---- | C] () -- C:\Users\Standard\Desktop\Resonic MP3.lnk
[2013.07.04 19:40:18 | 000,002,251 | ---- | C] () -- C:\Users\Standard\Desktop\Kindle.lnk
[2013.07.01 13:50:10 | 000,853,578 | ---- | C] () -- C:\Users\Standard\Documents\A1_BA-Box.pdf
[2013.06.25 14:57:35 | 000,000,214 | ---- | C] () -- C:\Users\Standard\Documents\led_blink.aws
[2013.06.25 14:56:14 | 000,002,295 | ---- | C] () -- C:\Users\Standard\Documents\LED_blink.aps
[2013.06.25 14:56:14 | 000,001,522 | ---- | C] () -- C:\Users\Standard\Documents\LED_blink.asm
[2013.06.25 14:37:59 | 000,000,318 | ---- | C] () -- C:\Users\Standard\Documents\test2.aws
[2013.06.25 14:37:25 | 000,002,267 | ---- | C] () -- C:\Users\Standard\Documents\test2.aps
[2013.06.25 14:37:25 | 000,000,000 | ---- | C] () -- C:\Users\Standard\Documents\test2.asm
[2013.06.25 08:45:30 | 000,000,345 | ---- | C] () -- C:\Users\Standard\Documents\test1.aws
[2013.06.25 08:44:50 | 000,002,649 | ---- | C] () -- C:\Users\Standard\Documents\test1.aps
[2013.06.25 08:44:50 | 000,000,000 | ---- | C] () -- C:\Users\Standard\Documents\test1.asm
[2013.06.20 10:22:12 | 000,001,046 | ---- | C] () -- C:\Users\Standard\Desktop\Cathy.exe.lnk
[2013.06.18 10:21:03 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.16 13:58:22 | 000,695,204 | ---- | C] () -- C:\Users\Standard\Documents\WebseitenBau_ct_ 14 2013.pdf
[2013.06.13 15:35:00 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2013.06.13 15:35:00 | 000,195,584 | RHS- | C] () -- C:\Windows\System32\MatroskaDX.ax
[2013.06.13 15:35:00 | 000,188,416 | RHS- | C] () -- C:\Windows\System32\winDCE32.dll
[2013.06.13 15:35:00 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2013.06.13 15:35:00 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
[2013.06.13 15:35:00 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2013.06.13 15:35:00 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2013.06.13 15:35:00 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2013.06.13 15:35:00 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2013.06.13 15:35:00 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2013.06.13 15:35:00 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2013.06.13 15:35:00 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2013.06.13 15:35:00 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2013.06.13 15:06:55 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.06.13 14:45:42 | 000,675,840 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2013.06.13 14:45:42 | 000,496,640 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2013.05.12 15:53:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\myAvrQuickProg.cfg
[2013.05.11 13:29:11 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2013.05.09 14:09:53 | 000,032,256 | -HS- | C] () -- C:\Windows\System32\AVSredirect.dll
[2013.04.14 09:55:02 | 000,304,584 | ---- | C] (                                                            ) -- C:\Program Files\Common Files\delete.exe
[2013.04.07 15:34:53 | 000,003,584 | ---- | C] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.14 08:33:14 | 000,000,657 | ---- | C] () -- C:\Windows\unins000.dat
[2013.03.09 13:35:48 | 000,000,218 | ---- | C] () -- C:\Users\Standard\AppData\Local\recently-used.xbel
[2013.03.06 12:51:57 | 000,007,606 | ---- | C] () -- C:\Users\Standard\AppData\Local\Resmon.ResmonCfg
[2013.03.04 17:41:48 | 000,000,096 | ---- | C] () -- C:\Users\Standard\AppData\Local\CrystalDiskMark30.ini
[2013.02.14 11:07:26 | 000,004,138 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\LTspiceIV.ini
[2013.01.31 17:51:17 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2013.01.31 11:09:27 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2012.11.20 16:47:14 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2012.11.20 16:47:06 | 000,000,035 | ---- | C] () -- C:\Windows\GALEP3.INI
[2012.11.20 16:41:46 | 000,013,728 | ---- | C] () -- C:\Windows\System32\drivers\GLPNTDRV.SYS
[2012.10.31 13:14:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\svEditor.ini
[2012.09.20 08:50:54 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw41.bin
[2012.07.06 17:35:38 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\filter
[2012.03.25 11:51:02 | 000,000,121 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAVR_ProgTool101.cfg
[2012.03.13 16:11:01 | 000,000,588 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.10 11:07:25 | 000,000,025 | ---- | C] () -- C:\Windows\ULTImate.ini
[2012.02.19 10:22:48 | 000,000,172 | ---- | C] () -- C:\Windows\CmdFile.INI
[2012.02.19 10:03:41 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\grep
[2012.02.19 09:48:31 | 000,000,000 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\business-inkjet
[2012.01.12 17:13:54 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.06 13:44:44 | 000,294,912 | ---- | C] () -- C:\Windows\System32\mbr_sqlite.dll
[2011.10.22 16:24:13 | 000,011,664 | ---- | C] () -- C:\Users\Standard\gsview32.ini
[2011.10.22 16:19:58 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.09.08 09:12:53 | 000,544,768 | ---- | C] () -- C:\Windows\System32\Cmeau106.exe
[2011.09.08 09:12:53 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2011.09.08 09:12:53 | 000,000,269 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2011.09.08 09:12:50 | 000,299,008 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.09.08 09:12:50 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2011.09.08 09:12:50 | 000,000,174 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2011.09.08 09:12:49 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2011.08.22 08:57:55 | 000,005,331 | ---- | C] () -- C:\Program Files\Lizenz.rtf
[2011.08.01 17:21:38 | 000,852,264 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011.07.25 10:23:45 | 000,000,040 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\mySmartUSB_Terminal.cfg
[2011.06.16 11:50:43 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\docInfo
[2011.05.11 09:17:25 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\Console
[2011.05.11 09:17:22 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\Contents
[2011.02.18 11:33:50 | 000,000,250 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAVR_WorkpadSE_Demo.cfg
[2010.08.06 09:16:21 | 000,003,243 | ---- | C] () -- C:\Users\Standard\gdbtk.ini
[2010.07.30 09:08:19 | 000,000,811 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAVR_WorkpadPLUS_Demo.cfg
[2010.07.08 16:32:13 | 000,000,787 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAVR_ProgTool.cfg
[2010.07.08 16:29:07 | 000,000,262 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAvrQuickProg.cfg
[2010.04.30 08:49:57 | 000,000,024 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\MyPhrases.dta
[2010.04.28 09:33:48 | 002,136,576 | ---- | C] () -- C:\Program Files\frontdesigner30.exe
[2010.04.28 09:33:48 | 000,654,098 | ---- | C] () -- C:\Program Files\frontdesigner30.chm
[2010.04.28 09:33:48 | 000,000,026 | ---- | C] () -- C:\Program Files\sprache.ini
[2005.04.08 04:16:43 | 000,118,093 | -H-- | C] () -- C:\Users\Standard\AppData\Roaming\Standardv1.18.0 - Trial versionlog.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.31 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\7-PDFWebsiteConverter
[2013.01.31 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Acronis
[2013.01.31 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Alltags-Programme
[2013.05.09 14:45:13 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\AnvSoft
[2013.01.31 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Arduino
[2013.01.31 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Ashampoo
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Atmel
[2013.06.08 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Audacity
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Auslogics
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\avidemux
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Azureus
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Bitstream
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\BitTorrent
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\BitZipper
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\CadSoft
[2013.01.31 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\calibre
[2013.01.31 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Canneverbe Limited
[2013.01.31 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.01.31 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013.04.14 09:22:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DATA BECKER Shared
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DeepBurner
[2012.02.27 11:41:50 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Driver
[2011.04.16 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVD2AVI Ripper
[2013.05.21 10:23:30 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoft
[2013.05.21 10:23:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\eCub
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\EPSON
[2011.01.31 16:41:16 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\EurekaLog
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FileMaker
[2013.05.07 08:50:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FileZilla
[2013.02.18 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Foxit Software
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Free Download Manager
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Fritzing
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FrontDesign
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GetRight
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GetRightToGo
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GHISLER
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\gtk-2.0
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HamsterSoft
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HandBrake
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HD Tune Pro
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Helios
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ibf
[2013.01.31 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ImgBurn
[2013.03.09 15:30:11 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\inkscape
[2013.01.31 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Intermedia Software
[2013.01.31 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\IrfanView
[2013.01.31 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\JonDo
[2013.01.31 17:41:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\jpg-Illuminator
[2013.01.31 17:41:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Jutoh
[2013.04.06 10:00:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\LibreOffice
[2013.07.06 10:50:16 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Liqube
[2013.01.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\MAGIX
[2013.01.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\MCS Electronics
[2013.01.31 17:41:21 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Mp3tag
[2013.01.31 17:41:21 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\NCH Swift Sound
[2013.01.31 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nik Software
[2013.01.31 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nikon
[2013.01.31 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nokia
[2012.06.20 16:15:53 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nokia Suite
[2013.01.31 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nvu
[2013.05.21 10:23:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\OpenCandy
[2013.01.31 17:41:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Opera
[2013.01.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\PC Suite
[2013.05.29 08:13:20 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\pdfforge
[2012.01.06 15:41:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Pooqm
[2013.01.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\POV-Ray
[2013.04.17 12:04:53 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ProtectDisc
[2013.01.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Q-Dir
[2013.01.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\QuickScan
[2013.06.28 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SchnapperPlus
[2013.01.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Semper Software
[2013.01.31 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Simon Brown, HB9DRV
[2013.05.09 13:50:57 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SuperEasy Software
[2013.05.09 14:15:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Systweak
[2013.01.31 17:41:30 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ThumbsPlus
[2013.01.31 17:41:30 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Thunderbird
[2013.01.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TuneUp Software
[2013.01.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TweakNow RegCleaner 2012
[2013.01.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Ulead Systems
[2013.01.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\usbprog
[2013.07.10 16:57:01 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Usenet.nl
[2013.01.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\VisualAssist
[2011.06.17 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\whitepixel
[2013.01.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\www.rene-zeidler.de
[2013.01.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\XMedia Recode
[2013.01.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Yqopep
[2013.03.08 12:57:02 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Zotero
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BF3D62E7

< End of report >
         
Extras.txt wurde trotz 2 maligen Starten nicht erzeugt!?

GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-13 09:35:11
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0 WDC_WD10 rev.05.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Standard\AppData\Local\Temp\ugtdapod.sys


---- System - GMER 2.1 ----

SSDT            95C538EE                                                                                                                                                                                               ZwCreateSection
SSDT            95C538C6                                                                                                                                                                                               ZwCreateSymbolicLinkObject
SSDT            95C538CB                                                                                                                                                                                               ZwLoadDriver
SSDT            95C538C1                                                                                                                                                                                               ZwOpenSection
SSDT            95C538F8                                                                                                                                                                                               ZwRequestWaitReplyPort
SSDT            95C538F3                                                                                                                                                                                               ZwSetContextThread
SSDT            95C538FD                                                                                                                                                                                               ZwSetSecurityObject
SSDT            95C538D0                                                                                                                                                                                               ZwSetSystemInformation
SSDT            95C53902                                                                                                                                                                                               ZwSystemDebugControl
SSDT            95C5388F                                                                                                                                                                                               ZwTerminateProcess
SSDT            95C5388A                                                                                                                                                                                               ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                               830939F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                 830CD1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                                                    830D453C 4 Bytes  [EE, 38, C5, 95] {OUT DX, AL; CMP CH, AL; XCHG EBP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1200                                                                                                                                                                    830D4545 3 Bytes  [38, C5, 95] {CMP CH, AL; XCHG EBP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                                                                                                    830D4658 4 Bytes  [CB, 38, C5, 95] {RETF ; CMP CH, AL; XCHG EBP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                                                                                                                                    830D46F4 4 Bytes  [C1, 38, C5, 95] {SAR DWORD [EAX], 0xc5; XCHG EBP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                                                                                    830D4898 4 Bytes  [F8, 38, C5, 95] {CLC ; CMP CH, AL; XCHG EBP, EAX}
.text           ...                                                                                                                                                                                                    

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                 NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                 NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                 NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                                 NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                                                                                 NBVol.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                                                                                  
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG16.00.00.01PROFESSIONAL                                                                                                                  D17451FC41AD58FDF38B9BEEFAC003D3DB539326D2CAA63D679F7BA83C47D2FA6D2DE36A8374DE5831BD650C6E74043EADB8B0BE2DFBD7D4AF67692799110EB8BC35D35F4A560F384A0CCB7AF0EB5C2C49391AA489DE4255FB5F0A49DFA5DED1A0035A50D8B0F59DE620F4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CC038D530D6EB3452BA7FD869164D67943A4971B16A96FDFC3DE0276A27CA4C4D9581BD6773857AFBEBACB0A503B03248D3B9503B8E3DE22902A4CBAA53135A901CAF5288AA616EED0E53407228B1AA1178FB5F4FCED220D5A82232E5D2913521A3A057C1E8BE1229446CF1662F8D10185C952FD499B2C573FC90CCDF7A661DDCB2DF40520D25761AEA7CDC5D1E4F63F4D81C97E5BF8B67E7703E551184045695F211C72FD8EAB29E0899D96AE2542C34E73C345074E01D0A170DC7A30EB32992B0696980733DE08A3F6F8753C9CEF4D4A9B8E498CE0982A8ABF1E2789811630D5F356824E69C9CA4DE3CC98F8843CC4C62E3CA734EADB68588F5ABA1090CD5B29551C72921DE8928D2D5C4CE368CC5817BA5CECBD1CF5C53B0B56B67A9E7D3260B30525575ABCC433021E271CC59F650FD7B1B419CBF9DBCC864AB44283DB67D2058159F9A010F9AAC9AD28EAD29FA0A1CF49F25D
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId                                                                                                 8
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9                                                                                                                             
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@CrawlType                                                                                                                   2
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@InProgress                                                                                                                  1
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@DoneAddingCrawlSeeds                                                                                                        1
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@IsCatalogLevel                                                                                                              0
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@LogStartAddId                                                                                                               2
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberInProgress                                                                                                   9
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\ex_I\Password Retrieval LITE v1.1 for Microsoft\xae Access\AccessPasswordRetrievalLiteSetup.exe  1

---- Files - GMER 2.1 ----

File            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001D0.log                                                                                                                                 1048576 bytes

---- EOF - GMER 2.1 ----
         
Ich hoffe ich habe nichts übersehen und bin schon gespannt wie ein Flitzebogen.


Mit freundlichen Grüßen,
Gonde

Alt 13.07.2013, 09:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 13.07.2013, 11:02   #3
gonde
 
PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Hier die gewünschten logs:
FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2013
Ran by Standard (administrator) on 13-07-2013 11:57:11
Running from C:\Users\Standard\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeterSvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Uwe Sieber - www.uwe-sieber.de) C:\GwkTools\USBDLM\USBDLM.exe
(Uwe Sieber - www.uwe-sieber.de) C:\GwkTools\USBDLM\USBDLM_usr.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Six Engine\SixEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNABCSWK.EXE
(TypingMaster, Inc) C:\GwkTools\QuickPhrase\quickphrase.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Hagel Technologies Ltd.) C:\PROGRA~1\DUMETE~1\DUMeter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [CNAP2 Launcher] - C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM\...\Run: [NUSB3MON] - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 7.0] - "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [DU Meter] - "C:\Program Files\DU Meter\DUMeter.exe" /autostart [1946352 2012-02-16] (Hagel Technologies Ltd.)
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Standard\LOCALS~1\Temp\mshwuuj.bat
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quickphrase.exe.lnk
ShortcutTarget: quickphrase.exe.lnk -> C:\GwkTools\QuickPhrase\quickphrase.exe (TypingMaster, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKLM SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=AT&userid=75bfa797-4670-495a-9c80-40a02cc290f4&searchtype=ds&q={searchTerms}&installDate=09/05/2013
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=AT&userid=75bfa797-4670-495a-9c80-40a02cc290f4&searchtype=ds&q={searchTerms}&installDate=09/05/2013
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=0fc19f6f-25b3-434c-a122-a869b70aea4c&searchtype=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=0fc19f6f-25b3-434c-a122-a869b70aea4c&searchtype=ds&q={searchTerms}&installDate={installDate}
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value - 
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Hosts: 127.0.0.1
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Standard\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Standard\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

========================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [371768 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-24] (Avira Operations GmbH & Co. KG)
S4 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1110480 2012-02-16] (Hagel Technologies Ltd.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-07-04] (TuneUp Software)
R2 USBDLM; C:\GwkTools\USBDLM\USBDLM.exe [337888 2012-01-15] (Uwe Sieber - www.uwe-sieber.de)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-25] (Avira Operations GmbH & Co. KG)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2013-03-23] (Phoenix Technologies)
S3 DUMeterDrv; C:\Program Files\DU Meter\DUMETR32.SYS [19832 2012-02-16] (Hagel Technologies Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
S4 giveio; C:\Windows\giveio.sys [5248 2011-09-15] ()
R2 glpntdrv; C:\Windows\system32\drivers\glpntdrv.sys [13728 1998-11-25] ()
S3 hcdriver; C:\Windows\System32\Drivers\hcdriver.sys [50688 2011-01-10] (Intel Corporation)
R1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2012-11-20] (Logix4u)
R2 inpout32; C:\Windows\System32\Drivers\inpout32.sys [11936 2012-11-20] (Highresolution Enterprises [www.highrez.co.uk])
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [103000 2010-11-25] (JMicron Technology Corp.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2011-05-28] (hxxp://libusb-win32.sourceforge.net)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R0 mv91xx; C:\Windows\System32\drivers\mv91xx.sys [276784 2012-01-19] (Marvell Semiconductor, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [63872 2011-02-10] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141952 2011-02-10] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-30] (Prolific Technology Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-21] (Silicon Laboratories)
R3 SNXPCARD; C:\Windows\System32\DRIVERS\snxpcard.sys [48224 2012-06-21] (SUNIX Co., Ltd.)
R3 SNXPPALX; C:\Windows\System32\DRIVERS\snxppalx.sys [85088 2012-06-21] (SUNIX Co., Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-03] (TuneUp Software)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516544 2009-06-11] (C-Media Electronics Inc)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-23] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 11:57 - 2013-07-13 11:57 - 00000000 ____D C:\FRST
2013-07-13 11:55 - 2013-07-13 11:55 - 01218386 _____ (Farbar) C:\Users\Standard\Downloads\FRST.exe
2013-07-13 10:07 - 2013-07-13 10:07 - 00002722 _____ C:\Windows\setupact.log
2013-07-13 10:07 - 2013-07-13 10:07 - 00000000 _____ C:\Windows\setuperr.log
2013-07-13 09:35 - 2013-07-13 09:35 - 00010114 _____ C:\Users\Standard\Downloads\Gmer.log
2013-07-13 09:02 - 2013-07-13 09:02 - 00000478 _____ C:\Users\Standard\Downloads\defogger_disable.log
2013-07-13 08:48 - 2013-07-13 08:56 - 00131176 _____ C:\Users\Standard\Downloads\OTL.Txt
2013-07-13 08:40 - 2013-07-13 08:40 - 00377856 _____ C:\Users\Standard\Downloads\gmer_2.1.19163.exe
2013-07-13 08:39 - 2013-07-13 08:39 - 00602112 _____ (OldTimer Tools) C:\Users\Standard\Downloads\OTL.exe
2013-07-13 08:39 - 2013-07-13 08:39 - 00050477 _____ C:\Users\Standard\Downloads\Defogger.exe
2013-07-12 16:12 - 2013-07-12 16:12 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.b8df.deleteme
2013-07-12 16:10 - 2013-07-12 19:22 - 00000000 ____D C:\Program Files\stinger
2013-07-12 16:10 - 2013-07-12 16:10 - 00000000 ____D C:\Stinger_Quarantine
2013-07-12 12:09 - 2013-07-12 19:25 - 00000000 ____D C:\Windows\Minidump
2013-07-11 17:58 - 2013-07-11 17:58 - 00000000 _____ C:\Users\Standard\defogger_reenable
2013-07-11 07:39 - 2013-07-11 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 20:10 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 20:10 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 20:10 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 20:10 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 19:25 - 2013-07-10 19:25 - 00001082 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2013-07-10 19:25 - 2013-07-04 16:38 - 00188176 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-07-10 19:25 - 2013-07-04 16:37 - 00094480 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-07-10 07:27 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 07:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 07:27 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 07:27 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 08:35 - 2013-07-09 08:35 - 00000000 ____D C:\Users\Standard\Downloads\tool_myAVR-ProgTool-V139-b2236_en_de
2013-07-07 17:24 - 2013-07-07 17:24 - 00000000 ____D C:\Users\Standard\Downloads\LAN_Realtek_Win7_VER7616122012
2013-07-06 10:50 - 2013-07-06 10:50 - 00001214 _____ C:\Users\Standard\Desktop\Resonic MP3.lnk
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resonic Alpha
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Liqube
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Program Files\Liqube
2013-07-06 10:49 - 2013-07-06 10:49 - 03512775 _____ (Liqube) C:\Users\Standard\Downloads\ResonicAlphaSetup840.exe
2013-07-05 10:49 - 2013-07-13 10:06 - 01077758 _____ C:\Windows\WindowsUpdate.log
2013-07-04 19:40 - 2013-07-04 19:47 - 00000000 ____D C:\Users\Standard\Documents\My Kindle Content
2013-07-04 19:40 - 2013-07-04 19:40 - 00002251 _____ C:\Users\Standard\Desktop\Kindle.lnk
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Local\Amazon
2013-07-04 16:37 - 2013-07-04 16:37 - 00174864 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-07-04 16:37 - 2013-07-04 16:37 - 00115984 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00104720 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00084752 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2013-07-01 07:46 - 2013-07-01 07:47 - 38103832 _____ (Amazon.com) C:\Users\Standard\Downloads\KindleForPC-installer.exe
2013-06-25 14:57 - 2013-06-25 14:57 - 00000214 _____ C:\Users\Standard\Documents\led_blink.aws
2013-06-25 14:56 - 2013-06-25 14:57 - 00001522 _____ C:\Users\Standard\Documents\LED_blink.asm
2013-06-25 14:56 - 2013-06-25 14:56 - 00002295 _____ C:\Users\Standard\Documents\LED_blink.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00002267 _____ C:\Users\Standard\Documents\test2.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00000318 _____ C:\Users\Standard\Documents\test2.aws
2013-06-25 14:37 - 2013-06-25 14:37 - 00000000 _____ C:\Users\Standard\Documents\test2.asm
2013-06-25 08:45 - 2013-06-25 08:45 - 00000345 _____ C:\Users\Standard\Documents\test1.aws
2013-06-25 08:44 - 2013-06-25 08:44 - 00002649 _____ C:\Users\Standard\Documents\test1.aps
2013-06-25 08:44 - 2013-06-25 08:44 - 00000000 _____ C:\Users\Standard\Documents\test1.asm
2013-06-20 10:22 - 2013-06-20 10:22 - 00001046 _____ C:\Users\Standard\Desktop\Cathy.exe.lnk
2013-06-19 19:35 - 2013-06-19 19:35 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-19 19:35 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-18 10:21 - 2013-06-18 10:21 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-15 19:58 - 2013-06-15 20:00 - 00000000 ____D C:\Users\Standard\Downloads\StopWatch
2013-06-13 15:39 - 2013-06-13 15:39 - 00000000 ____D C:\Program Files\AviSynth 2.5
2013-06-13 15:35 - 2013-06-13 15:35 - 00001076 _____ C:\Users\Public\Desktop\SUPER ©.lnk
2013-06-13 15:35 - 2012-10-05 20:54 - 00188416 __RSH C:\Windows\system32\winDCE32.dll
2013-06-13 15:35 - 2011-06-14 20:05 - 00121344 __RSH C:\Windows\system32\TAKDSDecoder.ax
2013-06-13 15:35 - 2010-01-07 00:00 - 00107520 __RSH C:\Windows\system32\TAKDSDecoder.dll
2013-06-13 15:35 - 2009-03-17 11:38 - 00070656 __RSH C:\Windows\system32\RLAPEDec.ax
2013-06-13 15:35 - 2009-01-18 18:15 - 00120832 __RSH C:\Windows\system32\MPCDx.ax
2013-06-13 15:35 - 2009-01-18 13:03 - 00107520 __RSH C:\Windows\system32\RLMPCDec.ax
2013-06-13 15:35 - 2008-03-16 15:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:\Windows\system32\nbDX.dll
2013-06-13 15:35 - 2007-02-21 13:47 - 00031232 __RSH (Hans Mayerl) C:\Windows\system32\msfDX.dll
2013-06-13 15:35 - 2006-09-12 13:46 - 00227328 __RSH () C:\Windows\system32\ac3DX.ax
2013-06-13 15:35 - 2006-08-16 16:53 - 00175104 __RSH () C:\Windows\system32\CoreAAC.ax
2013-06-13 15:35 - 2006-05-03 12:06 - 00163328 __RSH (Gabest) C:\Windows\system32\flvDX.dll
2013-06-13 15:35 - 2006-03-10 00:00 - 00195584 __RSH C:\Windows\system32\MatroskaDX.ax
2013-06-13 15:35 - 2006-01-13 01:23 - 00123904 __RSH (CoreCodec) C:\Windows\system32\AVCDX.ax
2013-06-13 15:35 - 2005-11-25 22:46 - 00161792 __RSH (Gabest) C:\Windows\system32\RealMediaDX.ax
2013-06-13 15:35 - 2005-02-22 18:55 - 00081920 __RSH C:\Windows\system32\aac_parser.ax
2013-06-13 15:35 - 2005-02-13 01:00 - 00186880 __RSH (RadLight) C:\Windows\system32\RLOgg.ax
2013-06-13 15:35 - 2005-02-13 01:00 - 00067584 __RSH (RadLight, LLC) C:\Windows\system32\RLTheoraDec.ax
2013-06-13 15:35 - 2005-02-13 01:00 - 00051712 __RSH C:\Windows\system32\RLSpeexDec.ax
2013-06-13 15:35 - 2005-02-06 01:00 - 00092672 __RSH (RadLight) C:\Windows\system32\RLVorbisDec.ax
2013-06-13 15:35 - 2005-01-18 01:26 - 00179200 __RSH (Gabest) C:\Windows\system32\DiracSplitter.ax
2013-06-13 15:35 - 2004-10-10 10:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\system32\pncrt.dll
2013-06-13 15:35 - 2004-09-17 05:07 - 00090112 __RSH (-) C:\Windows\system32\TTADSSplitter.ax
2013-06-13 15:35 - 2004-08-22 12:56 - 00090112 __RSH (-) C:\Windows\system32\TTADSDecoder.ax
2013-06-13 15:35 - 2003-12-07 09:59 - 00097280 __RSH C:\Windows\system32\FLACDX.ax
2013-06-13 15:34 - 2013-06-13 15:34 - 00000000 ____D C:\Program Files\eRightSoft
2013-06-13 15:26 - 2013-06-13 15:28 - 51636894 _____ (eRightSoft                                                  ) C:\Users\Standard\Downloads\SUPERsetup.exe
2013-06-13 15:07 - 2013-06-13 15:07 - 00000000 ____D C:\Users\Standard\AppData\Local\FreemakeVideoConverter
2013-06-13 15:06 - 2013-06-13 15:07 - 00000000 ____D C:\Users\Standard\Documents\Freemake
2013-06-13 15:06 - 2013-06-13 15:07 - 00000000 ____D C:\ProgramData\Freemake
2013-06-13 15:06 - 2013-06-13 15:06 - 00001288 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-06-13 15:06 - 2013-06-13 15:06 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-13 15:06 - 2013-06-13 15:06 - 00000000 ____D C:\Program Files\Freemake
2013-06-13 14:49 - 2013-06-13 14:49 - 00000000 ____D C:\ProgramData\xml_param
2013-06-13 14:45 - 2013-06-13 14:50 - 00000000 ____D C:\Program Files\Aimersoft
2013-06-13 14:45 - 2013-06-13 14:49 - 00000000 ____D C:\Users\Standard\Documents\Aimersoft DVD Ripper
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\Users\Standard\AppData\Local\Aimersoft
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\ProgramData\Aimersoft DVD Ripper
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\Program Files\Common Files\Aimersoft
2013-06-13 14:45 - 2013-05-07 09:08 - 00892928 _____ (Free Software Foundation) C:\Windows\system32\iconv.dll
2013-06-13 14:45 - 2013-05-07 09:08 - 00675840 _____ () C:\Windows\system32\ac3filter.ax
2013-06-13 14:45 - 2013-05-07 09:08 - 00496640 _____ C:\Windows\system32\xvid.ax

==================== One Month Modified Files and Folders =======

2013-07-13 11:57 - 2013-07-13 11:57 - 00000000 ____D C:\FRST
2013-07-13 11:55 - 2013-07-13 11:55 - 01218386 _____ (Farbar) C:\Users\Standard\Downloads\FRST.exe
2013-07-13 11:17 - 2013-03-14 10:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 10:14 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 10:14 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 10:10 - 2013-07-05 10:49 - 01077758 _____ C:\Windows\WindowsUpdate.log
2013-07-13 10:07 - 2013-07-13 10:07 - 00002722 _____ C:\Windows\setupact.log
2013-07-13 10:07 - 2013-07-13 10:07 - 00000000 _____ C:\Windows\setuperr.log
2013-07-13 10:07 - 2013-02-06 14:05 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 10:07 - 2013-01-31 17:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-13 10:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 09:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-13 09:35 - 2013-07-13 09:35 - 00010114 _____ C:\Users\Standard\Downloads\Gmer.log
2013-07-13 09:02 - 2013-07-13 09:02 - 00000478 _____ C:\Users\Standard\Downloads\defogger_disable.log
2013-07-13 08:56 - 2013-07-13 08:48 - 00131176 _____ C:\Users\Standard\Downloads\OTL.Txt
2013-07-13 08:40 - 2013-07-13 08:40 - 00377856 _____ C:\Users\Standard\Downloads\gmer_2.1.19163.exe
2013-07-13 08:39 - 2013-07-13 08:39 - 00602112 _____ (OldTimer Tools) C:\Users\Standard\Downloads\OTL.exe
2013-07-13 08:39 - 2013-07-13 08:39 - 00050477 _____ C:\Users\Standard\Downloads\Defogger.exe
2013-07-13 08:25 - 2010-04-27 13:19 - 00000000 ____D C:\Windows\pss
2013-07-12 19:25 - 2013-07-12 12:09 - 00000000 ____D C:\Windows\Minidump
2013-07-12 19:22 - 2013-07-12 16:10 - 00000000 ____D C:\Program Files\stinger
2013-07-12 16:12 - 2013-07-12 16:12 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.b8df.deleteme
2013-07-12 16:10 - 2013-07-12 16:10 - 00000000 ____D C:\Stinger_Quarantine
2013-07-12 16:07 - 2010-11-20 23:01 - 01606772 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 10:03 - 2011-04-20 09:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-12 09:19 - 2013-02-07 11:05 - 00000000 ____D C:\Users\Standard\AppData\Roaming\vlc
2013-07-11 17:58 - 2013-07-11 17:58 - 00000000 _____ C:\Users\Standard\defogger_reenable
2013-07-11 17:58 - 2013-01-31 17:09 - 00000000 ____D C:\Users\Standard
2013-07-11 17:34 - 2010-04-25 11:36 - 00000000 ____D C:\Users\Standard\AppData\Local\Adobe
2013-07-11 17:33 - 2013-02-10 15:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-11 17:33 - 2013-02-10 15:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-11 10:53 - 2012-03-08 20:27 - 00000000 ____D C:\Users\Standard\.VirtualBox
2013-07-11 08:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 07:51 - 2013-01-31 17:05 - 00000000 ____D C:\Windows\Panther
2013-07-11 07:41 - 2013-07-11 07:39 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 07:32 - 2010-11-21 02:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 07:32 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 07:32 - 2009-07-14 06:33 - 04094360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 19:25 - 2013-07-10 19:25 - 00001082 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2013-07-10 19:25 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-10 19:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\DriverStore
2013-07-10 17:39 - 2010-11-10 19:14 - 00000000 ___RD C:\Users\Standard\Virtual Machines
2013-07-10 16:57 - 2010-05-06 12:22 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Usenet.nl
2013-07-10 16:49 - 2010-05-06 12:22 - 00000000 ___RD C:\Users\Standard\Documents\Usenet.nl
2013-07-09 15:21 - 2012-05-14 10:19 - 00000000 ____D C:\Users\Standard\Downloads\db1ov_frequenznormal
2013-07-09 13:27 - 2010-07-08 16:32 - 00000787 _____ C:\Users\Standard\AppData\Roaming\myAVR_ProgTool.cfg
2013-07-09 08:35 - 2013-07-09 08:35 - 00000000 ____D C:\Users\Standard\Downloads\tool_myAVR-ProgTool-V139-b2236_en_de
2013-07-07 17:41 - 2013-02-10 13:52 - 00000000 ____D C:\Windows\system32\Adobe
2013-07-07 17:33 - 2010-04-24 15:47 - 00000000 ____D C:\Program Files\Realtek
2013-07-07 17:27 - 2013-01-31 17:09 - 00000000 ___RD C:\Users\Standard\Desktop
2013-07-07 17:24 - 2013-07-07 17:24 - 00000000 ____D C:\Users\Standard\Downloads\LAN_Realtek_Win7_VER7616122012
2013-07-06 10:50 - 2013-07-06 10:50 - 00001214 _____ C:\Users\Standard\Desktop\Resonic MP3.lnk
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resonic Alpha
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Liqube
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Program Files\Liqube
2013-07-06 10:49 - 2013-07-06 10:49 - 03512775 _____ (Liqube) C:\Users\Standard\Downloads\ResonicAlphaSetup840.exe
2013-07-04 19:47 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\Documents\My Kindle Content
2013-07-04 19:40 - 2013-07-04 19:40 - 00002251 _____ C:\Users\Standard\Desktop\Kindle.lnk
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Local\Amazon
2013-07-04 19:21 - 2010-04-28 17:44 - 00000000 ____D C:\Users\Standard\Documents\Word 2003
2013-07-04 16:38 - 2013-07-10 19:25 - 00188176 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-07-04 16:37 - 2013-07-10 19:25 - 00094480 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00174864 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-07-04 16:37 - 2013-07-04 16:37 - 00115984 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00104720 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00084752 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2013-07-03 09:04 - 2010-04-26 21:11 - 00002358 ___SH C:\Windows\system32\KGyGaAvL.sys
2013-07-03 09:04 - 2010-04-26 21:11 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Corel
2013-07-01 07:47 - 2013-07-01 07:46 - 38103832 _____ (Amazon.com) C:\Users\Standard\Downloads\KindleForPC-installer.exe
2013-07-01 07:03 - 2011-10-22 16:24 - 00011664 _____ C:\Users\Standard\gsview32.ini
2013-06-30 12:07 - 2010-04-26 20:01 - 00000982 _____ C:\Users\Public\Desktop\IrfanView.lnk
2013-06-30 07:32 - 2013-02-09 17:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-29 20:02 - 2010-04-26 20:14 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-28 09:20 - 2010-04-28 07:58 - 00000000 ____D C:\Users\Standard\AppData\Roaming\SchnapperPlus
2013-06-27 09:22 - 2011-09-20 08:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 14:57 - 2013-06-25 14:57 - 00000214 _____ C:\Users\Standard\Documents\led_blink.aws
2013-06-25 14:57 - 2013-06-25 14:56 - 00001522 _____ C:\Users\Standard\Documents\LED_blink.asm
2013-06-25 14:56 - 2013-06-25 14:56 - 00002295 _____ C:\Users\Standard\Documents\LED_blink.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00002267 _____ C:\Users\Standard\Documents\test2.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00000318 _____ C:\Users\Standard\Documents\test2.aws
2013-06-25 14:37 - 2013-06-25 14:37 - 00000000 _____ C:\Users\Standard\Documents\test2.asm
2013-06-25 08:45 - 2013-06-25 08:45 - 00000345 _____ C:\Users\Standard\Documents\test1.aws
2013-06-25 08:44 - 2013-06-25 08:44 - 00002649 _____ C:\Users\Standard\Documents\test1.aps
2013-06-25 08:44 - 2013-06-25 08:44 - 00000000 _____ C:\Users\Standard\Documents\test1.asm
2013-06-24 11:35 - 2013-05-02 11:30 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-24 00:37 - 2013-01-31 18:25 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-20 10:22 - 2013-06-20 10:22 - 00001046 _____ C:\Users\Standard\Desktop\Cathy.exe.lnk
2013-06-20 10:22 - 2010-04-25 11:18 - 00000000 ___RD C:\GwkTools
2013-06-19 19:35 - 2013-06-19 19:35 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-19 19:35 - 2013-03-05 12:59 - 00000000 ____D C:\Program Files\Java
2013-06-18 10:21 - 2013-06-18 10:21 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-15 20:00 - 2013-06-15 19:58 - 00000000 ____D C:\Users\Standard\Downloads\StopWatch
2013-06-13 15:39 - 2013-06-13 15:39 - 00000000 ____D C:\Program Files\AviSynth 2.5
2013-06-13 15:35 - 2013-06-13 15:35 - 00001076 _____ C:\Users\Public\Desktop\SUPER ©.lnk
2013-06-13 15:34 - 2013-06-13 15:34 - 00000000 ____D C:\Program Files\eRightSoft
2013-06-13 15:28 - 2013-06-13 15:26 - 51636894 _____ (eRightSoft                                                  ) C:\Users\Standard\Downloads\SUPERsetup.exe
2013-06-13 15:21 - 2010-04-26 20:11 - 00000000 ____D C:\Users\Standard\AppData\Roaming\dvdcss
2013-06-13 15:07 - 2013-06-13 15:07 - 00000000 ____D C:\Users\Standard\AppData\Local\FreemakeVideoConverter
2013-06-13 15:07 - 2013-06-13 15:06 - 00000000 ____D C:\Users\Standard\Documents\Freemake
2013-06-13 15:07 - 2013-06-13 15:06 - 00000000 ____D C:\ProgramData\Freemake
2013-06-13 15:06 - 2013-06-13 15:06 - 00001288 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-06-13 15:06 - 2013-06-13 15:06 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-13 15:06 - 2013-06-13 15:06 - 00000000 ____D C:\Program Files\Freemake
2013-06-13 14:50 - 2013-06-13 14:45 - 00000000 ____D C:\Program Files\Aimersoft
2013-06-13 14:49 - 2013-06-13 14:49 - 00000000 ____D C:\ProgramData\xml_param
2013-06-13 14:49 - 2013-06-13 14:45 - 00000000 ____D C:\Users\Standard\Documents\Aimersoft DVD Ripper
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\Users\Standard\AppData\Local\Aimersoft
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\ProgramData\Aimersoft DVD Ripper
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\Program Files\Common Files\Aimersoft
2013-06-13 08:49 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 07:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 08:53

==================== End Of Log ============================
         
--- --- ---


und Additions.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-07-2013
Ran by Standard at 2013-07-13 11:57:35
Running from C:\Users\Standard\Downloads
Boot Mode: Normal
==========================================================

7-PDF Website Converter Version 1.0.5 (Build 127) (Version: 7-PDF Website Converter - Version 1.0.5 (Build 127))
7-Zip 9.20
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0)
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (Version: 7.1.0)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Creative Suite 2
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop Elements 11 (Version: 11.0)
Adobe Premiere Elements 11 (Version: 11.0)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Adobe SVG Viewer 3.0 (Version:  3.0)
Alcor Micro USB Card Reader (Version: 1.8.1217.36096)
Alltags-Adressen
Amazon Kindle
Ansoft Designer 2.2 SV
Any Video Converter 5.0.5
Ashampoo Burning Studio 2010 Advanced (Version: 9.2.4)
AtomicTime
Audacity 2.0
Audiograbber 1.83 SE  (Version: 1.83 SE )
Audiograbber Lame-MP3-Plugin (Version: 1.0)
Auslogics Disk Defrag (Version: 3.6)
Auslogics Duplicate File Finder (Version: 2.5)
Auslogics Registry Cleaner (Version: 2.5)
Avira Antivirus Premium (Version: 13.0.0.3737)
AVR Burn-O-Mat 2.1.2
AVR Jungo USB (Version: 10.2)
AVR Studio 4.19 (Version: 4.19.730)
BASCOM-8051 (Version: 2.0.15.0)
BASCOM-AVR (Version: 2.0.7.5)
BitTorrent (Version: 7.6.1)
Boot-US (Version: 3.0.2)
Canon i865
Canon LBP6000/LBP6018
CCleaner (Version: 4.02)
CDBurnerXP (Version: 4.5.0.3661)
Command Prompt Here PowerToy
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Compatibility Pack für 2007 Office System (Version: 12.0.6514.5001)
Corel Graphics Suite 11 (Version: 11)
Corel Paint Shop Pro Photo XI (Version: 11.20.0000)
Corel PaintShop Pro X4 (Version: 14.0.0.332)
Corel PaintShop Pro X4 (Version: 14.3.0.3)
Corel PaintShop Pro X4 Ultimate Bonus Pack
Corel PaintShop Pro X4 Ultimate Bonus Pack (Version: 1.00.0000)
CPUID CPU-Z 1.61
CrystalDiskInfo 5.0.0 (Version: 5.0.0)
CrystalDiskMark 3.0.2 (Version: 3.0.2)
DATA BECKER Graphic Works 10 (Version: 1.3.511.0)
Desktop Restore (Version: 1.6.3)
DriverAgent by eSupport.com
DU Meter (Version: 5.30)
EAGLE 5.11.0 (Version: 5.11.0)
EAGLE 6.4.0 (Version: 6.4.0)
EasyBCD 2.2 (Version: 2.2)
EleLa Version V1.2.12207 (Version: V1.2.12207)
Elements 11 Organizer (Version: 11.0)
EPSON Scan
EPU-6 Engine (Version: 1.02.04)
EVEREST Ultimate Edition v5.50 (Version: 5.50)
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
FinePrint
Foxit Reader (Version: 5.4.5.114)
Free Download Manager 3.9
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
Freemake Video Converter Version 4.0.1 (Version: 4.0.1)
FrontDesigner 3.0
Frontplatten Designer (Version: 4.1.4)
GALEP32 Version 1.19.99
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GPL Ghostscript (Version: 9.04)
GSview 5.0 (Version: 5.0)
Ham Radio Deluxe (Version: 1.4)
HD Tune Pro 5.00
HoverIP v1.0 beta (Version: 1.0 beta)
ICA (Version: 14.0.0.332)
Icon Restore 1.0
ImgBurn (Version: 2.5.5.0)
Inkscape 0.48.3.1 (Version: 0.48.3.1)
Intel(R) Rapid Storage Technology (Version: 11.1.0.1006)
IPM_PSP_COM (Version: 14.0.0.332)
IrfanView (remove only) (Version: 4.36)
IsoBuster 3.1 (Version: 3.1)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
JMicron JMB36X Driver (Version: 1.17.62.0)
KMLManager (Version: 1.0.0)
LibreOffice 4.0 Help Pack (German) (Version: 4.0.2.2)
LibreOffice 4.0.2.2 (Version: 4.0.2.2)
LochMaster 4.0 (Demo)
LTspice IV
Magical Jelly Bean KeyFinder (Version: 2.0.8.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
marvell 61xx (Version: 1.2.0.7100)
marvell 91xx driver (Version: 1.2.0.1014)
MediaInfo Lite 0.7.57 (Version: 0.7.57)
Meter (Version: 2.40)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 DEU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Visual Basic 2010 Express - DEU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
mini dB-Rechner 1.3.2
mini Ringkern-Rechner 1.2 (Version: 1.2)
MozBackup 1.5.1
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
Mp3 Renatager
Mp3tag v2.52 (Version: v2.52)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 11 (Version: 11.2.00600)
Nero 11 DiscSpeed (Version: 11.0.00400)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.2.18400.2.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10400)
Nero Backup Drivers (Version: 12.0.4000)
Nero Blu-ray Player (Version: 12.0.20012)
Nero Burning ROM 11 (Version: 11.2.10300.0.0)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero Cliparts (Version: 12.0.11500)
Nero ControlCenter (Version: 11.0.15500)
Nero ControlCenter Help (CHM) (Version: 12.0.5000)
Nero Core Components (Version: 11.0.19400)
Nero CoverDesigner 11 (Version: 6.0.11000.13.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Disc Menus Basic (Version: 12.0.11500)
Nero DiscSpeed 11 (Version: 7.0.10400.2.100)
Nero DiscSpeed 11 Help (CHM) (Version: 11.0.10000)
Nero Effects Basic (Version: 12.0.11500)
Nero Express 11 (Version: 11.2.10300.0.0)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Image Samples (Version: 12.0.11500)
Nero Kwik Media (Version: 1.18.19600)
Nero Kwik Media Help (CHM) (Version: 12.0.3000)
Nero Kwik Themes Basic (Version: 12.0.11500)
Nero PiP Effects Basic (Version: 12.0.11500)
Nero Recode 11 (Version: 5.2.11300.0.0)
Nero Recode 11 Help (CHM) (Version: 11.0.10600)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SharedVideoCodecs (Version: 1.0.12100.2.0)
Nero SoundTrax 11 (Version: 5.0.10700.6.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.11500.28.0)
Nero Video 11 (Version: 8.2.16000.4.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero Video Samples (Version: 12.0.11500)
Nero WaveEditor 11 (Version: 6.2.11300.0.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20010)
NewsBin Pro (Version: 5.57)
NewsBin Pro 4.3
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.3.1)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia PC Suite (Version: 7.1.180.94)
NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
ODF Add-In für Microsoft Office (Version: 4.0.5309.0)
Opera 12.01 (Version: 12.01.1532)
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
PC Connectivity Solution (Version: 12.0.27.0)
PDFCreator (Version: 1.7.0)
Picture Control Utility (Version: 1.4.3)
Ping Plotter
PingPlotter Pro 3.20.1p (Version: 3.20.1p)
PL-2303 USB-to-Serial (Version: 1.1.0)
Platform (Version: 1.34)
PRE11 STI Installer (Version: 11.0)
PSE11 STI Installer (Version: 11.0)
PSPPContent (Version: 14.0.0.332)
PSPPHelp (Version: 14.0.0.332)
Q-Dir
QuickPhrase 4.0.0.93 (Version: 4.0.0.93)
R Color Code
Realtek Ethernet Controller Driver (Version: 7.61.612.2012)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Recuva (Version: 1.42)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Resonic Alpha (Version: 0.5.840.0)
SchnapperPlus 1.8.60 (Version: 1.8.60)
Screenpresso (HKCU Version: 1.3.8.0)
SeaMonkey 2.14.1 (x86 de) (Version: 2.14.1)
Security Task Manager 1.8g (Version: 1.8g)
Setup (Version: 14.0.0.332)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Silicon Laboratories CP210x VCP Drivers for Windows 7 (Version: 5.40.24)
Skype™ 5.0 (Version: 5.0.152)
Speccy (Version: 1.20)
sPlan 7.0
Sprint-Layout 5.0
Sprint-Layout 6.0
StampPlot Version 3.8 (Version: 3.8.0)
StreamTransport version: 1.0.2.2171
Suite Specific (Version: 2.0.0)
SUNIX Multi IO Controller (Version: 8.0.0.0)
SUNIX Multi-IO Controller (Version: 7.2.0.0)
SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (Version: +Recorder.2013.55)
swMSM (Version: 12.0.0.1)
TagScanner 5.1 build 571
Target 3001! V15 discover (Version: )
TCJ My Stock DB v2 (Version: 2)
TechPowerUp GPU-Z
TEMP-SERVER CLIENT (Version: 1.0)
TextPad 5 (Version: 5.4.2)
ThumbsPlus (Version: 8.0)
ThumbsPlus 6.0
Total Commander (Remove or Repair) (Version: 8.01)
TubeData
TuneUp Utilities 2012 (Version: 12.0.3600.114)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.114)
TweakNow RegCleaner 2012 (Version: 7.2.1)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
USB AVR-Lab Tool 5.10 (Version: 5.10)
USB Multi-Channel Audio Device
USB/DVD-Downloadtool für Windows 7 (Version: 1.0.30)
USBprog 0.2.0 (Version: 0.2.0)
USB-WETTER-SERVER CLIENT (Version: 1.0)
Usenet.nl
VBA (2701.01) (Version: 6.03.00.9402)
VIA Plattform-Geräte-Manager (Version: 1.34)
ViewNX 2 (Version: 2.3.2)
Vista Shortcut Manager (Version: 2.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (Version: 4.0.8080.0)
VLC media player 2.0.7 (Version: 2.0.7)
WaveLab 6 (Version: 6.1.0.340)
Welcome App (Start-up experience) (Version: 11.0.23500.0.0)
Winamp (remove only)
WinAVR 20100110 (remove only) (Version: 20100110)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Mode (Version: 1.3.7600.16422)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
WinHTTrack Website Copier 3.44-1 (Version: 3.44.1)
WinNWT4 Version 4.11.08
WinRAR
WinZip 14.0 (Version: 14.0.8708)
ZL11.4 (Version: 1.00.0000)
Zotero Standalone 3.0.14 (x86 en-US) (Version: 3.0.14)
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2010-06-09 11:19 - 2011-09-07 18:49 - 00000832 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0491A223-63C9-4036-9347-5455A95C14DC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-07-04] (TuneUp Software)
Task: {2E655F28-B6E2-4270-A358-E81A4E1623BA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {337B2718-AC4D-4531-BBC2-0B7D5F173759} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: {57A29E9F-B610-4388-BF0B-AFBA02FD842B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {6E89FAC9-92AE-45C2-B2EC-AD4734618F12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03] (Google Inc.)
Task: {79B73834-A812-4307-A04B-CA0F0B0AA5E8} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2009-10-02] (ASUSTeK Computer Inc.)
Task: {8E4FAB42-33F2-466A-9B15-5AD4F80721DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03] (Google Inc.)
Task: {AA3B78DA-B6EB-46CB-A9B8-2EC53F81C242} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {B0EAD5BC-9079-4113-A6BE-A546C43F0B68} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {E9B4EB92-0D84-45C7-A110-CD897D466891} - System32\Tasks\{FDA2CEF9-1FA2-4D9F-9049-E33A681AF15B} => C:\Program Files\Skype\Phone\Skype.exe [2010-10-11] (Skype Technologies S.A.)
Task: {F41BB0BD-7237-40AC-8DB7-F1E615D1EFC1} - System32\Tasks\User_Feed_Synchronization-{F0EAC7B4-2CBD-4BEB-B335-E57A7AAC51FF} => C:\Windows\system32\msfeedssync.exe [2013-03-13] (Microsoft Corporation)
Task: {FE58C4D4-058C-4E77-B26A-87C89B06C6E0} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2013 10:08:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 10:07:31 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2013 10:07:31 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2013 10:07:31 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2013 10:07:31 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (07/13/2013 10:09:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/13/2013 10:09:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/13/2013 10:07:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/13/2013 10:07:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (07/13/2013 09:39:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/13/2013 09:39:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/13/2013 09:04:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/13/2013 09:04:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/13/2013 07:40:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/13/2013 07:40:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (07/13/2013 10:08:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 10:07:31 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2013 10:07:31 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2013 10:07:31 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2013 10:07:31 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (07/13/2013 10:07:30 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3582.05 MB
Available physical RAM: 2349.44 MB
Total Pagefile: 7162.38 MB
Available Pagefile: 5854.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.46 MB

==================== Drives ================================

Drive c: (Boot_C) (Fixed) (Total:488.28 GB) (Free:389.69 GB) NTFS
Drive d: (HD_D) (Fixed) (Total:443.13 GB) (Free:46.05 GB) NTFS
Drive e: (HD_E) (Fixed) (Total:915.75 GB) (Free:428.8 GB) NTFS
Drive f: (HD_F) (Fixed) (Total:947.26 GB) (Free:280.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9013A31C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 05C23984)
Partition 1: (Not Active) - (Size=916 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=947 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Vorerst vielen Dank,
gonde
__________________

Alt 13.07.2013, 12:24   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.07.2013, 12:46   #5
gonde
 
PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Vorerst vielen Dank,

hier kommt ComboFix.txt als Admin gestartet

Code:
ATTFilter
ComboFix 13-07-12.01 - Standard 13.07.2013  13:31:24.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.3582.2484 [GMT 2:00]
ausgeführt von:: c:\users\Standard\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quickphrase.exe.lnk
c:\users\Standard\AppData\Roaming\whitepixel
c:\windows\system32\c
c:\windows\system32\SETDCE7.tmp
c:\windows\system64
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-13 bis 2013-07-13  ))))))))))))))))))))))))))))))
.
.
2013-07-13 11:37 . 2013-07-13 11:37	--------	d-----w-	c:\users\Standard\AppData\Local\temp
2013-07-13 09:57 . 2013-07-13 09:57	--------	d-----w-	C:\FRST
2013-07-12 14:12 . 2013-07-12 14:12	167344	----a-w-	c:\windows\system32\mfevtps.exe.b8df.deleteme
2013-07-12 14:10 . 2013-07-12 14:10	--------	d-----w-	C:\Stinger_Quarantine
2013-07-12 14:10 . 2013-07-12 17:22	--------	d-----w-	c:\program files\stinger
2013-07-11 05:39 . 2013-07-11 05:41	--------	d-----w-	c:\windows\system32\MRT
2013-07-10 17:25 . 2013-07-04 14:38	188176	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2013-07-10 17:25 . 2013-07-04 14:37	94480	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2013-07-10 05:27 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\system32\DWrite.dll
2013-07-10 05:27 . 2013-06-05 03:05	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-07-10 05:27 . 2013-06-04 04:53	509440	----a-w-	c:\windows\system32\qedit.dll
2013-07-10 05:27 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-10 05:27 . 2013-04-10 05:04	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 05:27 . 2013-04-10 05:03	936448	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 05:27 . 2013-04-10 05:03	988672	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 05:27 . 2013-04-10 05:03	969216	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 05:27 . 2013-05-27 04:57	680960	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-10 05:27 . 2013-05-27 04:57	392704	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-10 05:27 . 2013-05-27 04:57	224768	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-06 08:50 . 2013-07-06 08:50	--------	d-----w-	c:\users\Standard\AppData\Roaming\Liqube
2013-07-06 08:50 . 2013-07-06 08:50	--------	d-----w-	c:\program files\Liqube
2013-07-04 17:40 . 2013-07-04 17:40	--------	d-----w-	c:\users\Standard\AppData\Local\Amazon
2013-07-04 14:37 . 2013-07-04 14:37	84752	----a-w-	c:\windows\system32\drivers\VBoxUSB.sys
2013-07-04 14:37 . 2013-07-04 14:37	115984	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2013-07-04 14:37 . 2013-07-04 14:37	104720	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2013-07-04 14:37 . 2013-07-04 14:37	174864	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2013-06-13 13:39 . 2013-06-13 13:39	--------	d-----w-	c:\program files\AviSynth 2.5
2013-06-13 13:34 . 2013-06-13 13:34	--------	d-----w-	c:\program files\eRightSoft
2013-06-13 13:07 . 2013-06-13 13:07	--------	d-----w-	c:\users\Standard\AppData\Local\FreemakeVideoConverter
2013-06-13 13:06 . 2013-06-13 13:07	--------	d-----w-	c:\programdata\Freemake
2013-06-13 13:06 . 2013-06-13 13:06	--------	d-----w-	c:\program files\Freemake
2013-06-13 12:49 . 2013-06-13 12:49	--------	d-----w-	c:\programdata\xml_param
2013-06-13 12:45 . 2013-06-13 12:45	--------	d-----w-	c:\users\Standard\AppData\Local\Aimersoft
2013-06-13 12:45 . 2013-06-13 12:45	--------	d-----w-	c:\program files\Common Files\Aimersoft
2013-06-13 12:45 . 2013-05-07 07:08	892928	----a-w-	c:\windows\system32\iconv.dll
2013-06-13 12:45 . 2013-05-07 07:08	675840	----a-w-	c:\windows\system32\ac3filter.ax
2013-06-13 12:45 . 2013-05-07 07:08	496640	----a-w-	c:\windows\system32\xvid.ax
2013-06-13 12:45 . 2013-06-13 12:45	--------	d-----w-	c:\programdata\Aimersoft DVD Ripper
2013-06-13 12:45 . 2013-06-13 12:50	--------	d-----w-	c:\program files\Aimersoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 15:33 . 2013-02-10 13:40	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-11 15:33 . 2013-02-10 13:40	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-24 09:35 . 2013-05-02 09:30	67168	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-12 19:48 . 2012-06-01 11:10	867240	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-12 19:48 . 2011-02-07 07:19	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-12 19:48 . 2013-04-17 06:04	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-06-08 05:43 . 2013-06-08 05:44	100	----a-w-	C:\t.bat
2013-05-15 15:42 . 2013-05-15 15:42	426	----a-w-	c:\users\Standard\AppData\Local\TemptexxasCatg.tmp
2013-05-13 04:45 . 2013-06-12 05:00	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 05:00	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 05:00	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 05:00	903168	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 05:00	43008	----a-w-	c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-12 05:00	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 05:00	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 05:00	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 05:00	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-26 04:55 . 2013-06-12 05:00	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-12 05:00	1505280	----a-w-	c:\windows\system32\d3d11.dll
2013-04-17 07:02 . 2013-06-12 05:00	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2010-10-15 15:30 . 2013-04-14 07:55	304584	----a-w-	c:\program files\Common Files\delete.exe
2008-07-31 11:00 . 2010-04-28 07:33	2136576	----a-w-	c:\program files\frontdesigner30.exe
2009-09-27 07:39	369152	--sh--w-	c:\windows\System32\avisynth.dll
2005-07-14 10:31	32256	--sh--w-	c:\windows\System32\AVSredirect.dll
2004-02-22 08:11	719872	--sh--w-	c:\windows\System32\devil.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\System32\i420vfw.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
2012-10-05 18:54	188416	--sha-r-	c:\windows\System32\winDCE32.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\System32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-30 16:55	280736	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2012-02-16 1946352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-06-24 345144]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2010-10-15 226784]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2013-2-10 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"NoHotStart"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-06-16 15:43	499608	----a-w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBuninst]
2010-10-15 15:30	304584	----a-w-	c:\program files\Common Files\delete.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2012-10-25 16:26	4045432	----a-r-	c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2010-09-07 15:40	43608	----a-w-	c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryDefrag Success Message]
2012-07-04 09:47	111456	----a-w-	c:\program files\TuneUp Utilities 2012\TUMessages.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45	313472	----a-r-	c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
.
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2011-11-04 39696]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2013-03-23 23456]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [2012-02-16 19832]
R3 hcdriver;Intel EHCI Compliance Test Tool Device Driver;c:\windows\system32\Drivers\hcdriver.sys [2011-01-10 50688]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-05-28 35776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [2012-07-30 132608]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-01-27 47176]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-07-21 58112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2009-06-11 1516544]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2013-07-04 84752]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-31 1343400]
R4 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
R4 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2010-10-28 189776]
R4 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-06-13 101888]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-10-22 27768]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2012-01-19 276784]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 12464]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-25 37352]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-07-04 188176]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-07-04 94480]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2013-06-24 371768]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-06-24 84024]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-06-24 589368]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2012-02-16 1110480]
S2 glpntdrv;glpntdrv;c:\windows\system32\drivers\glpntdrv.sys [1998-11-25 13728]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2012-11-20 11936]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-07-04 1528672]
S2 USBDLM;USBDLM;c:\gwktools\USBDLM\USBDLM.exe [2012-01-15 337888]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 63872]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 141952]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 182304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-13 552080]
S3 SNXPCARD;SUNIX Multi-I/O Card Driver;c:\windows\system32\DRIVERS\snxpcard.sys [2012-06-21 48224]
S3 SNXPPALX;SUNIX Parallel Port Driver;c:\windows\system32\DRIVERS\snxppalx.sys [2012-06-21 85088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-05-03 10064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-07-04 104720]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-07-04 115984]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-10-22 1841272]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 15:33]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 17:42]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 17:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: An SchnapperPlus senden - c:\program files\SchnapperPlus\SchnapperPlusMenu.js
IE: An vorhandene PDF-Datei anfügen
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\
FF - prefs.js: browser.startup.homepage - file:///C:/Program%20Files/Mozilla%20Firefox/bookmarks.html
FF - ExtSQL: 2013-05-21 10:23; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2013-07-01 07:14; {81328583-3CA7-4809-B4BA-570A85818FBB}; c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\extensions\{81328583-3CA7-4809-B4BA-570A85818FBB}.xpi
FF - ExtSQL: 2013-07-05 09:57; scrapbookplus@addons.mozilla.org; c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\extensions\scrapbookplus@addons.mozilla.org.xpi
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-WS_FTP Pro - c:\program files\WS_FTP Pro\uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="D17451FC41AD58FDF38B9BEEFAC003D3DB539326D2CAA63D679F7BA83C47D2FA6D2DE36A8374DE5831BD650C6E74043EADB8B0BE2DFBD7D4AF67692799110EB8BC35D35F4A560F384A0CCB7AF0EB5C2C49391AA489DE4255FB5F0A49DFA5DED1A0035A50D8B0F59DE620F4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CC038D530D6EB3452BA7FD869164D67943A4971B16A96FDFC3DE0276A27CA4C4D9581BD6773857AFBEBACB0A503B03248D3B9503B8E3DE22902A4CBAA53135A901CAF5288AA616EED0E53407228B1AA1178FB5F4FCED220D5A82232E5D2913521A3A057C1E8BE1229446CF1662F8D10185C952FD499B2C573FC90CCDF7A661DDCB2DF40520D25761AEA7CDC5D1E4F63F4D81C97E5BF8B67E7703E551184045695F211C72FD8EAB29E0899D96AE2542C34E73C345074E01D0A170DC7A30EB32992B0696980733DE08A3F6F8753C9CEF4D4A9B8E498CE0982A8ABF1E2789811630D5F356824E69C9CA4DE3CC98F8843CC4C62E3CA734EADB68588F5ABA1090CD5B29551C72921DE8928D2D5C4CE368CC5817BA5CECBD1CF5C53B0B56B67A9E7D3260B30525575ABCC433021E271CC59F650FD7B1B419CBF9DBCC864AB44283DB67D2058159F9A010F9AAC9AD28EAD29FA0A1CF49F25D826A45E1845BEE914F5DBC1D3E3DFB6A9AEFDC3A351076D1B52707128B58E7E92FB22C98DB2B83AE353A2F2CE0249F82159CC4A14E8B40DBC01F93F1CF7DF86B912C6833998F1CCF1E8EF0159F2A97CE4FA302C9F18D59D9DAFBD9F1206CE2E23894E8450FA056EF99EACD2620E9E09BA5F61DE1029AA86AD33E632CA41D996865AF1392B6C521D9E3046C2FA3E889A4BA71F474DFCB260C0AEA48A291E459601CEF004C697FE0D652C2C9ED9818D62A748A9C1678636F80D9CA832352496B89306913945397326B5F7D3A7D76A9645C00A489C914D3E512E4C29A21CF01A3BA072982269A35A835FCA3594739D505CEC0AC39A226C981F245D62CE2D32DD10F15AD37A1D3BA5F31331CD10CE57ACF16639E9F2159158CBD24892985DAEB65FB45910756E78877BE5891E37AFE4DF884C5C0B518703D3757FD37B59423D3B82F6DD25370C69F9D2D008A99C7FA863D3218AFED3BD9524EC589F645C984BC587AFAA67D7CB30B76432B5F9454D1874BC4BB29E0E9EB5A8386A1C97E1C0D8753335D6B26528814350CA6C9B2DC93F94DE1516C687356202112B11641E3FF8AF79C54C68613C26DC68415D20BFCA3B080C2C465A3AAEAD97E270969D393AD4188680CB6BBEC87B10379C8B9A61CB3E59C823AF3F9560C09253761B194E7E291D376AE5A26834F2A7F4CBCE25E6688FD4CC700D5DFBBF576234DA60B06E7DC5EAA06B"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-13  13:39:31
ComboFix-quarantined-files.txt  2013-07-13 11:39
.
Vor Suchlauf: 19 Verzeichnis(se), 418.026.127.360 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 418.087.649.280 Bytes frei
.
- - End Of File - - 3C5FFE0435AB7ACC07EF87BF4E81E6B1
A36C5E4F47E84449FF07ED3517B43A31
         
Schöne Grüße,
gonde


Alt 13.07.2013, 15:14   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden

Alt 13.07.2013, 16:20   #7
gonde
 
PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



So, nun die neuen Logs:
Zuerst die AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:20:09 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Standard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gefunden : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\searchplugins\Web Search.xml
Datei Gefunden : C:\Windows\system32\roboot.exe
Ordner Gefunden : C:\Program Files\optimizer pro
Ordner Gefunden : C:\Users\Standard\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\jetpack
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\videosaver
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKU\S-1-5-21-3295761997-2644885772-2406610304-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=0fc19f6f-25b3-434c-a122-a869b70aea4c&searchtype=ds&q={searchTerms}&installDate={installDate}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=AT&userid=75bfa797-4670-495a-9c80-40a02cc290f4&searchtype=ds&q={searchTerms}&installDate=09/05/2013

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

Gefunden : user_pref("extensions.helperbar.Country", "Austria");
Gefunden : user_pref("extensions.helperbar.DockingPositionDown", false);
Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gefunden : user_pref("extensions.helperbar.UserID", "75bfa797-4670-495a-9c80-40a02cc290f4");
Gefunden : user_pref("extensions.helperbar.Visibility", true);

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9848 octets] - [13/07/2013 16:20:09]

########## EOF - C:\AdwCleaner[R3].txt - [9908 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:20:09 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Standard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gefunden : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\searchplugins\Web Search.xml
Datei Gefunden : C:\Windows\system32\roboot.exe
Ordner Gefunden : C:\Program Files\optimizer pro
Ordner Gefunden : C:\Users\Standard\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\jetpack
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\videosaver
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKU\S-1-5-21-3295761997-2644885772-2406610304-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=0fc19f6f-25b3-434c-a122-a869b70aea4c&searchtype=ds&q={searchTerms}&installDate={installDate}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=AT&userid=75bfa797-4670-495a-9c80-40a02cc290f4&searchtype=ds&q={searchTerms}&installDate=09/05/2013

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

Gefunden : user_pref("extensions.helperbar.Country", "Austria");
Gefunden : user_pref("extensions.helperbar.DockingPositionDown", false);
Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gefunden : user_pref("extensions.helperbar.UserID", "75bfa797-4670-495a-9c80-40a02cc290f4");
Gefunden : user_pref("extensions.helperbar.Visibility", true);

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9848 octets] - [13/07/2013 16:20:09]

########## EOF - C:\AdwCleaner[R3].txt - [9908 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:28:10 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9977 octets] - [13/07/2013 16:20:09]
AdwCleaner[S3].txt - [10065 octets] - [13/07/2013 16:22:25]
AdwCleaner[S4].txt - [995 octets] - [13/07/2013 16:28:10]

########## EOF - C:\AdwCleaner[S4].txt - [1054 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:30:44 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9977 octets] - [13/07/2013 16:20:09]
AdwCleaner[S3].txt - [10065 octets] - [13/07/2013 16:22:25]
AdwCleaner[S4].txt - [1123 octets] - [13/07/2013 16:28:10]
AdwCleaner[S5].txt - [1055 octets] - [13/07/2013 16:30:44]

########## EOF - C:\AdwCleaner[S5].txt - [1115 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:33:16 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9977 octets] - [13/07/2013 16:20:09]
AdwCleaner[S3].txt - [10065 octets] - [13/07/2013 16:22:25]
AdwCleaner[S4].txt - [1123 octets] - [13/07/2013 16:28:10]
AdwCleaner[S5].txt - [1184 octets] - [13/07/2013 16:30:44]
AdwCleaner[S6].txt - [1115 octets] - [13/07/2013 16:33:16]

########## EOF - C:\AdwCleaner[S6].txt - [1175 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:35:19 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9977 octets] - [13/07/2013 16:20:09]
AdwCleaner[S3].txt - [10065 octets] - [13/07/2013 16:22:25]
AdwCleaner[S4].txt - [1123 octets] - [13/07/2013 16:28:10]
AdwCleaner[S5].txt - [1184 octets] - [13/07/2013 16:30:44]
AdwCleaner[S6].txt - [1244 octets] - [13/07/2013 16:33:16]
AdwCleaner[S7].txt - [1175 octets] - [13/07/2013 16:35:19]

########## EOF - C:\AdwCleaner[S7].txt - [1235 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:45:50 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9977 octets] - [13/07/2013 16:20:09]
AdwCleaner[S3].txt - [10065 octets] - [13/07/2013 16:22:25]
AdwCleaner[S4].txt - [1123 octets] - [13/07/2013 16:28:10]
AdwCleaner[S5].txt - [1184 octets] - [13/07/2013 16:30:44]
AdwCleaner[S6].txt - [1244 octets] - [13/07/2013 16:33:16]
AdwCleaner[S7].txt - [1304 octets] - [13/07/2013 16:35:19]
AdwCleaner[S8].txt - [1235 octets] - [13/07/2013 16:45:50]

########## EOF - C:\AdwCleaner[S8].txt - [1295 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:48:56 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9977 octets] - [13/07/2013 16:20:09]
AdwCleaner[S3].txt - [10065 octets] - [13/07/2013 16:22:25]
AdwCleaner[S4].txt - [1123 octets] - [13/07/2013 16:28:10]
AdwCleaner[S5].txt - [1184 octets] - [13/07/2013 16:30:44]
AdwCleaner[S6].txt - [1244 octets] - [13/07/2013 16:33:16]
AdwCleaner[S7].txt - [1304 octets] - [13/07/2013 16:35:19]
AdwCleaner[S8].txt - [1364 octets] - [13/07/2013 16:45:50]
AdwCleaner[S9].txt - [1295 octets] - [13/07/2013 16:48:56]

########## EOF - C:\AdwCleaner[S9].txt - [1355 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:50:49 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9977 octets] - [13/07/2013 16:20:09]
AdwCleaner[S10].txt - [934 octets] - [13/07/2013 16:50:49]
AdwCleaner[S3].txt - [10065 octets] - [13/07/2013 16:22:25]
AdwCleaner[S4].txt - [1123 octets] - [13/07/2013 16:28:10]
AdwCleaner[S5].txt - [1184 octets] - [13/07/2013 16:30:44]
AdwCleaner[S6].txt - [1244 octets] - [13/07/2013 16:33:16]
AdwCleaner[S7].txt - [1304 octets] - [13/07/2013 16:35:19]
AdwCleaner[S8].txt - [1364 octets] - [13/07/2013 16:45:50]
AdwCleaner[S9].txt - [1424 octets] - [13/07/2013 16:48:56]

########## EOF - C:\AdwCleaner[S10].txt - [1415 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 13/07/2013 um 16:52:47 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Standard - PC-I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standard\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\Standard\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [9977 octets] - [13/07/2013 16:20:09]
AdwCleaner[S10].txt - [1485 octets] - [13/07/2013 16:50:49]
AdwCleaner[S11].txt - [995 octets] - [13/07/2013 16:52:47]
AdwCleaner[S3].txt - [10065 octets] - [13/07/2013 16:22:25]
AdwCleaner[S4].txt - [1123 octets] - [13/07/2013 16:28:10]
AdwCleaner[S5].txt - [1184 octets] - [13/07/2013 16:30:44]
AdwCleaner[S6].txt - [1244 octets] - [13/07/2013 16:33:16]
AdwCleaner[S7].txt - [1304 octets] - [13/07/2013 16:35:19]
AdwCleaner[S8].txt - [1364 octets] - [13/07/2013 16:45:50]
AdwCleaner[S9].txt - [1424 octets] - [13/07/2013 16:48:56]

########## EOF - C:\AdwCleaner[S11].txt - [1476 octets] ##########
         
jetzt JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Professional x64
Ran by Standard on 13.07.2013 at 16:56:41,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Standard\AppData\Roaming\systweak"



~~~ FireFox

Emptied folder: C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\minidumps [95 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2013 at 16:58:27,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und das frische FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2013 01
Ran by Standard (administrator) on 13-07-2013 17:07:52
Running from C:\Users\Standard\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeterSvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Uwe Sieber - www.uwe-sieber.de) C:\GwkTools\USBDLM\USBDLM.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Six Engine\SixEngine.exe
(Uwe Sieber - www.uwe-sieber.de) C:\GwkTools\USBDLM\USBDLM_usr.exe
(Uwe Sieber - www.uwe-sieber.de) C:\GwkTools\USBDLM\USBDLM_usr.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNABCSWK.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
(Hagel Technologies Ltd.) C:\PROGRA~1\DUMETE~1\DUMeter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Farbar) C:\Users\Standard\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [CNAP2 Launcher] - C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM\...\Run: [NUSB3MON] - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 7.0] - "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [DU Meter] - "C:\Program Files\DU Meter\DUMeter.exe" /autostart [1946352 2012-02-16] (Hagel Technologies Ltd.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value - 
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Standard\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Standard\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [371768 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-24] (Avira Operations GmbH & Co. KG)
S4 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1110480 2012-02-16] (Hagel Technologies Ltd.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-07-04] (TuneUp Software)
R2 USBDLM; C:\GwkTools\USBDLM\USBDLM.exe [337888 2012-01-15] (Uwe Sieber - www.uwe-sieber.de)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-25] (Avira Operations GmbH & Co. KG)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2013-03-23] (Phoenix Technologies)
S3 DUMeterDrv; C:\Program Files\DU Meter\DUMETR32.SYS [19832 2012-02-16] (Hagel Technologies Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
S4 giveio; C:\Windows\giveio.sys [5248 2011-09-15] ()
R2 glpntdrv; C:\Windows\system32\drivers\glpntdrv.sys [13728 1998-11-25] ()
S3 hcdriver; C:\Windows\System32\Drivers\hcdriver.sys [50688 2011-01-10] (Intel Corporation)
R1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2012-11-20] (Logix4u)
R2 inpout32; C:\Windows\System32\Drivers\inpout32.sys [11936 2012-11-20] (Highresolution Enterprises [www.highrez.co.uk])
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [103000 2010-11-25] (JMicron Technology Corp.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2011-05-28] (hxxp://libusb-win32.sourceforge.net)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R0 mv91xx; C:\Windows\System32\drivers\mv91xx.sys [276784 2012-01-19] (Marvell Semiconductor, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [63872 2011-02-10] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141952 2011-02-10] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-30] (Prolific Technology Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-21] (Silicon Laboratories)
R3 SNXPCARD; C:\Windows\System32\DRIVERS\snxpcard.sys [48224 2012-06-21] (SUNIX Co., Ltd.)
R3 SNXPPALX; C:\Windows\System32\DRIVERS\snxppalx.sys [85088 2012-06-21] (SUNIX Co., Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-03] (TuneUp Software)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516544 2009-06-11] (C-Media Electronics Inc)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-23] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)
S3 catchme; \??\C:\Users\Standard\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 17:07 - 2013-07-13 17:07 - 01218190 _____ (Farbar) C:\Users\Standard\Downloads\FRST(1).exe
2013-07-13 16:58 - 2013-07-13 16:58 - 00001188 _____ C:\Users\Standard\Desktop\JRT.txt
2013-07-13 16:56 - 2013-07-13 17:02 - 00007219 _____ C:\Windows\WindowsUpdate.log
2013-07-13 16:56 - 2013-07-13 16:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 16:52 - 2013-07-13 16:53 - 00001546 _____ C:\AdwCleaner[S11].txt
2013-07-13 16:50 - 2013-07-13 17:03 - 00010888 _____ C:\Windows\setupact.log
2013-07-13 16:50 - 2013-07-13 16:51 - 00001485 _____ C:\AdwCleaner[S10].txt
2013-07-13 16:50 - 2013-07-13 16:50 - 00000000 _____ C:\Windows\setuperr.log
2013-07-13 16:48 - 2013-07-13 16:49 - 00001424 _____ C:\AdwCleaner[S9].txt
2013-07-13 16:45 - 2013-07-13 16:46 - 00001364 _____ C:\AdwCleaner[S8].txt
2013-07-13 16:35 - 2013-07-13 16:35 - 00001304 _____ C:\AdwCleaner[S7].txt
2013-07-13 16:33 - 2013-07-13 16:33 - 00001244 _____ C:\AdwCleaner[S6].txt
2013-07-13 16:30 - 2013-07-13 16:31 - 00001184 _____ C:\AdwCleaner[S5].txt
2013-07-13 16:28 - 2013-07-13 16:28 - 00001123 _____ C:\AdwCleaner[S4].txt
2013-07-13 16:22 - 2013-07-13 16:22 - 00010065 _____ C:\AdwCleaner[S3].txt
2013-07-13 16:20 - 2013-07-13 16:20 - 00009977 _____ C:\AdwCleaner[R3].txt
2013-07-13 16:19 - 2013-07-13 16:19 - 00662345 _____ C:\Users\Standard\Downloads\adwcleaner.exe
2013-07-13 16:17 - 2013-07-13 16:17 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Standard\Downloads\JRT.exe
2013-07-13 13:39 - 2013-07-13 13:39 - 00022433 _____ C:\Users\Standard\Downloads\ComboFix.txt
2013-07-13 13:30 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-13 13:30 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-13 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-13 13:29 - 2013-07-13 13:39 - 00000000 ____D C:\Qoobox
2013-07-13 13:29 - 2013-07-13 13:38 - 00000000 ____D C:\Windows\erdnt
2013-07-13 13:28 - 2013-07-13 13:28 - 05088739 ____R (Swearware) C:\Users\Standard\Downloads\ComboFix.exe
2013-07-13 12:19 - 2013-07-13 12:19 - 00000250 _____ C:\Users\Standard\Downloads\defogger_enable.log
2013-07-13 11:57 - 2013-07-13 11:57 - 00025552 _____ C:\Users\Standard\Downloads\Addition.txt
2013-07-13 11:57 - 2013-07-13 11:57 - 00000000 ____D C:\FRST
2013-07-13 11:55 - 2013-07-13 11:55 - 01218386 _____ (Farbar) C:\Users\Standard\Downloads\FRST.exe
2013-07-13 09:35 - 2013-07-13 09:35 - 00010114 _____ C:\Users\Standard\Downloads\Gmer.log
2013-07-13 09:02 - 2013-07-13 09:02 - 00000478 _____ C:\Users\Standard\Downloads\defogger_disable.log
2013-07-13 08:48 - 2013-07-13 08:56 - 00131176 _____ C:\Users\Standard\Downloads\OTL.Txt
2013-07-13 08:40 - 2013-07-13 08:40 - 00377856 _____ C:\Users\Standard\Downloads\gmer_2.1.19163.exe
2013-07-13 08:39 - 2013-07-13 08:39 - 00602112 _____ (OldTimer Tools) C:\Users\Standard\Downloads\OTL.exe
2013-07-13 08:39 - 2013-07-13 08:39 - 00050477 _____ C:\Users\Standard\Downloads\Defogger.exe
2013-07-12 16:12 - 2013-07-12 16:12 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.b8df.deleteme
2013-07-12 16:10 - 2013-07-12 19:22 - 00000000 ____D C:\Program Files\stinger
2013-07-12 16:10 - 2013-07-12 16:10 - 00000000 ____D C:\Stinger_Quarantine
2013-07-12 12:09 - 2013-07-12 19:25 - 00000000 ____D C:\Windows\Minidump
2013-07-11 07:39 - 2013-07-11 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 20:10 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 20:10 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 20:10 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 20:10 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 19:25 - 2013-07-10 19:25 - 00001082 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2013-07-10 19:25 - 2013-07-04 16:38 - 00188176 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-07-10 19:25 - 2013-07-04 16:37 - 00094480 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-07-10 07:27 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 07:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 07:27 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 07:27 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 08:35 - 2013-07-09 08:35 - 00000000 ____D C:\Users\Standard\Downloads\tool_myAVR-ProgTool-V139-b2236_en_de
2013-07-07 17:24 - 2013-07-07 17:24 - 00000000 ____D C:\Users\Standard\Downloads\LAN_Realtek_Win7_VER7616122012
2013-07-06 10:50 - 2013-07-06 10:50 - 00001214 _____ C:\Users\Standard\Desktop\Resonic MP3.lnk
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resonic Alpha
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Liqube
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Program Files\Liqube
2013-07-06 10:49 - 2013-07-06 10:49 - 03512775 _____ (Liqube) C:\Users\Standard\Downloads\ResonicAlphaSetup840.exe
2013-07-04 19:40 - 2013-07-04 19:47 - 00000000 ____D C:\Users\Standard\Documents\My Kindle Content
2013-07-04 19:40 - 2013-07-04 19:40 - 00002251 _____ C:\Users\Standard\Desktop\Kindle.lnk
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Local\Amazon
2013-07-04 16:37 - 2013-07-04 16:37 - 00174864 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-07-04 16:37 - 2013-07-04 16:37 - 00115984 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00104720 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00084752 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2013-07-01 07:46 - 2013-07-01 07:47 - 38103832 _____ (Amazon.com) C:\Users\Standard\Downloads\KindleForPC-installer.exe
2013-06-25 14:57 - 2013-06-25 14:57 - 00000214 _____ C:\Users\Standard\Documents\led_blink.aws
2013-06-25 14:56 - 2013-06-25 14:57 - 00001522 _____ C:\Users\Standard\Documents\LED_blink.asm
2013-06-25 14:56 - 2013-06-25 14:56 - 00002295 _____ C:\Users\Standard\Documents\LED_blink.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00002267 _____ C:\Users\Standard\Documents\test2.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00000318 _____ C:\Users\Standard\Documents\test2.aws
2013-06-25 14:37 - 2013-06-25 14:37 - 00000000 _____ C:\Users\Standard\Documents\test2.asm
2013-06-25 08:45 - 2013-06-25 08:45 - 00000345 _____ C:\Users\Standard\Documents\test1.aws
2013-06-25 08:44 - 2013-06-25 08:44 - 00002649 _____ C:\Users\Standard\Documents\test1.aps
2013-06-25 08:44 - 2013-06-25 08:44 - 00000000 _____ C:\Users\Standard\Documents\test1.asm
2013-06-20 10:22 - 2013-06-20 10:22 - 00001046 _____ C:\Users\Standard\Desktop\Cathy.exe.lnk
2013-06-19 19:35 - 2013-06-19 19:35 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-19 19:35 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-18 10:21 - 2013-06-18 10:21 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-15 19:58 - 2013-06-15 20:00 - 00000000 ____D C:\Users\Standard\Downloads\StopWatch
2013-06-13 15:39 - 2013-06-13 15:39 - 00000000 ____D C:\Program Files\AviSynth 2.5
2013-06-13 15:35 - 2013-06-13 15:35 - 00001076 _____ C:\Users\Public\Desktop\SUPER ©.lnk
2013-06-13 15:35 - 2012-10-05 20:54 - 00188416 __RSH C:\Windows\system32\winDCE32.dll
2013-06-13 15:35 - 2011-06-14 20:05 - 00121344 __RSH C:\Windows\system32\TAKDSDecoder.ax
2013-06-13 15:35 - 2010-01-07 00:00 - 00107520 __RSH C:\Windows\system32\TAKDSDecoder.dll
2013-06-13 15:35 - 2009-03-17 11:38 - 00070656 __RSH C:\Windows\system32\RLAPEDec.ax
2013-06-13 15:35 - 2009-01-18 18:15 - 00120832 __RSH C:\Windows\system32\MPCDx.ax
2013-06-13 15:35 - 2009-01-18 13:03 - 00107520 __RSH C:\Windows\system32\RLMPCDec.ax
2013-06-13 15:35 - 2008-03-16 15:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:\Windows\system32\nbDX.dll
2013-06-13 15:35 - 2007-02-21 13:47 - 00031232 __RSH (Hans Mayerl) C:\Windows\system32\msfDX.dll
2013-06-13 15:35 - 2006-09-12 13:46 - 00227328 __RSH () C:\Windows\system32\ac3DX.ax
2013-06-13 15:35 - 2006-08-16 16:53 - 00175104 __RSH () C:\Windows\system32\CoreAAC.ax
2013-06-13 15:35 - 2006-05-03 12:06 - 00163328 __RSH (Gabest) C:\Windows\system32\flvDX.dll
2013-06-13 15:35 - 2006-03-10 00:00 - 00195584 __RSH C:\Windows\system32\MatroskaDX.ax
2013-06-13 15:35 - 2006-01-13 01:23 - 00123904 __RSH (CoreCodec) C:\Windows\system32\AVCDX.ax
2013-06-13 15:35 - 2005-11-25 22:46 - 00161792 __RSH (Gabest) C:\Windows\system32\RealMediaDX.ax
2013-06-13 15:35 - 2005-02-22 18:55 - 00081920 __RSH C:\Windows\system32\aac_parser.ax
2013-06-13 15:35 - 2005-02-13 01:00 - 00186880 __RSH (RadLight) C:\Windows\system32\RLOgg.ax
2013-06-13 15:35 - 2005-02-13 01:00 - 00067584 __RSH (RadLight, LLC) C:\Windows\system32\RLTheoraDec.ax
2013-06-13 15:35 - 2005-02-13 01:00 - 00051712 __RSH C:\Windows\system32\RLSpeexDec.ax
2013-06-13 15:35 - 2005-02-06 01:00 - 00092672 __RSH (RadLight) C:\Windows\system32\RLVorbisDec.ax
2013-06-13 15:35 - 2005-01-18 01:26 - 00179200 __RSH (Gabest) C:\Windows\system32\DiracSplitter.ax
2013-06-13 15:35 - 2004-10-10 10:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\system32\pncrt.dll
2013-06-13 15:35 - 2004-09-17 05:07 - 00090112 __RSH (-) C:\Windows\system32\TTADSSplitter.ax
2013-06-13 15:35 - 2004-08-22 12:56 - 00090112 __RSH (-) C:\Windows\system32\TTADSDecoder.ax
2013-06-13 15:35 - 2003-12-07 09:59 - 00097280 __RSH C:\Windows\system32\FLACDX.ax
2013-06-13 15:34 - 2013-06-13 15:34 - 00000000 ____D C:\Program Files\eRightSoft
2013-06-13 15:26 - 2013-06-13 15:28 - 51636894 _____ (eRightSoft                                                  ) C:\Users\Standard\Downloads\SUPERsetup.exe
2013-06-13 15:07 - 2013-06-13 15:07 - 00000000 ____D C:\Users\Standard\AppData\Local\FreemakeVideoConverter
2013-06-13 15:06 - 2013-06-13 15:07 - 00000000 ____D C:\Users\Standard\Documents\Freemake
2013-06-13 15:06 - 2013-06-13 15:07 - 00000000 ____D C:\ProgramData\Freemake
2013-06-13 15:06 - 2013-06-13 15:06 - 00001288 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-06-13 15:06 - 2013-06-13 15:06 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-13 15:06 - 2013-06-13 15:06 - 00000000 ____D C:\Program Files\Freemake
2013-06-13 14:49 - 2013-06-13 14:49 - 00000000 ____D C:\ProgramData\xml_param
2013-06-13 14:45 - 2013-06-13 14:50 - 00000000 ____D C:\Program Files\Aimersoft
2013-06-13 14:45 - 2013-06-13 14:49 - 00000000 ____D C:\Users\Standard\Documents\Aimersoft DVD Ripper
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\Users\Standard\AppData\Local\Aimersoft
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\ProgramData\Aimersoft DVD Ripper
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\Program Files\Common Files\Aimersoft
2013-06-13 14:45 - 2013-05-07 09:08 - 00892928 _____ (Free Software Foundation) C:\Windows\system32\iconv.dll
2013-06-13 14:45 - 2013-05-07 09:08 - 00675840 _____ () C:\Windows\system32\ac3filter.ax
2013-06-13 14:45 - 2013-05-07 09:08 - 00496640 _____ C:\Windows\system32\xvid.ax

==================== One Month Modified Files and Folders =======

2013-07-13 17:07 - 2013-07-13 17:07 - 01218190 _____ (Farbar) C:\Users\Standard\Downloads\FRST(1).exe
2013-07-13 17:07 - 2013-07-13 16:56 - 00007219 _____ C:\Windows\WindowsUpdate.log
2013-07-13 17:03 - 2013-07-13 16:50 - 00010888 _____ C:\Windows\setupact.log
2013-07-13 17:03 - 2013-02-06 14:05 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 17:03 - 2013-01-31 17:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-13 17:03 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 17:01 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 17:01 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 16:58 - 2013-07-13 16:58 - 00001188 _____ C:\Users\Standard\Desktop\JRT.txt
2013-07-13 16:58 - 2013-01-31 17:09 - 00000000 ___RD C:\Users\Standard\Desktop
2013-07-13 16:56 - 2013-07-13 16:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 16:53 - 2013-07-13 16:52 - 00001546 _____ C:\AdwCleaner[S11].txt
2013-07-13 16:51 - 2013-07-13 16:50 - 00001485 _____ C:\AdwCleaner[S10].txt
2013-07-13 16:50 - 2013-07-13 16:50 - 00000000 _____ C:\Windows\setuperr.log
2013-07-13 16:49 - 2013-07-13 16:48 - 00001424 _____ C:\AdwCleaner[S9].txt
2013-07-13 16:46 - 2013-07-13 16:45 - 00001364 _____ C:\AdwCleaner[S8].txt
2013-07-13 16:42 - 2010-05-06 12:22 - 00000000 ___RD C:\Users\Standard\Documents\Usenet.nl
2013-07-13 16:42 - 2010-05-06 12:22 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Usenet.nl
2013-07-13 16:35 - 2013-07-13 16:35 - 00001304 _____ C:\AdwCleaner[S7].txt
2013-07-13 16:33 - 2013-07-13 16:33 - 00001244 _____ C:\AdwCleaner[S6].txt
2013-07-13 16:31 - 2013-07-13 16:30 - 00001184 _____ C:\AdwCleaner[S5].txt
2013-07-13 16:28 - 2013-07-13 16:28 - 00001123 _____ C:\AdwCleaner[S4].txt
2013-07-13 16:22 - 2013-07-13 16:22 - 00010065 _____ C:\AdwCleaner[S3].txt
2013-07-13 16:20 - 2013-07-13 16:20 - 00009977 _____ C:\AdwCleaner[R3].txt
2013-07-13 16:19 - 2013-07-13 16:19 - 00662345 _____ C:\Users\Standard\Downloads\adwcleaner.exe
2013-07-13 16:17 - 2013-07-13 16:17 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Standard\Downloads\JRT.exe
2013-07-13 16:17 - 2013-03-14 10:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 15:25 - 2013-02-07 11:05 - 00000000 ____D C:\Users\Standard\AppData\Roaming\vlc
2013-07-13 13:39 - 2013-07-13 13:39 - 00022433 _____ C:\Users\Standard\Downloads\ComboFix.txt
2013-07-13 13:39 - 2013-07-13 13:29 - 00000000 ____D C:\Qoobox
2013-07-13 13:39 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-13 13:38 - 2013-07-13 13:29 - 00000000 ____D C:\Windows\erdnt
2013-07-13 13:37 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-07-13 13:28 - 2013-07-13 13:28 - 05088739 ____R (Swearware) C:\Users\Standard\Downloads\ComboFix.exe
2013-07-13 12:19 - 2013-07-13 12:19 - 00000250 _____ C:\Users\Standard\Downloads\defogger_enable.log
2013-07-13 12:19 - 2013-01-31 17:09 - 00000000 ____D C:\Users\Standard
2013-07-13 11:57 - 2013-07-13 11:57 - 00025552 _____ C:\Users\Standard\Downloads\Addition.txt
2013-07-13 11:57 - 2013-07-13 11:57 - 00000000 ____D C:\FRST
2013-07-13 11:55 - 2013-07-13 11:55 - 01218386 _____ (Farbar) C:\Users\Standard\Downloads\FRST.exe
2013-07-13 09:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-13 09:35 - 2013-07-13 09:35 - 00010114 _____ C:\Users\Standard\Downloads\Gmer.log
2013-07-13 09:02 - 2013-07-13 09:02 - 00000478 _____ C:\Users\Standard\Downloads\defogger_disable.log
2013-07-13 08:56 - 2013-07-13 08:48 - 00131176 _____ C:\Users\Standard\Downloads\OTL.Txt
2013-07-13 08:40 - 2013-07-13 08:40 - 00377856 _____ C:\Users\Standard\Downloads\gmer_2.1.19163.exe
2013-07-13 08:39 - 2013-07-13 08:39 - 00602112 _____ (OldTimer Tools) C:\Users\Standard\Downloads\OTL.exe
2013-07-13 08:39 - 2013-07-13 08:39 - 00050477 _____ C:\Users\Standard\Downloads\Defogger.exe
2013-07-13 08:25 - 2010-04-27 13:19 - 00000000 ____D C:\Windows\pss
2013-07-12 19:25 - 2013-07-12 12:09 - 00000000 ____D C:\Windows\Minidump
2013-07-12 19:22 - 2013-07-12 16:10 - 00000000 ____D C:\Program Files\stinger
2013-07-12 16:12 - 2013-07-12 16:12 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.b8df.deleteme
2013-07-12 16:10 - 2013-07-12 16:10 - 00000000 ____D C:\Stinger_Quarantine
2013-07-12 16:07 - 2010-11-20 23:01 - 01606772 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 10:03 - 2011-04-20 09:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-11 17:34 - 2010-04-25 11:36 - 00000000 ____D C:\Users\Standard\AppData\Local\Adobe
2013-07-11 17:33 - 2013-02-10 15:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-11 17:33 - 2013-02-10 15:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-11 10:53 - 2012-03-08 20:27 - 00000000 ____D C:\Users\Standard\.VirtualBox
2013-07-11 08:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 07:51 - 2013-01-31 17:05 - 00000000 ____D C:\Windows\Panther
2013-07-11 07:41 - 2013-07-11 07:39 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 07:32 - 2010-11-21 02:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 07:32 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 07:32 - 2009-07-14 06:33 - 04094360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 19:25 - 2013-07-10 19:25 - 00001082 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2013-07-10 19:25 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-10 19:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\DriverStore
2013-07-10 17:39 - 2010-11-10 19:14 - 00000000 ___RD C:\Users\Standard\Virtual Machines
2013-07-09 15:21 - 2012-05-14 10:19 - 00000000 ____D C:\Users\Standard\Downloads\db1ov_frequenznormal
2013-07-09 13:27 - 2010-07-08 16:32 - 00000787 _____ C:\Users\Standard\AppData\Roaming\myAVR_ProgTool.cfg
2013-07-09 08:35 - 2013-07-09 08:35 - 00000000 ____D C:\Users\Standard\Downloads\tool_myAVR-ProgTool-V139-b2236_en_de
2013-07-07 17:41 - 2013-02-10 13:52 - 00000000 ____D C:\Windows\system32\Adobe
2013-07-07 17:33 - 2010-04-24 15:47 - 00000000 ____D C:\Program Files\Realtek
2013-07-07 17:24 - 2013-07-07 17:24 - 00000000 ____D C:\Users\Standard\Downloads\LAN_Realtek_Win7_VER7616122012
2013-07-06 10:50 - 2013-07-06 10:50 - 00001214 _____ C:\Users\Standard\Desktop\Resonic MP3.lnk
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resonic Alpha
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Liqube
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Program Files\Liqube
2013-07-06 10:49 - 2013-07-06 10:49 - 03512775 _____ (Liqube) C:\Users\Standard\Downloads\ResonicAlphaSetup840.exe
2013-07-04 19:47 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\Documents\My Kindle Content
2013-07-04 19:40 - 2013-07-04 19:40 - 00002251 _____ C:\Users\Standard\Desktop\Kindle.lnk
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Local\Amazon
2013-07-04 19:21 - 2010-04-28 17:44 - 00000000 ____D C:\Users\Standard\Documents\Word 2003
2013-07-04 16:38 - 2013-07-10 19:25 - 00188176 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-07-04 16:37 - 2013-07-10 19:25 - 00094480 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00174864 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-07-04 16:37 - 2013-07-04 16:37 - 00115984 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00104720 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00084752 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2013-07-03 09:04 - 2010-04-26 21:11 - 00002358 ___SH C:\Windows\system32\KGyGaAvL.sys
2013-07-03 09:04 - 2010-04-26 21:11 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Corel
2013-07-01 07:47 - 2013-07-01 07:46 - 38103832 _____ (Amazon.com) C:\Users\Standard\Downloads\KindleForPC-installer.exe
2013-07-01 07:03 - 2011-10-22 16:24 - 00011664 _____ C:\Users\Standard\gsview32.ini
2013-06-30 12:07 - 2010-04-26 20:01 - 00000982 _____ C:\Users\Public\Desktop\IrfanView.lnk
2013-06-30 07:32 - 2013-02-09 17:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-29 20:02 - 2010-04-26 20:14 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-28 09:20 - 2010-04-28 07:58 - 00000000 ____D C:\Users\Standard\AppData\Roaming\SchnapperPlus
2013-06-27 09:22 - 2011-09-20 08:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 14:57 - 2013-06-25 14:57 - 00000214 _____ C:\Users\Standard\Documents\led_blink.aws
2013-06-25 14:57 - 2013-06-25 14:56 - 00001522 _____ C:\Users\Standard\Documents\LED_blink.asm
2013-06-25 14:56 - 2013-06-25 14:56 - 00002295 _____ C:\Users\Standard\Documents\LED_blink.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00002267 _____ C:\Users\Standard\Documents\test2.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00000318 _____ C:\Users\Standard\Documents\test2.aws
2013-06-25 14:37 - 2013-06-25 14:37 - 00000000 _____ C:\Users\Standard\Documents\test2.asm
2013-06-25 08:45 - 2013-06-25 08:45 - 00000345 _____ C:\Users\Standard\Documents\test1.aws
2013-06-25 08:44 - 2013-06-25 08:44 - 00002649 _____ C:\Users\Standard\Documents\test1.aps
2013-06-25 08:44 - 2013-06-25 08:44 - 00000000 _____ C:\Users\Standard\Documents\test1.asm
2013-06-24 11:35 - 2013-05-02 11:30 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-24 00:37 - 2013-01-31 18:25 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-20 10:22 - 2013-06-20 10:22 - 00001046 _____ C:\Users\Standard\Desktop\Cathy.exe.lnk
2013-06-20 10:22 - 2010-04-25 11:18 - 00000000 ___RD C:\GwkTools
2013-06-19 19:35 - 2013-06-19 19:35 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-19 19:35 - 2013-03-05 12:59 - 00000000 ____D C:\Program Files\Java
2013-06-18 10:21 - 2013-06-18 10:21 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-15 20:00 - 2013-06-15 19:58 - 00000000 ____D C:\Users\Standard\Downloads\StopWatch
2013-06-13 15:39 - 2013-06-13 15:39 - 00000000 ____D C:\Program Files\AviSynth 2.5
2013-06-13 15:35 - 2013-06-13 15:35 - 00001076 _____ C:\Users\Public\Desktop\SUPER ©.lnk
2013-06-13 15:34 - 2013-06-13 15:34 - 00000000 ____D C:\Program Files\eRightSoft
2013-06-13 15:28 - 2013-06-13 15:26 - 51636894 _____ (eRightSoft                                                  ) C:\Users\Standard\Downloads\SUPERsetup.exe
2013-06-13 15:21 - 2010-04-26 20:11 - 00000000 ____D C:\Users\Standard\AppData\Roaming\dvdcss
2013-06-13 15:07 - 2013-06-13 15:07 - 00000000 ____D C:\Users\Standard\AppData\Local\FreemakeVideoConverter
2013-06-13 15:07 - 2013-06-13 15:06 - 00000000 ____D C:\Users\Standard\Documents\Freemake
2013-06-13 15:07 - 2013-06-13 15:06 - 00000000 ____D C:\ProgramData\Freemake
2013-06-13 15:06 - 2013-06-13 15:06 - 00001288 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-06-13 15:06 - 2013-06-13 15:06 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-13 15:06 - 2013-06-13 15:06 - 00000000 ____D C:\Program Files\Freemake
2013-06-13 14:50 - 2013-06-13 14:45 - 00000000 ____D C:\Program Files\Aimersoft
2013-06-13 14:49 - 2013-06-13 14:49 - 00000000 ____D C:\ProgramData\xml_param
2013-06-13 14:49 - 2013-06-13 14:45 - 00000000 ____D C:\Users\Standard\Documents\Aimersoft DVD Ripper
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\Users\Standard\AppData\Local\Aimersoft
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\ProgramData\Aimersoft DVD Ripper
2013-06-13 14:45 - 2013-06-13 14:45 - 00000000 ____D C:\Program Files\Common Files\Aimersoft
2013-06-13 08:49 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 07:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 08:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Additional.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-07-2013 01
Ran by Standard at 2013-07-13 17:08:19
Running from C:\Users\Standard\Downloads
Boot Mode: Normal
==========================================================

7-PDF Website Converter Version 1.0.5 (Build 127) (Version: 7-PDF Website Converter - Version 1.0.5 (Build 127))
7-Zip 9.20
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0)
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (Version: 7.1.0)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Creative Suite 2
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop Elements 11 (Version: 11.0)
Adobe Premiere Elements 11 (Version: 11.0)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Adobe SVG Viewer 3.0 (Version:  3.0)
Alcor Micro USB Card Reader (Version: 1.8.1217.36096)
Alltags-Adressen
Amazon Kindle
Ansoft Designer 2.2 SV
Any Video Converter 5.0.5
Ashampoo Burning Studio 2010 Advanced (Version: 9.2.4)
AtomicTime
Audacity 2.0
Audiograbber 1.83 SE  (Version: 1.83 SE )
Audiograbber Lame-MP3-Plugin (Version: 1.0)
Auslogics Disk Defrag (Version: 3.6)
Auslogics Duplicate File Finder (Version: 2.5)
Auslogics Registry Cleaner (Version: 2.5)
Avira Antivirus Premium (Version: 13.0.0.3737)
AVR Burn-O-Mat 2.1.2
AVR Jungo USB (Version: 10.2)
AVR Studio 4.19 (Version: 4.19.730)
BASCOM-8051 (Version: 2.0.15.0)
BASCOM-AVR (Version: 2.0.7.5)
BitTorrent (Version: 7.6.1)
Boot-US (Version: 3.0.2)
Canon i865
Canon LBP6000/LBP6018
CCleaner (Version: 4.02)
CDBurnerXP (Version: 4.5.0.3661)
Command Prompt Here PowerToy
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Compatibility Pack für 2007 Office System (Version: 12.0.6514.5001)
Corel Graphics Suite 11 (Version: 11)
Corel Paint Shop Pro Photo XI (Version: 11.20.0000)
Corel PaintShop Pro X4 (Version: 14.0.0.332)
Corel PaintShop Pro X4 (Version: 14.3.0.3)
Corel PaintShop Pro X4 Ultimate Bonus Pack
Corel PaintShop Pro X4 Ultimate Bonus Pack (Version: 1.00.0000)
CPUID CPU-Z 1.61
CrystalDiskInfo 5.0.0 (Version: 5.0.0)
CrystalDiskMark 3.0.2 (Version: 3.0.2)
DATA BECKER Graphic Works 10 (Version: 1.3.511.0)
Desktop Restore (Version: 1.6.3)
DriverAgent by eSupport.com
DU Meter (Version: 5.30)
EAGLE 5.11.0 (Version: 5.11.0)
EAGLE 6.4.0 (Version: 6.4.0)
EasyBCD 2.2 (Version: 2.2)
EleLa Version V1.2.12207 (Version: V1.2.12207)
Elements 11 Organizer (Version: 11.0)
EPSON Scan
EPU-6 Engine (Version: 1.02.04)
EVEREST Ultimate Edition v5.50 (Version: 5.50)
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
FinePrint
Foxit Reader (Version: 5.4.5.114)
Free Download Manager 3.9
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
FrontDesigner 3.0
Frontplatten Designer (Version: 4.1.4)
GALEP32 Version 1.19.99
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GPL Ghostscript (Version: 9.04)
GSview 5.0 (Version: 5.0)
Ham Radio Deluxe (Version: 1.4)
HD Tune Pro 5.00
HoverIP v1.0 beta (Version: 1.0 beta)
ICA (Version: 14.0.0.332)
Icon Restore 1.0
ImgBurn (Version: 2.5.5.0)
Inkscape 0.48.3.1 (Version: 0.48.3.1)
Intel(R) Rapid Storage Technology (Version: 11.1.0.1006)
IPM_PSP_COM (Version: 14.0.0.332)
IrfanView (remove only) (Version: 4.36)
IsoBuster 3.1 (Version: 3.1)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
JMicron JMB36X Driver (Version: 1.17.62.0)
KMLManager (Version: 1.0.0)
LibreOffice 4.0 Help Pack (German) (Version: 4.0.2.2)
LibreOffice 4.0.2.2 (Version: 4.0.2.2)
LochMaster 4.0 (Demo)
LTspice IV
Magical Jelly Bean KeyFinder (Version: 2.0.8.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
marvell 61xx (Version: 1.2.0.7100)
marvell 91xx driver (Version: 1.2.0.1014)
MediaInfo Lite 0.7.57 (Version: 0.7.57)
Meter (Version: 2.40)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 DEU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Visual Basic 2010 Express - DEU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
mini dB-Rechner 1.3.2
mini Ringkern-Rechner 1.2 (Version: 1.2)
MozBackup 1.5.1
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
Mp3 Renatager
Mp3tag v2.52 (Version: v2.52)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 11 (Version: 11.2.00600)
Nero 11 DiscSpeed (Version: 11.0.00400)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.2.18400.2.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10400)
Nero Backup Drivers (Version: 12.0.4000)
Nero Blu-ray Player (Version: 12.0.20012)
Nero Burning ROM 11 (Version: 11.2.10300.0.0)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero Cliparts (Version: 12.0.11500)
Nero ControlCenter (Version: 11.0.15500)
Nero ControlCenter Help (CHM) (Version: 12.0.5000)
Nero Core Components (Version: 11.0.19400)
Nero CoverDesigner 11 (Version: 6.0.11000.13.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Disc Menus Basic (Version: 12.0.11500)
Nero DiscSpeed 11 (Version: 7.0.10400.2.100)
Nero DiscSpeed 11 Help (CHM) (Version: 11.0.10000)
Nero Effects Basic (Version: 12.0.11500)
Nero Express 11 (Version: 11.2.10300.0.0)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Image Samples (Version: 12.0.11500)
Nero Kwik Media (Version: 1.18.19600)
Nero Kwik Media Help (CHM) (Version: 12.0.3000)
Nero Kwik Themes Basic (Version: 12.0.11500)
Nero PiP Effects Basic (Version: 12.0.11500)
Nero Recode 11 (Version: 5.2.11300.0.0)
Nero Recode 11 Help (CHM) (Version: 11.0.10600)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SharedVideoCodecs (Version: 1.0.12100.2.0)
Nero SoundTrax 11 (Version: 5.0.10700.6.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.11500.28.0)
Nero Video 11 (Version: 8.2.16000.4.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero Video Samples (Version: 12.0.11500)
Nero WaveEditor 11 (Version: 6.2.11300.0.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20010)
NewsBin Pro (Version: 5.57)
NewsBin Pro 4.3
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.3.1)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia PC Suite (Version: 7.1.180.94)
NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
ODF Add-In für Microsoft Office (Version: 4.0.5309.0)
Opera 12.01 (Version: 12.01.1532)
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
PC Connectivity Solution (Version: 12.0.27.0)
PDFCreator (Version: 1.7.0)
Picture Control Utility (Version: 1.4.3)
Ping Plotter
PingPlotter Pro 3.20.1p (Version: 3.20.1p)
PL-2303 USB-to-Serial (Version: 1.1.0)
Platform (Version: 1.34)
PRE11 STI Installer (Version: 11.0)
PSE11 STI Installer (Version: 11.0)
PSPPContent (Version: 14.0.0.332)
PSPPHelp (Version: 14.0.0.332)
Q-Dir
QuickPhrase 4.0.0.93 (Version: 4.0.0.93)
R Color Code
Realtek Ethernet Controller Driver (Version: 7.61.612.2012)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Recuva (Version: 1.42)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Resonic Alpha (Version: 0.5.840.0)
SchnapperPlus 1.8.60 (Version: 1.8.60)
Screenpresso (HKCU Version: 1.3.8.0)
SeaMonkey 2.14.1 (x86 de) (Version: 2.14.1)
Security Task Manager 1.8g (Version: 1.8g)
Setup (Version: 14.0.0.332)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Silicon Laboratories CP210x VCP Drivers for Windows 7 (Version: 5.40.24)
Skype™ 5.0 (Version: 5.0.152)
Speccy (Version: 1.20)
sPlan 7.0
Sprint-Layout 5.0
Sprint-Layout 6.0
StampPlot Version 3.8 (Version: 3.8.0)
StreamTransport version: 1.0.2.2171
Suite Specific (Version: 2.0.0)
SUNIX Multi IO Controller (Version: 8.0.0.0)
SUNIX Multi-IO Controller (Version: 7.2.0.0)
SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (Version: +Recorder.2013.55)
swMSM (Version: 12.0.0.1)
TagScanner 5.1 build 571
Target 3001! V15 discover (Version: )
TCJ My Stock DB v2 (Version: 2)
TechPowerUp GPU-Z
TEMP-SERVER CLIENT (Version: 1.0)
TextPad 5 (Version: 5.4.2)
ThumbsPlus (Version: 8.0)
ThumbsPlus 6.0
Total Commander (Remove or Repair) (Version: 8.01)
TubeData
TuneUp Utilities 2012 (Version: 12.0.3600.114)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.114)
TweakNow RegCleaner 2012 (Version: 7.2.1)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
USB AVR-Lab Tool 5.10 (Version: 5.10)
USB Multi-Channel Audio Device
USB/DVD-Downloadtool für Windows 7 (Version: 1.0.30)
USBprog 0.2.0 (Version: 0.2.0)
USB-WETTER-SERVER CLIENT (Version: 1.0)
Usenet.nl
VBA (2701.01) (Version: 6.03.00.9402)
VIA Plattform-Geräte-Manager (Version: 1.34)
ViewNX 2 (Version: 2.3.2)
Vista Shortcut Manager (Version: 2.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (Version: 4.0.8080.0)
VLC media player 2.0.7 (Version: 2.0.7)
WaveLab 6 (Version: 6.1.0.340)
Welcome App (Start-up experience) (Version: 11.0.23500.0.0)
Winamp (remove only)
WinAVR 20100110 (remove only) (Version: 20100110)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Mode (Version: 1.3.7600.16422)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
WinHTTrack Website Copier 3.44-1 (Version: 3.44.1)
WinNWT4 Version 4.11.08
WinRAR
WinZip 14.0 (Version: 14.0.8708)
ZL11.4 (Version: 1.00.0000)
Zotero Standalone 3.0.14 (x86 en-US) (Version: 3.0.14)
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2010-06-09 11:19 - 2013-07-13 13:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0491A223-63C9-4036-9347-5455A95C14DC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-07-04] (TuneUp Software)
Task: {2E655F28-B6E2-4270-A358-E81A4E1623BA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {337B2718-AC4D-4531-BBC2-0B7D5F173759} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: {57A29E9F-B610-4388-BF0B-AFBA02FD842B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {6E89FAC9-92AE-45C2-B2EC-AD4734618F12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03] (Google Inc.)
Task: {79B73834-A812-4307-A04B-CA0F0B0AA5E8} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2009-10-02] (ASUSTeK Computer Inc.)
Task: {8E4FAB42-33F2-466A-9B15-5AD4F80721DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03] (Google Inc.)
Task: {AA3B78DA-B6EB-46CB-A9B8-2EC53F81C242} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {B0EAD5BC-9079-4113-A6BE-A546C43F0B68} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {E9B4EB92-0D84-45C7-A110-CD897D466891} - System32\Tasks\{FDA2CEF9-1FA2-4D9F-9049-E33A681AF15B} => C:\Program Files\Skype\Phone\Skype.exe [2010-10-11] (Skype Technologies S.A.)
Task: {F41BB0BD-7237-40AC-8DB7-F1E615D1EFC1} - System32\Tasks\User_Feed_Synchronization-{F0EAC7B4-2CBD-4BEB-B335-E57A7AAC51FF} => C:\Windows\system32\msfeedssync.exe [2013-03-13] (Microsoft Corporation)
Task: {FE58C4D4-058C-4E77-B26A-87C89B06C6E0} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2013 05:05:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/13/2013 05:06:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/13/2013 05:06:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (07/13/2013 05:05:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 3582.05 MB
Available physical RAM: 2577.66 MB
Total Pagefile: 7162.38 MB
Available Pagefile: 6072.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.49 MB

==================== Drives ================================

Drive c: (Boot_C) (Fixed) (Total:488.28 GB) (Free:385.08 GB) NTFS
Drive d: (HD_D) (Fixed) (Total:443.13 GB) (Free:46.05 GB) NTFS
Drive e: (HD_E) (Fixed) (Total:915.75 GB) (Free:428.79 GB) NTFS
Drive f: (HD_F) (Fixed) (Total:947.26 GB) (Free:280.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9013A31C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 05C23984)
Partition 1: (Not Active) - (Size=916 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=947 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
jede Menge "Lesestoff" !

Danke, einstweilen,
gonde

Außerdem habe ich mir erlaubt auch Malwarebyte laufen zu lassen.
Die beiden zu beanstandenen Einträge sind weg. :-)
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.12.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Standard :: PC-I7 [Administrator]

13.07.2013 16:37:27
mbam-log-2013-07-13 (16-37-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 278544
Laufzeit: 6 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Schöne Grüße, gonde

Alt 13.07.2013, 19:00   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.07.2013, 10:00   #9
gonde
 
PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Hallo schrauber,

hier die gewünschten Logs:

Eset
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d7a30905d82dad4495c32ef6b17b65e1
# engine=14385
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-14 08:25:39
# local_time=2013-07-14 10:25:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 269607 125421530 0 0
# scanned=231653
# found=66
# cleaned=0
# scan_time=5522
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mshwvxz.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mshyaie.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mshywtv.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msicatye.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msifqiqt.scr"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msiifyti.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msiuejuhs.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msiuoqoyr.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msiuvwkte.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msivfvuzo.exe"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msjhxonh.scr"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msnaoa.exe"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msnfwh.exe"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msniin.exe"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msnsow.exe"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msogvmn.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msoloas.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msowifr.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqcuvci.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqdllfo.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqgwdi.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqiocx.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqiyahu.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqkqrvw.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqmkfk.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqmxii.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqnatv.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqopsl.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msquyhov.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqwwfp.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqwyfu.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqxyvyvj.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqymoqac.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msqzvir.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mstaliayo.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mstaoitwi.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mstaoxoav.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mstauwaro.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mstavcuuk.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mstmiawqa.pif"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msuioa.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msuiqu.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msuryr.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msuwvy.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msuwwo.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msvfzui.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msvlrui.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msvoaazui.exe"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msvtve.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msvvou.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msvwlaw.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msvwwy.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msvyayk.bat"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msvzfkas.scr"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mswaau.exe"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mswevva.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mswifbo.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mswmpxo.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mswomxo.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mswtqr.exe"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mswtvp.exe"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msyyoef.com"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mszacquc.scr"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\mszhch.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msztva.cmd"
sh=AD889CDA50E015C18690CF84B8BD197AAFE5C406 ft=1 fh=c71c001138bcc3fb vn="a variant of Win32/Kryptik.BAVY trojan" ac=I fn="C:\Users\Standard\Local Settings\Temp\msztza.cmd"
         
Was tun mit den Resten von Kryptik.BAVY trojan?

SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 TuneUp Utilities 2012   
 TuneUp Utilities Language Pack (de-DE) 
 CCleaner     
 TweakNow RegCleaner 2012   
 Auslogics Registry Cleaner   
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player 	11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
 Mozilla Thunderbird (17.0.7) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und hier ein neuer FRST Log

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by Standard (administrator) on 14-07-2013 10:51:20
Running from C:\Users\Standard\Downloads\Trojaner-Board.de
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeterSvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Uwe Sieber - www.uwe-sieber.de) C:\GwkTools\USBDLM\USBDLM.exe
(Uwe Sieber - www.uwe-sieber.de) C:\GwkTools\USBDLM\USBDLM_usr.exe
(Uwe Sieber - www.uwe-sieber.de) C:\GwkTools\USBDLM\USBDLM_usr.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Six Engine\SixEngine.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNABCSWK.EXE
(Hagel Technologies Ltd.) C:\PROGRA~1\DUMETE~1\DUMeter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Farbar) C:\Users\Standard\Downloads\Trojaner-Board.de\FRST(2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [CNAP2 Launcher] - C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM\...\Run: [NUSB3MON] - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 7.0] - "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [DU Meter] - "C:\Program Files\DU Meter\DUMeter.exe" /autostart [1946352 2012-02-16] (Hagel Technologies Ltd.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value - 
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4oink.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Standard\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Standard\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [371768 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-24] (Avira Operations GmbH & Co. KG)
S4 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1110480 2012-02-16] (Hagel Technologies Ltd.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-07-04] (TuneUp Software)
R2 USBDLM; C:\GwkTools\USBDLM\USBDLM.exe [337888 2012-01-15] (Uwe Sieber - www.uwe-sieber.de)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-25] (Avira Operations GmbH & Co. KG)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2013-03-23] (Phoenix Technologies)
S3 DUMeterDrv; C:\Program Files\DU Meter\DUMETR32.SYS [19832 2012-02-16] (Hagel Technologies Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
S4 giveio; C:\Windows\giveio.sys [5248 2011-09-15] ()
R2 glpntdrv; C:\Windows\system32\drivers\glpntdrv.sys [13728 1998-11-25] ()
S3 hcdriver; C:\Windows\System32\Drivers\hcdriver.sys [50688 2011-01-10] (Intel Corporation)
R1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2012-11-20] (Logix4u)
R2 inpout32; C:\Windows\System32\Drivers\inpout32.sys [11936 2012-11-20] (Highresolution Enterprises [www.highrez.co.uk])
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [103000 2010-11-25] (JMicron Technology Corp.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2011-05-28] (hxxp://libusb-win32.sourceforge.net)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R0 mv91xx; C:\Windows\System32\drivers\mv91xx.sys [276784 2012-01-19] (Marvell Semiconductor, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [63872 2011-02-10] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141952 2011-02-10] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-30] (Prolific Technology Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-21] (Silicon Laboratories)
R3 SNXPCARD; C:\Windows\System32\DRIVERS\snxpcard.sys [48224 2012-06-21] (SUNIX Co., Ltd.)
R3 SNXPPALX; C:\Windows\System32\DRIVERS\snxppalx.sys [85088 2012-06-21] (SUNIX Co., Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-03] (TuneUp Software)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516544 2009-06-11] (C-Media Electronics Inc)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-23] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)
S3 catchme; \??\C:\Users\Standard\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-14 10:43 - 2013-07-14 10:43 - 00002722 _____ C:\Windows\setupact.log
2013-07-14 10:43 - 2013-07-14 10:43 - 00000798 _____ C:\Windows\PFRO.log
2013-07-14 10:43 - 2013-07-14 10:43 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 08:46 - 2013-07-14 08:46 - 02347384 _____ (ESET) C:\Users\Standard\Downloads\esetsmartinstaller_enu.exe
2013-07-14 08:46 - 2013-07-14 08:46 - 00890988 _____ C:\Users\Standard\Downloads\SecurityCheck.exe
2013-07-13 17:22 - 2013-07-14 10:50 - 00000000 ____D C:\Users\Standard\Downloads\Trojaner-Board.de
2013-07-13 16:56 - 2013-07-14 10:42 - 00035273 _____ C:\Windows\WindowsUpdate.log
2013-07-13 16:56 - 2013-07-13 16:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 13:30 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-13 13:30 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-13 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-13 13:30 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-13 13:29 - 2013-07-13 13:39 - 00000000 ____D C:\Qoobox
2013-07-13 13:29 - 2013-07-13 13:38 - 00000000 ____D C:\Windows\erdnt
2013-07-13 11:57 - 2013-07-13 11:57 - 00000000 ____D C:\FRST
2013-07-12 16:12 - 2013-07-12 16:12 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.b8df.deleteme
2013-07-12 16:10 - 2013-07-12 19:22 - 00000000 ____D C:\Program Files\stinger
2013-07-12 16:10 - 2013-07-12 16:10 - 00000000 ____D C:\Stinger_Quarantine
2013-07-12 12:09 - 2013-07-12 19:25 - 00000000 ____D C:\Windows\Minidump
2013-07-11 07:39 - 2013-07-11 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 20:10 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 20:10 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 20:10 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 20:10 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 20:10 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 20:10 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 19:25 - 2013-07-10 19:25 - 00001082 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2013-07-10 19:25 - 2013-07-04 16:38 - 00188176 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-07-10 19:25 - 2013-07-04 16:37 - 00094480 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-07-10 07:27 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 07:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 07:27 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 07:27 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 08:35 - 2013-07-09 08:35 - 00000000 ____D C:\Users\Standard\Downloads\tool_myAVR-ProgTool-V139-b2236_en_de
2013-07-07 17:24 - 2013-07-07 17:24 - 00000000 ____D C:\Users\Standard\Downloads\LAN_Realtek_Win7_VER7616122012
2013-07-06 10:50 - 2013-07-06 10:50 - 00001214 _____ C:\Users\Standard\Desktop\Resonic MP3.lnk
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resonic Alpha
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Liqube
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Program Files\Liqube
2013-07-06 10:49 - 2013-07-06 10:49 - 03512775 _____ (Liqube) C:\Users\Standard\Downloads\ResonicAlphaSetup840.exe
2013-07-04 19:40 - 2013-07-04 19:47 - 00000000 ____D C:\Users\Standard\Documents\My Kindle Content
2013-07-04 19:40 - 2013-07-04 19:40 - 00002251 _____ C:\Users\Standard\Desktop\Kindle.lnk
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Local\Amazon
2013-07-04 16:37 - 2013-07-04 16:37 - 00174864 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-07-04 16:37 - 2013-07-04 16:37 - 00115984 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00104720 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00084752 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2013-07-01 07:46 - 2013-07-01 07:47 - 38103832 _____ (Amazon.com) C:\Users\Standard\Downloads\KindleForPC-installer.exe
2013-06-25 14:57 - 2013-06-25 14:57 - 00000214 _____ C:\Users\Standard\Documents\led_blink.aws
2013-06-25 14:56 - 2013-06-25 14:57 - 00001522 _____ C:\Users\Standard\Documents\LED_blink.asm
2013-06-25 14:56 - 2013-06-25 14:56 - 00002295 _____ C:\Users\Standard\Documents\LED_blink.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00002267 _____ C:\Users\Standard\Documents\test2.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00000318 _____ C:\Users\Standard\Documents\test2.aws
2013-06-25 14:37 - 2013-06-25 14:37 - 00000000 _____ C:\Users\Standard\Documents\test2.asm
2013-06-25 08:45 - 2013-06-25 08:45 - 00000345 _____ C:\Users\Standard\Documents\test1.aws
2013-06-25 08:44 - 2013-06-25 08:44 - 00002649 _____ C:\Users\Standard\Documents\test1.aps
2013-06-25 08:44 - 2013-06-25 08:44 - 00000000 _____ C:\Users\Standard\Documents\test1.asm
2013-06-20 10:22 - 2013-06-20 10:22 - 00001046 _____ C:\Users\Standard\Desktop\Cathy.exe.lnk
2013-06-19 19:35 - 2013-06-19 19:35 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-19 19:35 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-18 10:21 - 2013-06-18 10:21 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-15 19:58 - 2013-06-15 20:00 - 00000000 ____D C:\Users\Standard\Downloads\StopWatch

==================== One Month Modified Files and Folders =======

2013-07-14 10:51 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 10:51 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-14 10:50 - 2013-07-13 17:22 - 00000000 ____D C:\Users\Standard\Downloads\Trojaner-Board.de
2013-07-14 10:47 - 2013-07-13 16:56 - 00035273 _____ C:\Windows\WindowsUpdate.log
2013-07-14 10:43 - 2013-07-14 10:43 - 00002722 _____ C:\Windows\setupact.log
2013-07-14 10:43 - 2013-07-14 10:43 - 00000798 _____ C:\Windows\PFRO.log
2013-07-14 10:43 - 2013-07-14 10:43 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 10:43 - 2013-02-06 14:05 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-14 10:43 - 2013-01-31 17:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-14 10:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 10:17 - 2013-03-14 10:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 08:46 - 2013-07-14 08:46 - 02347384 _____ (ESET) C:\Users\Standard\Downloads\esetsmartinstaller_enu.exe
2013-07-14 08:46 - 2013-07-14 08:46 - 00890988 _____ C:\Users\Standard\Downloads\SecurityCheck.exe
2013-07-13 19:55 - 2013-02-10 15:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-13 19:55 - 2013-02-10 15:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-13 19:54 - 2010-04-25 11:36 - 00000000 ____D C:\Users\Standard\AppData\Local\Adobe
2013-07-13 18:35 - 2010-05-06 12:22 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Usenet.nl
2013-07-13 18:34 - 2010-05-06 12:22 - 00000000 ___RD C:\Users\Standard\Documents\Usenet.nl
2013-07-13 17:25 - 2013-01-31 17:09 - 00000000 ___RD C:\Users\Standard\Desktop
2013-07-13 16:56 - 2013-07-13 16:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 15:25 - 2013-02-07 11:05 - 00000000 ____D C:\Users\Standard\AppData\Roaming\vlc
2013-07-13 13:39 - 2013-07-13 13:29 - 00000000 ____D C:\Qoobox
2013-07-13 13:39 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-13 13:38 - 2013-07-13 13:29 - 00000000 ____D C:\Windows\erdnt
2013-07-13 13:37 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-07-13 12:19 - 2013-01-31 17:09 - 00000000 ____D C:\Users\Standard
2013-07-13 11:57 - 2013-07-13 11:57 - 00000000 ____D C:\FRST
2013-07-13 09:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-13 08:25 - 2010-04-27 13:19 - 00000000 ____D C:\Windows\pss
2013-07-12 19:25 - 2013-07-12 12:09 - 00000000 ____D C:\Windows\Minidump
2013-07-12 19:22 - 2013-07-12 16:10 - 00000000 ____D C:\Program Files\stinger
2013-07-12 16:12 - 2013-07-12 16:12 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.b8df.deleteme
2013-07-12 16:10 - 2013-07-12 16:10 - 00000000 ____D C:\Stinger_Quarantine
2013-07-12 16:07 - 2010-11-20 23:01 - 01606772 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 10:03 - 2011-04-20 09:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-11 10:53 - 2012-03-08 20:27 - 00000000 ____D C:\Users\Standard\.VirtualBox
2013-07-11 08:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 07:51 - 2013-01-31 17:05 - 00000000 ____D C:\Windows\Panther
2013-07-11 07:41 - 2013-07-11 07:39 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 07:32 - 2010-11-21 02:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 07:32 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 07:32 - 2009-07-14 06:33 - 04094360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 19:25 - 2013-07-10 19:25 - 00001082 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2013-07-10 19:25 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-10 19:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\DriverStore
2013-07-10 17:39 - 2010-11-10 19:14 - 00000000 ___RD C:\Users\Standard\Virtual Machines
2013-07-09 15:21 - 2012-05-14 10:19 - 00000000 ____D C:\Users\Standard\Downloads\db1ov_frequenznormal
2013-07-09 13:27 - 2010-07-08 16:32 - 00000787 _____ C:\Users\Standard\AppData\Roaming\myAVR_ProgTool.cfg
2013-07-09 08:35 - 2013-07-09 08:35 - 00000000 ____D C:\Users\Standard\Downloads\tool_myAVR-ProgTool-V139-b2236_en_de
2013-07-07 17:41 - 2013-02-10 13:52 - 00000000 ____D C:\Windows\system32\Adobe
2013-07-07 17:33 - 2010-04-24 15:47 - 00000000 ____D C:\Program Files\Realtek
2013-07-07 17:24 - 2013-07-07 17:24 - 00000000 ____D C:\Users\Standard\Downloads\LAN_Realtek_Win7_VER7616122012
2013-07-06 10:50 - 2013-07-06 10:50 - 00001214 _____ C:\Users\Standard\Desktop\Resonic MP3.lnk
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resonic Alpha
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Liqube
2013-07-06 10:50 - 2013-07-06 10:50 - 00000000 ____D C:\Program Files\Liqube
2013-07-06 10:49 - 2013-07-06 10:49 - 03512775 _____ (Liqube) C:\Users\Standard\Downloads\ResonicAlphaSetup840.exe
2013-07-04 19:47 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\Documents\My Kindle Content
2013-07-04 19:40 - 2013-07-04 19:40 - 00002251 _____ C:\Users\Standard\Desktop\Kindle.lnk
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-07-04 19:40 - 2013-07-04 19:40 - 00000000 ____D C:\Users\Standard\AppData\Local\Amazon
2013-07-04 19:21 - 2010-04-28 17:44 - 00000000 ____D C:\Users\Standard\Documents\Word 2003
2013-07-04 16:38 - 2013-07-10 19:25 - 00188176 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-07-04 16:37 - 2013-07-10 19:25 - 00094480 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00174864 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-07-04 16:37 - 2013-07-04 16:37 - 00115984 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00104720 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00084752 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2013-07-03 09:04 - 2010-04-26 21:11 - 00002358 ___SH C:\Windows\system32\KGyGaAvL.sys
2013-07-03 09:04 - 2010-04-26 21:11 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Corel
2013-07-01 07:47 - 2013-07-01 07:46 - 38103832 _____ (Amazon.com) C:\Users\Standard\Downloads\KindleForPC-installer.exe
2013-07-01 07:03 - 2011-10-22 16:24 - 00011664 _____ C:\Users\Standard\gsview32.ini
2013-06-30 12:07 - 2010-04-26 20:01 - 00000982 _____ C:\Users\Public\Desktop\IrfanView.lnk
2013-06-30 07:32 - 2013-02-09 17:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-29 20:02 - 2010-04-26 20:14 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-28 09:20 - 2010-04-28 07:58 - 00000000 ____D C:\Users\Standard\AppData\Roaming\SchnapperPlus
2013-06-27 09:22 - 2011-09-20 08:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 14:57 - 2013-06-25 14:57 - 00000214 _____ C:\Users\Standard\Documents\led_blink.aws
2013-06-25 14:57 - 2013-06-25 14:56 - 00001522 _____ C:\Users\Standard\Documents\LED_blink.asm
2013-06-25 14:56 - 2013-06-25 14:56 - 00002295 _____ C:\Users\Standard\Documents\LED_blink.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00002267 _____ C:\Users\Standard\Documents\test2.aps
2013-06-25 14:37 - 2013-06-25 14:37 - 00000318 _____ C:\Users\Standard\Documents\test2.aws
2013-06-25 14:37 - 2013-06-25 14:37 - 00000000 _____ C:\Users\Standard\Documents\test2.asm
2013-06-25 08:45 - 2013-06-25 08:45 - 00000345 _____ C:\Users\Standard\Documents\test1.aws
2013-06-25 08:44 - 2013-06-25 08:44 - 00002649 _____ C:\Users\Standard\Documents\test1.aps
2013-06-25 08:44 - 2013-06-25 08:44 - 00000000 _____ C:\Users\Standard\Documents\test1.asm
2013-06-24 11:35 - 2013-05-02 11:30 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-24 00:37 - 2013-01-31 18:25 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-20 10:22 - 2013-06-20 10:22 - 00001046 _____ C:\Users\Standard\Desktop\Cathy.exe.lnk
2013-06-20 10:22 - 2010-04-25 11:18 - 00000000 ___RD C:\GwkTools
2013-06-19 19:35 - 2013-06-19 19:35 - 00004932 _____ C:\Windows\system32\jupdate-1.7.0_25-b16.log
2013-06-19 19:35 - 2013-03-05 12:59 - 00000000 ____D C:\Program Files\Java
2013-06-18 10:21 - 2013-06-18 10:21 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-15 20:00 - 2013-06-15 19:58 - 00000000 ____D C:\Users\Standard\Downloads\StopWatch

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 18:30

==================== End Of Log ============================
         
--- --- ---


mit Additions.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013
Ran by Standard at 2013-07-14 10:51:40
Running from C:\Users\Standard\Downloads\Trojaner-Board.de
Boot Mode: Normal
==========================================================

7-PDF Website Converter Version 1.0.5 (Build 127) (Version: 7-PDF Website Converter - Version 1.0.5 (Build 127))
7-Zip 9.20
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0)
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (Version: 7.1.0)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Creative Suite 2
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop Elements 11 (Version: 11.0)
Adobe Premiere Elements 11 (Version: 11.0)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Adobe SVG Viewer 3.0 (Version:  3.0)
Alcor Micro USB Card Reader (Version: 1.8.1217.36096)
Alltags-Adressen
Amazon Kindle
Ansoft Designer 2.2 SV
Any Video Converter 5.0.5
Ashampoo Burning Studio 2010 Advanced (Version: 9.2.4)
AtomicTime
Audacity 2.0
Audiograbber 1.83 SE  (Version: 1.83 SE )
Audiograbber Lame-MP3-Plugin (Version: 1.0)
Auslogics Disk Defrag (Version: 3.6)
Auslogics Duplicate File Finder (Version: 2.5)
Auslogics Registry Cleaner (Version: 2.5)
Avira Antivirus Premium (Version: 13.0.0.3737)
AVR Burn-O-Mat 2.1.2
AVR Jungo USB (Version: 10.2)
AVR Studio 4.19 (Version: 4.19.730)
BASCOM-8051 (Version: 2.0.15.0)
BASCOM-AVR (Version: 2.0.7.5)
BitTorrent (Version: 7.6.1)
Boot-US (Version: 3.0.2)
Canon i865
Canon LBP6000/LBP6018
CCleaner (Version: 4.02)
CDBurnerXP (Version: 4.5.0.3661)
Command Prompt Here PowerToy
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Compatibility Pack für 2007 Office System (Version: 12.0.6514.5001)
Corel Graphics Suite 11 (Version: 11)
Corel Paint Shop Pro Photo XI (Version: 11.20.0000)
Corel PaintShop Pro X4 (Version: 14.0.0.332)
Corel PaintShop Pro X4 (Version: 14.3.0.3)
Corel PaintShop Pro X4 Ultimate Bonus Pack
Corel PaintShop Pro X4 Ultimate Bonus Pack (Version: 1.00.0000)
CPUID CPU-Z 1.61
CrystalDiskInfo 5.0.0 (Version: 5.0.0)
CrystalDiskMark 3.0.2 (Version: 3.0.2)
DATA BECKER Graphic Works 10 (Version: 1.3.511.0)
Desktop Restore (Version: 1.6.3)
DriverAgent by eSupport.com
DU Meter (Version: 5.30)
EAGLE 5.11.0 (Version: 5.11.0)
EAGLE 6.4.0 (Version: 6.4.0)
EasyBCD 2.2 (Version: 2.2)
EleLa Version V1.2.12207 (Version: V1.2.12207)
Elements 11 Organizer (Version: 11.0)
EPSON Scan
EPU-6 Engine (Version: 1.02.04)
EVEREST Ultimate Edition v5.50 (Version: 5.50)
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
FinePrint
Foxit Reader (Version: 5.4.5.114)
Free Download Manager 3.9
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
FrontDesigner 3.0
Frontplatten Designer (Version: 4.1.4)
GALEP32 Version 1.19.99
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GPL Ghostscript (Version: 9.04)
GSview 5.0 (Version: 5.0)
Ham Radio Deluxe (Version: 1.4)
HD Tune Pro 5.00
HoverIP v1.0 beta (Version: 1.0 beta)
ICA (Version: 14.0.0.332)
Icon Restore 1.0
ImgBurn (Version: 2.5.5.0)
Inkscape 0.48.3.1 (Version: 0.48.3.1)
Intel(R) Rapid Storage Technology (Version: 11.1.0.1006)
IPM_PSP_COM (Version: 14.0.0.332)
IrfanView (remove only) (Version: 4.36)
IsoBuster 3.1 (Version: 3.1)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
JMicron JMB36X Driver (Version: 1.17.62.0)
KMLManager (Version: 1.0.0)
LibreOffice 4.0 Help Pack (German) (Version: 4.0.2.2)
LibreOffice 4.0.2.2 (Version: 4.0.2.2)
LochMaster 4.0 (Demo)
LTspice IV
Magical Jelly Bean KeyFinder (Version: 2.0.8.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
marvell 61xx (Version: 1.2.0.7100)
marvell 91xx driver (Version: 1.2.0.1014)
MediaInfo Lite 0.7.57 (Version: 0.7.57)
Meter (Version: 2.40)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 DEU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Visual Basic 2010 Express - DEU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
mini dB-Rechner 1.3.2
mini Ringkern-Rechner 1.2 (Version: 1.2)
MozBackup 1.5.1
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
Mp3 Renatager
Mp3tag v2.52 (Version: v2.52)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 11 (Version: 11.2.00600)
Nero 11 DiscSpeed (Version: 11.0.00400)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.2.18400.2.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10400)
Nero Backup Drivers (Version: 12.0.4000)
Nero Blu-ray Player (Version: 12.0.20012)
Nero Burning ROM 11 (Version: 11.2.10300.0.0)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero Cliparts (Version: 12.0.11500)
Nero ControlCenter (Version: 11.0.15500)
Nero ControlCenter Help (CHM) (Version: 12.0.5000)
Nero Core Components (Version: 11.0.19400)
Nero CoverDesigner 11 (Version: 6.0.11000.13.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Disc Menus Basic (Version: 12.0.11500)
Nero DiscSpeed 11 (Version: 7.0.10400.2.100)
Nero DiscSpeed 11 Help (CHM) (Version: 11.0.10000)
Nero Effects Basic (Version: 12.0.11500)
Nero Express 11 (Version: 11.2.10300.0.0)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Image Samples (Version: 12.0.11500)
Nero Kwik Media (Version: 1.18.19600)
Nero Kwik Media Help (CHM) (Version: 12.0.3000)
Nero Kwik Themes Basic (Version: 12.0.11500)
Nero PiP Effects Basic (Version: 12.0.11500)
Nero Recode 11 (Version: 5.2.11300.0.0)
Nero Recode 11 Help (CHM) (Version: 11.0.10600)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SharedVideoCodecs (Version: 1.0.12100.2.0)
Nero SoundTrax 11 (Version: 5.0.10700.6.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.11500.28.0)
Nero Video 11 (Version: 8.2.16000.4.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero Video Samples (Version: 12.0.11500)
Nero WaveEditor 11 (Version: 6.2.11300.0.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20010)
NewsBin Pro (Version: 5.57)
NewsBin Pro 4.3
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.3.1)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia PC Suite (Version: 7.1.180.94)
NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
ODF Add-In für Microsoft Office (Version: 4.0.5309.0)
Opera 12.01 (Version: 12.01.1532)
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
PC Connectivity Solution (Version: 12.0.27.0)
PDFCreator (Version: 1.7.0)
Picture Control Utility (Version: 1.4.3)
Ping Plotter
PingPlotter Pro 3.20.1p (Version: 3.20.1p)
PL-2303 USB-to-Serial (Version: 1.1.0)
Platform (Version: 1.34)
PRE11 STI Installer (Version: 11.0)
PSE11 STI Installer (Version: 11.0)
PSPPContent (Version: 14.0.0.332)
PSPPHelp (Version: 14.0.0.332)
Q-Dir
QuickPhrase 4.0.0.93 (Version: 4.0.0.93)
R Color Code
Realtek Ethernet Controller Driver (Version: 7.61.612.2012)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Recuva (Version: 1.42)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Resonic Alpha (Version: 0.5.840.0)
SchnapperPlus 1.8.60 (Version: 1.8.60)
Screenpresso (HKCU Version: 1.3.8.0)
SeaMonkey 2.14.1 (x86 de) (Version: 2.14.1)
Security Task Manager 1.8g (Version: 1.8g)
Setup (Version: 14.0.0.332)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Silicon Laboratories CP210x VCP Drivers for Windows 7 (Version: 5.40.24)
Skype™ 5.0 (Version: 5.0.152)
Speccy (Version: 1.20)
sPlan 7.0
Sprint-Layout 5.0
Sprint-Layout 6.0
StampPlot Version 3.8 (Version: 3.8.0)
StreamTransport version: 1.0.2.2171
Suite Specific (Version: 2.0.0)
SUNIX Multi IO Controller (Version: 8.0.0.0)
SUNIX Multi-IO Controller (Version: 7.2.0.0)
SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (Version: +Recorder.2013.55)
swMSM (Version: 12.0.0.1)
TagScanner 5.1 build 571
Target 3001! V15 discover (Version: )
TCJ My Stock DB v2 (Version: 2)
TechPowerUp GPU-Z
TEMP-SERVER CLIENT (Version: 1.0)
TextPad 5 (Version: 5.4.2)
ThumbsPlus (Version: 8.0)
ThumbsPlus 6.0
Total Commander (Remove or Repair) (Version: 8.01)
TubeData
TuneUp Utilities 2012 (Version: 12.0.3600.114)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.114)
TweakNow RegCleaner 2012 (Version: 7.2.1)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
USB AVR-Lab Tool 5.10 (Version: 5.10)
USB Multi-Channel Audio Device
USB/DVD-Downloadtool für Windows 7 (Version: 1.0.30)
USBprog 0.2.0 (Version: 0.2.0)
USB-WETTER-SERVER CLIENT (Version: 1.0)
Usenet.nl
VBA (2701.01) (Version: 6.03.00.9402)
VIA Plattform-Geräte-Manager (Version: 1.34)
ViewNX 2 (Version: 2.3.2)
Vista Shortcut Manager (Version: 2.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (Version: 4.0.8080.0)
VLC media player 2.0.7 (Version: 2.0.7)
WaveLab 6 (Version: 6.1.0.340)
Welcome App (Start-up experience) (Version: 11.0.23500.0.0)
Winamp (remove only)
WinAVR 20100110 (remove only) (Version: 20100110)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Mode (Version: 1.3.7600.16422)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
WinHTTrack Website Copier 3.44-1 (Version: 3.44.1)
WinNWT4 Version 4.11.08
WinRAR
WinZip 14.0 (Version: 14.0.8708)
ZL11.4 (Version: 1.00.0000)
Zotero Standalone 3.0.14 (x86 en-US) (Version: 3.0.14)
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2010-06-09 11:19 - 2013-07-13 13:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0491A223-63C9-4036-9347-5455A95C14DC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-07-04] (TuneUp Software)
Task: {2E655F28-B6E2-4270-A358-E81A4E1623BA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {337B2718-AC4D-4531-BBC2-0B7D5F173759} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated)
Task: {57A29E9F-B610-4388-BF0B-AFBA02FD842B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {6E89FAC9-92AE-45C2-B2EC-AD4734618F12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03] (Google Inc.)
Task: {79B73834-A812-4307-A04B-CA0F0B0AA5E8} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2009-10-02] (ASUSTeK Computer Inc.)
Task: {8E4FAB42-33F2-466A-9B15-5AD4F80721DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03] (Google Inc.)
Task: {AA3B78DA-B6EB-46CB-A9B8-2EC53F81C242} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {B0EAD5BC-9079-4113-A6BE-A546C43F0B68} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {E9B4EB92-0D84-45C7-A110-CD897D466891} - System32\Tasks\{FDA2CEF9-1FA2-4D9F-9049-E33A681AF15B} => C:\Program Files\Skype\Phone\Skype.exe [2010-10-11] (Skype Technologies S.A.)
Task: {F41BB0BD-7237-40AC-8DB7-F1E615D1EFC1} - System32\Tasks\User_Feed_Synchronization-{F0EAC7B4-2CBD-4BEB-B335-E57A7AAC51FF} => C:\Windows\system32\msfeedssync.exe [2013-03-13] (Microsoft Corporation)
Task: {FE58C4D4-058C-4E77-B26A-87C89B06C6E0} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2013 10:45:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:28:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 07:59:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 07:11:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/13/2013 05:28:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 05:05:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/14/2013 10:46:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/14/2013 10:46:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/14/2013 08:29:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/14/2013 08:29:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/13/2013 08:00:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/13/2013 08:00:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/13/2013 05:29:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/13/2013 05:29:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/13/2013 05:06:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/13/2013 05:06:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (07/14/2013 10:45:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:28:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 07:59:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 07:11:22 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe

Error: (07/13/2013 05:28:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 05:05:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 3582.05 MB
Available physical RAM: 2551.95 MB
Total Pagefile: 7162.38 MB
Available Pagefile: 6019.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.46 MB

==================== Drives ================================

Drive c: (Boot_C) (Fixed) (Total:488.28 GB) (Free:385.05 GB) NTFS
Drive d: (HD_D) (Fixed) (Total:443.13 GB) (Free:46.04 GB) NTFS
Drive e: (HD_E) (Fixed) (Total:915.75 GB) (Free:428.79 GB) NTFS
Drive f: (HD_F) (Fixed) (Total:947.26 GB) (Free:280.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9013A31C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 05C23984)
Partition 1: (Not Active) - (Size=916 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=947 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Jetzt bin ich aber gespannt,
gonde

Alt 14.07.2013, 12:46   #10
schrauber
/// the machine
/// TB-Ausbilder
 

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Standard\Local Settings\Temp\*.*
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.07.2013, 13:19   #11
gonde
 
PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Aha, das war die weniger anstrengende Art die Files zu löschen! :-)

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-07-2013
Ran by Standard at 2013-07-14 14:09:11 Run:1
Running from C:\Users\Standard\Downloads\Trojaner-Board.de
Boot Mode: Normal

==============================================


"C:\Users\Standard\Local Settings\Temp\*.*" directory move:

Could not move "C:\Users\Standard\Local Settings\Temp\*.*" directory. => Scheduled to move on reboot.


=========== Result of Scheduled Files to move ===========
"C:\Users\Standard\Local Settings\Temp\*.*" => Directory could not move.

==== End of Fixlog ====
         
Ich nehme mal an, das wars! Sehr lehrreich und spannend!
Eigentlich wäre ja eine Neuinstallation richtig gewesen, aber du hast ja selbst gesehen, was da alles drauf ist an Programmen und fast jedes hat eine persönliche Einstellung. Das wäre dann eine Sache von mindestens 1 Woche und trotzdemnicht 1:1, weil ja auch einiges undokumentiert ist! :-)
Ansonsten läuft ja alles wirklich gut und flott und so bin ich froh noch einmal der Neuinstallation entkommen zu sein!

Auf jeden Fall vielen herzlichen Dank für die Hilfe sagt,
gonde

Alt 14.07.2013, 18:30   #12
schrauber
/// the machine
/// TB-Ausbilder
 

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.07.2013, 19:03   #13
gonde
 
PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Hallo schrauber,

Du bist wirklich ein guter Schrauber!
Die meisten Hints habe ich schon vorher befolgt, mit Ausnahme von CCleaner.
Die TunUpUtilities kann ich wahrscheinlich auch runterschmeissen?

Jedenfall recht herzlichen Dank für Deine Hilfe - jetzt ist mir wirklich wohler mit meinem "Lieblingsrechner".

Mit freundlichen Grüßen,
gonde

Alt 14.07.2013, 19:09   #14
schrauber
/// the machine
/// TB-Ausbilder
 

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden



Jep, TuneUp weg

und gern geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden
antivir, application/pdf:, avira, becker, bluescreen, converter, dvdvideosoft ltd., entfernen, error, firefox, flash player, format, free download, ftp, kaspersky, mozilla, mp3, programm, pum.userwload, realtek, registry, software, starten, super, trojan.ransom, win32/kryptik.bavy



Ähnliche Themen: PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden


  1. PUM.UserWLoad und Trojan.Ransom kann nicht entfernt werden!
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (19)
  2. Trojan.Ransom, Pum.userWload, PuP.Keygm.Intro
    Log-Analyse und Auswertung - 09.09.2013 (23)
  3. Windows 7 , 64Bit: Malwarebytes findet PUM.UserWLoad und Trojan.Ransom
    Log-Analyse und Auswertung - 09.09.2013 (14)
  4. WIN 7: Malwarebytes Anti-Malware meldet "PUM.UserWLoad" & "Trojan.Ransom"
    Log-Analyse und Auswertung - 04.09.2013 (21)
  5. PUM.UserWLoad & Trojan.Ransom - "schrauber"
    Lob, Kritik und Wünsche - 15.07.2013 (0)
  6. Malwarebytes hat Trojan.Ransom.SUGen gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (22)
  7. PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (24)
  8. EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (20)
  9. Bei einem Virencheck pum.userwload und trojan.ransom gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (9)
  10. GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes
    Log-Analyse und Auswertung - 01.03.2013 (19)
  11. pum.userwload, trojan.agent und trojan.ransom gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (10)
  12. Trojaner: Ransom und PUM.UserWLoad
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (30)
  13. trojan.ransom und PUM-UserWLoad
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (21)
  14. BKA-Virus, PUM.UserWLoad, Trojan.Delf, Trojan.Ransom.Gen, alles auf einmal
    Log-Analyse und Auswertung - 18.11.2012 (23)
  15. Malwarebytes meldet (Trojan.Ransom.ANC)
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (7)
  16. laut Malwarebytes ist mein PC von Trojan.Ransom betroffen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (20)
  17. Trojan.Ransom mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (25)

Zum Thema PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Hallo, ich habe von Malwarebytes diese Einträge gefunden und durch das Prg. entfernen lassen. Nach Neustart habe ich ungewohnterweise den Malwarebyte nocheinmal, zur Bestätigung der Entfernung der Reg Einträge, laufen - PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden...
Archiv
Du betrachtest: PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.