Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Admin Profil nicht mehr da - Widgi Toolbar

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.08.2013, 17:53   #1
mariheli
 
Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Hallo liebe Trojaner-Board-Fachleute,

als ich kürzlich das Admin Profil öffnen wollte, war dieses nicht mehr zugänglich. Stattdessen erschien ein temporäres Profil. Ich habe ein neues Admin-profil erstellt und Malwarebytes laufen lassen. Das fand folgende Malware:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Admin neu :: SCHORSCH [Administrator]

14.08.2013 13:13:46
mbam-log-2013-08-14 (13-13-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 554914
Laufzeit: 1 Stunde(n), 26 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 46
HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\IminentWebBooster.ActiveContentHandle.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\IminentWebBooster.ActiveContentHandler (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\IminentWebBooster.BrowserHelperObject.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\IminentWebBooster.BrowserHelperObject (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.ClientCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.ContractBase (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.GameOverCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.GetCreditCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.InstallationContextResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.LoginCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.LogoutCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.MyAccountCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.PlayContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.PostContentCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.SetVariableCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.TestContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.WarmUpCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.DataContracts.WelcomeCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.ServerCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.Communication.ServerResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.LightContent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.LightUri (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Iminent.Mediator.MediatorServiceProxy (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 10
C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter_2\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter_2\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ruth\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ruth\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 10
C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter\Downloads\agsetup183se.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1031.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter_2\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter_2\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ruth\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ruth\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Danach habe unter anderem noch Spybot search & destroy laufen lassen, und ich bekomme immer folgende Meldung:

Code:
ATTFilter
--- Search result list ---
Widgi.Toolbar: [SBI $21855786] User settings (Registry key, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $21855786] User settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $BA954ED7] User settings (Registry key, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $BA954ED7] User settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
         
Ansonsten läuft alles ganz normal, kein anderes Virenprogramm findet noch was.

Kann mir jemand sagen, wie ich diese Einträge los bekomme? Die Systemscans laut Euren Anweisungen als Anlage gezippt.



Schon mal vielen Dank für Eure Hilfe!

Alt 16.08.2013, 19:09   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Hi,

Die anderen logs bitte ebenso in den thread posten.
__________________

__________________

Alt 16.08.2013, 20:35   #3
mariheli
 
Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Hallo schrauber, lt. Mitteilung waren die Log-Dateien zu groß, deshalb als ZIP-Anhang.

Ich versuch die Dateien nochmal einzubinden:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-16 17:19:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINN~1\AppData\Local\Temp\pxlcypog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                           fffff800031eb000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591                                                                                           fffff800031eb02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                              0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                  0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                               0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Windows\system32\svchost.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\svchost.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\svchost.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\svchost.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                     0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                         0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                  0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                      0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                   0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1808] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                           0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1808] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                               0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1808] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                            0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files (x86)\Acer\Registration\GregHSRW.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                            0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\Acer\Registration\GregHSRW.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\Acer\Registration\GregHSRW.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                             0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Windows\SysWOW64\svchost.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Windows\SysWOW64\svchost.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Windows\SysWOW64\svchost.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                  0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                      0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                   0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                  0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                      0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                   0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                      0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                          0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                       0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                   0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Windows\system32\svchost.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\svchost.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\svchost.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\svchost.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\system32\svchost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\svchost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\svchost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\svchost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                            0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                             0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory  0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory      0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory   0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                   0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                       0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                    0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                     0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                  0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                        0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                            0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                         0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                     0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                    0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                        0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                     0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                 0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                        0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                            0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                         0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                     0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\system32\svchost.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\svchost.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\svchost.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\svchost.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\System32\WUDFHost.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\System32\WUDFHost.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\System32\WUDFHost.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\System32\WUDFHost.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                       0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                           0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                        0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Windows\system32\SearchIndexer.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                            0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\SearchIndexer.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\SearchIndexer.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                             0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\SearchIndexer.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                         0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                               0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                   0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                            0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\System32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\System32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\System32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\System32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\system32\winlogon.exe[13164] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\winlogon.exe[13164] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\winlogon.exe[13164] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\winlogon.exe[13164] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                             0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\system32\atieclxx.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\atieclxx.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\atieclxx.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\atieclxx.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\system32\taskhost.exe[12932] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\taskhost.exe[12932] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\taskhost.exe[12932] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\taskhost.exe[12932] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                             0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\system32\Dwm.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                      0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\Dwm.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                          0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\Dwm.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                       0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\Dwm.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                   0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\Explorer.EXE[13628] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                         0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\Explorer.EXE[13628] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                             0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\Explorer.EXE[13628] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                          0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\Explorer.EXE[13628] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                      0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[13444] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                 0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[13444] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                     0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[13444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                  0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[13444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                              0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[12228] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                    0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[12228] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                        0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[12228] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                     0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[12228] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                 0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files\Windows Sidebar\sidebar.exe[11616] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                    0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files\Windows Sidebar\sidebar.exe[11616] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                        0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files\Windows Sidebar\sidebar.exe[11616] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                     0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files\Windows Sidebar\sidebar.exe[11616] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                 0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                      0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                          0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                       0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                             0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                 0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                              0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                     0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                  0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[13988] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                   0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[13988] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                       0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[13988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                    0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[13988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                   0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                       0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                    0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                     0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                         0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[11488] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                     0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[11488] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                         0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[11488] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                              0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                  0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                               0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                     0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                  0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3840] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                     0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3840] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                         0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3840] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                      0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[13252] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                      0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[13252] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                          0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[13252] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                       0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Windows\splwow64.exe[12920] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                         0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\splwow64.exe[12920] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                             0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\splwow64.exe[12920] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                          0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\splwow64.exe[12920] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                      0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[12736] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                             0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[12736] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                 0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[12736] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                              0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[12736] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                          0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Windows\system32\wbem\wmiprvse.exe[12984] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           0000000076d11430 5 bytes JMP 0000000076e70010
.text     C:\Windows\system32\wbem\wmiprvse.exe[12984] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               0000000076d11490 5 bytes JMP 0000000076e70028
.text     C:\Windows\system32\wbem\wmiprvse.exe[12984] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            0000000076d117b0 1 byte JMP 0000000076e70040
.text     C:\Windows\system32\wbem\wmiprvse.exe[12984] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                        0000000076d117b2 3 bytes {JMP 0x15e890}
.text     C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                     0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                  0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               0000000074c71465 2 bytes [C7, 74]
.text     C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2
.text     C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                      0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text     C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                          0000000076ebfb58 5 bytes JMP 000000017463f830
.text     C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                       0000000076ec0038 5 bytes JMP 000000017463f750
.text     C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    0000000074c71465 2 bytes [C7, 74]
.text     C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                   0000000074c714bb 2 bytes [C7, 74]
.text     ...                                                                                                                                                          * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [1056:1820]                                                                                                                  000007fef8f893d0
Thread    C:\Windows\System32\svchost.exe [1056:1876]                                                                                                                  000007fefe2ea808
Thread    C:\Windows\system32\svchost.exe [2376:4196]                                                                                                                  000007fef7b244e0
Thread    C:\Windows\system32\Dwm.exe [6264:13808]                                                                                                                     000007fef8f893d0
Thread    C:\Windows\system32\Dwm.exe [6264:11000]                                                                                                                     000007fef30df0d8
Thread    C:\Windows\system32\Dwm.exe [6264:5804]                                                                                                                      000007fef93fabf0

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 01
Ran by Peter_2 (ATTENTION: The logged in user is not administrator) on 16-08-2013 17:01:57
Running from C:\Users\Peter_2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKCU\...\Run: [Google Update] - C:\Users\Peter_2\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-15] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
MountPoints2: {901e873c-614b-11e0-963e-001f16fb9380} - J:\pushinst.exe
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog9 01 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Peter_2\AppData\Roaming\Mozilla\Firefox\Profiles\nbsb8qcq.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "file:///C:/Users/Peter_2/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4d654c90.pac"
FF NetworkProxy: "no_proxies_on", ""
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Peter_2\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Peter_2\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Peter_2\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Peter_2\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Peter_2\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] C:\Program Files (x86)\AVG\AVG2012\Thunderbird\

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "hxxp://www.google.de/"]},"sync_promo":{"startup_count":1,"user_skipped":true,"view_count":1},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs"
CHR Extension: (Iminent) - C:\Users\Peter_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\5.14.1.0_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Peter_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-24] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1830768 2013-08-15] (SurfRight B.V.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-02] (AVG Secure Search)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] ()

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-02] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-08-15] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-08-15] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SMR210; C:\Windows\System32\drivers\SMR210.SYS [96376 2012-01-22] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:58 - 2013-08-16 16:59 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-16 14:13 - 2013-08-16 14:13 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:49 - 2013-08-15 15:50 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:52 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-08-15 15:39 - 2013-08-15 15:42 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-08-15 15:39 - 2013-08-15 15:42 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-08-15 15:39 - 2013-08-15 15:42 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:17 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-24 15:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 13:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:17 - 2013-07-24 13:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:17 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 14:17 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 14:17 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 14:17 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 14:15 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 14:15 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 14:15 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 14:15 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 14:15 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 14:15 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 14:15 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 19:24 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-16 14:40 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-16 16:07 - 00000896 _____ C:\Windows\setupact.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00005250 _____ C:\Windows\PFRO.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:09 - 2013-08-14 13:10 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-16 16:58 - 00000000 ____D C:\Users\Admin neu
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:31 - 2012-10-13 10:07 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\TuneUp Software
2013-08-11 09:28 - 2013-08-11 09:29 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-03 20:11 - 2013-08-12 11:19 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-07-27 12:28 - 2013-08-15 16:28 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys

==================== One Month Modified Files and Folders =======

2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:59 - 2013-08-16 16:58 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:58 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 16:17 - 2012-03-31 17:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-16 16:07 - 2013-08-14 14:58 - 00000896 _____ C:\Windows\setupact.log
2013-08-16 16:06 - 2013-06-04 19:46 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-16 16:06 - 2009-12-10 21:15 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-16 16:04 - 2012-03-15 22:36 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004UA.job
2013-08-16 16:04 - 2009-12-10 21:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-16 14:40 - 2013-08-14 15:13 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-16 14:13 - 2013-08-16 14:13 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-16 14:13 - 2012-09-05 19:03 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-16 14:13 - 2010-05-26 18:19 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-16 13:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-16 12:39 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-16 12:39 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-16 12:33 - 2006-10-10 01:06 - 01912910 _____ C:\Windows\WindowsUpdate.log
2013-08-16 12:29 - 2010-11-16 18:30 - 00000000 ____D C:\ProgramData\MFAData
2013-08-16 12:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 16:31 - 2009-07-14 07:13 - 01519798 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 16:31 - 2006-10-10 10:57 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-15 16:31 - 2006-10-10 10:57 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-15 16:28 - 2013-07-27 12:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:26 - 2009-11-29 10:58 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2009-08-14 20:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 15:57 - 2013-07-04 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 15:57 - 2009-11-25 00:12 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-15 15:52 - 2013-08-15 15:39 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-08-15 15:51 - 2012-03-31 17:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 15:51 - 2011-06-02 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:50 - 2013-08-15 15:49 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:50 - 2012-09-05 19:02 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-15 15:50 - 2012-07-05 22:05 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-08-15 15:50 - 2012-03-12 17:59 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-15 15:50 - 2011-02-06 19:30 - 00000000 ____D C:\Users\Peter_2
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:47 - 2012-03-09 23:20 - 00000000 ____D C:\Users\Peter_2\AppData\Local\CrashDumps
2013-08-15 15:42 - 2013-08-15 15:39 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-08-15 15:42 - 2013-08-15 15:39 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-08-15 15:42 - 2013-08-15 15:39 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:23 - 2009-11-21 14:10 - 00000000 ____D C:\Users\Peter
2013-08-15 14:19 - 2009-11-29 11:23 - 00000000 ____D C:\Users\Peter\Documents\Dokumente Peter
2013-08-15 09:22 - 2012-11-04 22:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-14 19:37 - 2012-03-15 23:05 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\vlc
2013-08-14 19:24 - 2013-08-14 18:22 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 00005250 _____ C:\Windows\PFRO.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 14:58 - 2012-03-31 17:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-14 13:13 - 2012-01-22 19:01 - 00000000 ____D C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE 
2013-08-14 13:13 - 2012-01-22 18:57 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-14 13:13 - 2010-05-12 07:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:11 - 2009-12-26 11:59 - 00000000 ____D C:\Windows\Minidump
2013-08-14 13:10 - 2013-08-14 13:09 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:34 - 2012-02-21 14:43 - 00000000 ____D C:\Users\Peter_2\Documents\Mein Steuer-Sparbuch Heute
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:09 - 2012-01-08 10:40 - 00000000 ____D C:\Users\Public\Documents\Screensaver
2013-08-12 11:23 - 2011-02-13 21:39 - 00060416 ___SH C:\Users\Ruth\Thumbs.db
2013-08-12 11:23 - 2011-02-06 18:34 - 00000000 ____D C:\Users\Ruth
2013-08-12 11:19 - 2013-08-03 20:11 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-08-12 11:04 - 2012-03-15 22:36 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004Core.job
2013-08-11 09:29 - 2013-08-11 09:28 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-10 12:04 - 2010-03-28 18:47 - 00001212 _____ C:\Windows\wiso.ini
2013-08-03 19:43 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-03 16:09 - 2011-02-06 23:05 - 00000000 ____D C:\Users\Ruth\Dokumente Ruth
2013-08-02 10:54 - 2013-06-18 20:13 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-08-02 10:53 - 2012-09-04 20:23 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-31 11:29 - 2010-03-28 18:47 - 00000000 ____D C:\Users\Peter\Documents\Mein Sparbuch Heute
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-07-31 11:26 - 2011-02-21 23:51 - 00000000 ____D C:\Users\Peter_2\AppData\Local\Google
2013-07-30 18:30 - 2011-07-18 19:25 - 00003226 _____ C:\Users\Ruth\AppData\Roaming\wklnhst.dat
2013-07-30 18:16 - 2012-10-04 19:28 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 11:25 - 2013-08-15 14:17 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 14:17 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 15:40 - 2013-08-15 14:17 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-24 13:43 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-24 13:23 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-19 03:58 - 2013-08-15 14:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-15 14:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:59 on 16/08/2013 (Admin neu)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Die Log Datei Addition passt nicht mehr rein (Gesamtgröße von 120000 Zeichen überschritten)

LG Mariheli
__________________

Alt 17.08.2013, 23:27   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.08.2013, 14:44   #5
mariheli
 
Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Hallo Schrauber, jetzt habe ich mir irgend ein Problem eingehandelt. Habe Combofix nach Anweisung gestartet, es hat eine halbe Stunde gesucht und dann mitgeteilt, dass er einige Dateien löscht und dann angefangen, Fenster aufzupoppen mit der Meldung "ComboFix\prv.3xE und noch einer anderen Meldung, die ich aber nicht lesen kann, da die Fenster so schnell aufpoppen und verschwinden, dass ich es nicht lesen kann. Nachdem er diese mehrere Stunden gemacht hat, habe ich den Computer mehrmals neu gestartet, aber es passiert immer das selbe; die Fenster poppen rasend schnell auf und verschwinden wieder. (Schreibe jetzt vom Laptop).

Ergänzung: Habe jetzt das Programm nochmal neu gestartet, er scannt jetzt, mal sehen, was passiert, poste dann das Ergebnis.

Wie kriege ich das Problem wieder weg?

LG mariheli

Hallo Schrauber, jetzt habe ich Combofix nochmal laufen lassen. Es hat eine Stunde gescannt und ist dann bei Verzeichnis 46 stehen geblieben und hat nichts mehr gemacht. Ich habe das Programm jetzt geschlossen, die Pop-Ups sind weg, ein Logfile hat das Programm nicht erstellt. Problem ist, das ich jetzt nicht mehr ins Internet komme, trotz aktiver Wlan/LAn Verbindung? Was mach ich jetzt am besten?
LG Mariheli


Geändert von mariheli (18.08.2013 um 12:52 Uhr)

Alt 18.08.2013, 16:52   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



HI,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Admin Profil nicht mehr da - Widgi Toolbar

Alt 18.08.2013, 17:41   #7
mariheli
 
Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Hallo Schrauber, anliegend die Ergebnisse. Muss die Programme immer über meinen Laptop zum Rechner kopieren und zurück, da die Internetverbindung nach wie vor nicht geht. Habe mal Google gepingt, das klappt aber.

Hier die Ergebnisse:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by Admin neu on 18.08.2013 at 18:18:13,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonicdownloader_fuer_mp3directcut_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonicdownloader_fuer_mp3directcut_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_clonedvd_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_clonedvd_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_webradio-gadget_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_webradio-gadget_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_clonedvd_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_clonedvd_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_webradio-gadget_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_webradio-gadget_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Admin neu\AppData\Roaming\mozilla\firefox\profiles\d6gb0lhc.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.08.2013 at 18:22:35,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 18/08/2013 um 18:10:52 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin neu - SCHORSCH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter_2\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKU\S-1-5-21-1347085348-892770594-766104875-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sunhn9og.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\xhfp38qs.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Peter_2\AppData\Roaming\Mozilla\Firefox\Profiles\nbsb8qcq.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Admin neu\AppData\Roaming\Mozilla\Firefox\Profiles\d6gb0lhc.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [28558 octets] - [15/08/2013 15:48:12]
AdwCleaner[S1].txt - [28839 octets] - [15/08/2013 15:49:54]
AdwCleaner[S2].txt - [1524 octets] - [18/08/2013 18:10:52]

########## EOF - \AdwCleaner[S2].txt - [1584 octets] ##########
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 01
Ran by Admin neu (administrator) on 18-08-2013 18:26:15
Running from C:\Users\Peter_2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [combofix] - C:\ComboFix\CF30478.3XE /c C:\ComboFix\Combobatch.bat [x]
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\TEMP\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
BootExecute: 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin neu\AppData\Roaming\Mozilla\Firefox\Profiles\d6gb0lhc.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] C:\Program Files (x86)\AVG\AVG2012\Thunderbird\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-24] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-02] (AVG Secure Search)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] ()

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-02] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SMR210; C:\Windows\System32\drivers\SMR210.SYS [96376 2012-01-22] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-18 18:22 - 2013-08-18 18:22 - 00002852 _____ C:\Users\Admin neu\Desktop\JRT.txt
2013-08-18 18:18 - 2013-08-18 18:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 18:10 - 2013-08-18 18:11 - 00001651 _____ C:\Users\Peter_2\Desktop\AdwCleaner[S2].txt
2013-08-18 18:10 - 2013-08-18 18:08 - 01018166 _____ (Thisisu) C:\Users\Peter_2\Desktop\JRT.exe
2013-08-18 18:10 - 2013-08-18 18:07 - 00666633 _____ C:\Users\Peter_2\Desktop\adwcleaner.exe
2013-08-18 13:41 - 2013-08-18 14:29 - 00000000 ___SD C:\ComboFix
2013-08-18 10:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-18 10:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-18 10:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-18 10:18 - 2013-08-18 11:20 - 00000000 ____D C:\Windows\erdnt
2013-08-18 10:18 - 2013-08-18 10:18 - 00000000 ____D C:\Qoobox
2013-08-18 10:13 - 2013-08-18 10:14 - 05105390 ____R (Swearware) C:\Users\Peter_2\Desktop\ComboFix.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-16 18:43 - 2013-08-16 18:43 - 00008767 _____ C:\Users\Peter_2\Desktop\FRST.zip
2013-08-16 18:43 - 2013-08-16 18:43 - 00007509 _____ C:\Users\Peter_2\Desktop\Addition.zip
2013-08-16 18:42 - 2013-08-16 18:42 - 00004026 _____ C:\Users\Peter_2\Desktop\gmer.zip
2013-08-16 18:38 - 2013-08-16 18:38 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-16 18:37 - 2013-08-16 18:37 - 01110476 _____ C:\Users\Peter\Downloads\7z920.exe
2013-08-16 17:38 - 2013-08-16 17:46 - 00000803 _____ C:\Users\Peter_2\Desktop\SpybotSD.Results.txt
2013-08-16 17:38 - 2013-08-16 17:38 - 00317787 _____ C:\Users\Peter\Desktop\SpybotSD.Results.txt
2013-08-16 17:19 - 2013-08-16 17:19 - 00051796 _____ C:\Users\Peter_2\Desktop\gmer.txt
2013-08-16 17:04 - 2013-08-16 17:04 - 00377856 _____ C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe
2013-08-16 17:02 - 2013-08-16 21:31 - 00030507 _____ C:\Users\Peter_2\Desktop\Addition.txt
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:58 - 2013-08-16 16:59 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:49 - 2013-08-15 15:50 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Secunia PSI
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:17 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-24 15:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 13:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:17 - 2013-07-24 13:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:17 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 14:17 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 14:17 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 14:17 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 14:15 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 14:15 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 14:15 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 14:15 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 14:15 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 14:15 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 14:15 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 19:24 - 2013-08-14 19:24 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 19:24 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Macromedia
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Mozilla
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-16 14:40 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-18 18:23 - 00002072 _____ C:\Windows\setupact.log
2013-08-14 14:58 - 2013-08-18 14:55 - 00006354 _____ C:\Windows\PFRO.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:09 - 2013-08-14 13:10 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-18 17:31 - 00000000 ____D C:\Users\Admin neu
2013-08-12 18:31 - 2013-08-18 10:15 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Avg2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00085296 _____ C:\Users\ADMINN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-12 18:31 - 2013-08-12 18:31 - 00001443 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00001409 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Verlauf
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Musik
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Bilder
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Western Digital
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\VirtualStore
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\EgisTec
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:31 - 2012-10-13 10:07 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\TuneUp Software
2013-08-12 18:31 - 2009-11-22 22:55 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Microsoft Help
2013-08-12 18:31 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-12 18:31 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-11 09:28 - 2013-08-11 09:29 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-03 20:11 - 2013-08-12 11:19 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-27 12:28 - 2013-08-15 16:28 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys

==================== One Month Modified Files and Folders =======

2013-08-18 18:23 - 2013-08-18 18:23 - 00002852 _____ C:\Users\Peter_2\Desktop\JRT.txt
2013-08-18 18:23 - 2013-08-14 14:58 - 00002072 _____ C:\Windows\setupact.log
2013-08-18 18:23 - 2013-06-04 19:46 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-18 18:23 - 2012-02-21 14:43 - 00000000 ____D C:\Users\Peter_2\Documents\Mein Steuer-Sparbuch Heute
2013-08-18 18:23 - 2009-12-10 21:15 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-18 18:22 - 2013-08-18 18:22 - 00002852 _____ C:\Users\Admin neu\Desktop\JRT.txt
2013-08-18 18:20 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-18 18:20 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-18 18:18 - 2013-08-18 18:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 18:17 - 2012-03-31 17:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-18 18:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-18 18:11 - 2013-08-18 18:10 - 00001651 _____ C:\Users\Peter_2\Desktop\AdwCleaner[S2].txt
2013-08-18 18:11 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-18 18:11 - 2006-10-10 10:57 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-18 18:11 - 2006-10-10 10:57 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-18 18:11 - 2006-10-10 01:06 - 02009609 _____ C:\Windows\WindowsUpdate.log
2013-08-18 18:08 - 2013-08-18 18:10 - 01018166 _____ (Thisisu) C:\Users\Peter_2\Desktop\JRT.exe
2013-08-18 18:07 - 2013-08-18 18:10 - 00666633 _____ C:\Users\Peter_2\Desktop\adwcleaner.exe
2013-08-18 18:06 - 2010-11-16 18:30 - 00000000 ____D C:\ProgramData\MFAData
2013-08-18 18:04 - 2012-03-15 22:36 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004UA.job
2013-08-18 18:04 - 2009-12-10 21:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-18 17:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu
2013-08-18 17:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-18 14:55 - 2013-08-14 14:58 - 00006354 _____ C:\Windows\PFRO.log
2013-08-18 14:29 - 2013-08-18 13:41 - 00000000 ___SD C:\ComboFix
2013-08-18 11:20 - 2013-08-18 10:18 - 00000000 ____D C:\Windows\erdnt
2013-08-18 11:17 - 2011-02-15 13:38 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\Adobe
2013-08-18 11:04 - 2012-03-15 22:36 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004Core.job
2013-08-18 10:18 - 2013-08-18 10:18 - 00000000 ____D C:\Qoobox
2013-08-18 10:15 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Avg2013
2013-08-18 10:14 - 2013-08-18 10:13 - 05105390 ____R (Swearware) C:\Users\Peter_2\Desktop\ComboFix.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-17 19:35 - 2012-09-05 19:03 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-17 19:35 - 2010-05-26 18:19 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-16 21:31 - 2013-08-16 17:02 - 00030507 _____ C:\Users\Peter_2\Desktop\Addition.txt
2013-08-16 18:43 - 2013-08-16 18:43 - 00008767 _____ C:\Users\Peter_2\Desktop\FRST.zip
2013-08-16 18:43 - 2013-08-16 18:43 - 00007509 _____ C:\Users\Peter_2\Desktop\Addition.zip
2013-08-16 18:42 - 2013-08-16 18:42 - 00004026 _____ C:\Users\Peter_2\Desktop\gmer.zip
2013-08-16 18:38 - 2013-08-16 18:38 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-16 18:37 - 2013-08-16 18:37 - 01110476 _____ C:\Users\Peter\Downloads\7z920.exe
2013-08-16 17:46 - 2013-08-16 17:38 - 00000803 _____ C:\Users\Peter_2\Desktop\SpybotSD.Results.txt
2013-08-16 17:38 - 2013-08-16 17:38 - 00317787 _____ C:\Users\Peter\Desktop\SpybotSD.Results.txt
2013-08-16 17:35 - 2009-11-21 14:10 - 00000000 ____D C:\Users\Peter
2013-08-16 17:19 - 2013-08-16 17:19 - 00051796 _____ C:\Users\Peter_2\Desktop\gmer.txt
2013-08-16 17:04 - 2013-08-16 17:04 - 00377856 _____ C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:59 - 2013-08-16 16:58 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-16 14:40 - 2013-08-14 15:13 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-16 13:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 16:28 - 2013-07-27 12:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:26 - 2009-11-29 10:58 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2009-08-14 20:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 15:57 - 2013-07-04 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 15:57 - 2009-11-25 00:12 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-15 15:51 - 2012-03-31 17:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 15:51 - 2012-03-31 17:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 15:51 - 2011-06-02 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:50 - 2013-08-15 15:49 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:50 - 2012-09-05 19:02 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-15 15:50 - 2012-03-12 17:59 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-15 15:50 - 2011-02-06 19:30 - 00000000 ____D C:\Users\Peter_2
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:47 - 2012-03-09 23:20 - 00000000 ____D C:\Users\Peter_2\AppData\Local\CrashDumps
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Secunia PSI
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:19 - 2009-11-29 11:23 - 00000000 ____D C:\Users\Peter\Documents\Dokumente Peter
2013-08-15 09:22 - 2012-11-04 22:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-14 19:37 - 2012-03-15 23:05 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\vlc
2013-08-14 19:24 - 2013-08-14 19:24 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Adobe
2013-08-14 19:24 - 2013-08-14 18:22 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Macromedia
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Mozilla
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 14:58 - 2012-03-31 17:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-14 13:13 - 2012-01-22 19:01 - 00000000 ____D C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE 
2013-08-14 13:13 - 2012-01-22 18:57 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-14 13:13 - 2010-05-12 07:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:11 - 2009-12-26 11:59 - 00000000 ____D C:\Windows\Minidump
2013-08-14 13:10 - 2013-08-14 13:09 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-12 18:31 - 00085296 _____ C:\Users\ADMINN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-12 18:31 - 2013-08-12 18:31 - 00001443 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00001409 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Verlauf
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Musik
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Bilder
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Western Digital
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\VirtualStore
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\EgisTec
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:09 - 2012-01-08 10:40 - 00000000 ____D C:\Users\Public\Documents\Screensaver
2013-08-12 11:23 - 2011-02-13 21:39 - 00060416 ___SH C:\Users\Ruth\Thumbs.db
2013-08-12 11:23 - 2011-02-06 18:34 - 00000000 ____D C:\Users\Ruth
2013-08-12 11:19 - 2013-08-03 20:11 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-08-11 09:29 - 2013-08-11 09:28 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-10 12:04 - 2010-03-28 18:47 - 00001212 _____ C:\Windows\wiso.ini
2013-08-03 19:43 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-03 16:09 - 2011-02-06 23:05 - 00000000 ____D C:\Users\Ruth\Dokumente Ruth
2013-08-02 10:54 - 2013-06-18 20:13 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-08-02 10:53 - 2012-09-04 20:23 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-31 11:29 - 2010-03-28 18:47 - 00000000 ____D C:\Users\Peter\Documents\Mein Sparbuch Heute
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-31 11:26 - 2011-02-21 23:51 - 00000000 ____D C:\Users\Peter_2\AppData\Local\Google
2013-07-30 18:30 - 2011-07-18 19:25 - 00003226 _____ C:\Users\Ruth\AppData\Roaming\wklnhst.dat
2013-07-30 18:16 - 2012-10-04 19:28 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 11:25 - 2013-08-15 14:17 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 14:17 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 15:40 - 2013-08-15 14:17 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-24 13:43 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-24 13:23 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-19 03:58 - 2013-08-15 14:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-15 14:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 17:01

==================== End Of Log ============================
         
--- --- ---

--- --- ---


LG Mariheli

Alt 19.08.2013, 07:26   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Minidump Files
Klicke Go und poste den Inhalt der Result.txt.


Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.08.2013, 11:49   #9
mariheli
 
Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Hallo Schrauber,

anliegend die Logs

Code:
ATTFilter
Farbar Service Scanner Version: 18-08-2013
Ran by Peter_2 (ATTENTION: The logged in user is not administrator) on 19-08-2013 at 12:40:55
Running from "C:\Users\Peter_2\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         
Code:
ATTFilter
MiniToolBox by Farbar  Version: 13-07-2013
Ran by Peter_2 (ATTENTION: The logged in user is not administrator) on 19-08-2013 at 12:37:13
Running from "C:\Users\Peter_2\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 

"network.proxy.autoconfig_url", "file:///C:/Users/Peter_2/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4d654c90.pac"
"network.proxy.no_proxies_on", ""

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet  = LAN-Verbindung (Disconnected)
FRITZ!WLAN USB Stick v2 = Drahtlosnetzwerkverbindung 2 (Connected)
Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : Schorsch
   Prim„res DNS-Suffix . . . . . . . : 
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : FRITZ!WLAN USB Stick v2
   Physikalische Adresse . . . . . . : BC-05-43-04-4E-FE
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::4c5:6c63:e75a:a895%14(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 192.168.0.101(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 0.0.0.0
   Lease erhalten. . . . . . . . . . : Montag, 19. August 2013 12:25:10
   Lease l„uft ab. . . . . . . . . . : Montag, 26. August 2013 12:25:10
   Standardgateway . . . . . . . . . : 192.168.0.1
   DHCP-Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6-IAID . . . . . . . . . . . : 381420867
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-0C-BC-8D-55-00-1F-16-FB-93-80
   DNS-Server  . . . . . . . . . . . : 192.168.0.1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter LAN-Verbindung:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet 
   Physikalische Adresse . . . . . . : 00-1F-16-FB-93-80
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{1F803466-C1F1-4933-A73A-2C5D3C38EDE8}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter Teredo Tunneling Pseudo-Interface:

   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fb:3056:23c0:433f:360e(Bevorzugt) 
   Verbindungslokale IPv6-Adresse  . : fe80::3056:23c0:433f:360e%11(Bevorzugt) 
   Standardgateway . . . . . . . . . : ::
   NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
Server:  UnKnown
Address:  NULL

Fehler bei der Initialisierung der Windows Sockets-Schnittstelle. Allgemeiner Fehler. 
Server:  UnKnown
Address:  NULL

Fehler bei der Initialisierung der Windows Sockets-Schnittstelle. Allgemeiner Fehler. 
Fehler bei der Initialisierung der Windows Sockets-Schnittstelle. Allgemeiner Fehler. 
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 02 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 03 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 04 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 05 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 06 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 18 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/19/2013 00:27:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Name des fehlerhaften Moduls: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00015810
ID des fehlerhaften Prozesses: 0x17c0
Startzeit der fehlerhaften Anwendung: 0xavgidsagent.exe0
Pfad der fehlerhaften Anwendung: avgidsagent.exe1
Pfad des fehlerhaften Moduls: avgidsagent.exe2
Berichtskennung: avgidsagent.exe3

Error: (08/19/2013 00:25:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Name des fehlerhaften Moduls: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00015810
ID des fehlerhaften Prozesses: 0x6b0
Startzeit der fehlerhaften Anwendung: 0xavgidsagent.exe0
Pfad der fehlerhaften Anwendung: avgidsagent.exe1
Pfad des fehlerhaften Moduls: avgidsagent.exe2
Berichtskennung: avgidsagent.exe3

Error: (08/19/2013 00:24:25 PM) (Source: Greg_Service) (User: )
Description: Service failed on start: Cannot allocate socket.

Error: (08/18/2013 09:18:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Name des fehlerhaften Moduls: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00015810
ID des fehlerhaften Prozesses: 0x6a8
Startzeit der fehlerhaften Anwendung: 0xavgidsagent.exe0
Pfad der fehlerhaften Anwendung: avgidsagent.exe1
Pfad des fehlerhaften Moduls: avgidsagent.exe2
Berichtskennung: avgidsagent.exe3

Error: (08/18/2013 09:17:54 PM) (Source: Greg_Service) (User: )
Description: Service failed on start: Cannot allocate socket.


System errors:
=============
Error: (08/19/2013 00:35:14 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (08/19/2013 00:35:13 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (08/19/2013 00:27:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753639.

Error: (08/19/2013 00:24:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTI IScheduleSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/19/2013 00:24:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NTI IScheduleSvc erreicht.

Error: (08/19/2013 00:24:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753639.

Error: (08/18/2013 09:18:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTI IScheduleSvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/18/2013 09:18:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NTI IScheduleSvc erreicht.

Error: (08/18/2013 09:17:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753639.


Microsoft Office Sessions:
=========================
Error: (08/19/2013 00:27:36 PM) (Source: Application Error)(User: )
Description: avgidsagent.exe13.0.0.338351d571a8avgidsagent.exe13.0.0.338351d571a8c00000050001581017c001ce9cc6b78a58f0C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exef6e084c0-08b9-11e3-a10c-bc0543044efe

Error: (08/19/2013 00:25:08 PM) (Source: Application Error)(User: )
Description: avgidsagent.exe13.0.0.338351d571a8avgidsagent.exe13.0.0.338351d571a8c0000005000158106b001ce9cc6473caee0C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe9eed1b70-08b9-11e3-a10c-bc0543044efe

Error: (08/19/2013 00:24:25 PM) (Source: Greg_Service)(User: )
Description: Service failed on start: Cannot allocate socket.

Error: (08/18/2013 09:18:32 PM) (Source: Application Error)(User: )
Description: avgidsagent.exe13.0.0.338351d571a8avgidsagent.exe13.0.0.338351d571a8c0000005000158106a801ce9c47a3418be0C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exef8214c40-083a-11e3-8637-bc0543044efe

Error: (08/18/2013 09:17:54 PM) (Source: Greg_Service)(User: )
Description: Service failed on start: Cannot allocate socket.


CodeIntegrity Errors:
===================================
  Date: 2013-08-18 17:58:41.020
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 17:11:24.296
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 16:36:15.534
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 15:44:54.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 15:07:03.345
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 14:51:05.195
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 13:03:18.860
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 12:52:48.362
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 11:45:05.154
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 11:16:15.681
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20
Acer Backup Manager (Version: 2.0.2.19)
Acer eRecovery Management (Version: 4.05.3002)
Acer Registration (Version: 1.02.3004)
Acer ScreenSaver (Version: 1.2.0812)
Acer Updater (Version: 1.01.3014)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Advertising Center (Version: 0.0.0.2)
AIO_Scan (Version: 130.0.365.000)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Audiograbber 1.83 SE  (Version: 1.83 SE )
Audiograbber MP3-Plugin (64 bit) (Version: 1.0)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
AVG PC Tuneup 2011 (Version: 10.0.0.23)
AVM FRITZ!WLAN
Backup Manager Advance (Version: 2.0.2.19)
BufferChm (Version: 130.0.331.000)
C5200 (Version: 130.0.365.000)
C5200_Help (Version: 100.0.206.000)
Canon Easy-PhotoPrint EX
Canon MG5300 series Benutzerregistrierung
Canon MG5300 series MP Drivers
Canon MG5300 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full Existing (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full New (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Light (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0702.1239.20840)
Catalyst Control Center InstallProxy (Version: 2009.0702.1239.20840)
Catalyst Control Center Localization All (Version: 2009.0702.1239.20840)
CCC Help Chinese Standard (Version: 2009.0702.1238.20840)
CCC Help Chinese Traditional (Version: 2009.0702.1238.20840)
CCC Help Czech (Version: 2009.0702.1238.20840)
CCC Help Danish (Version: 2009.0702.1238.20840)
CCC Help Dutch (Version: 2009.0702.1238.20840)
CCC Help English (Version: 2009.0702.1238.20840)
CCC Help Finnish (Version: 2009.0702.1238.20840)
CCC Help French (Version: 2009.0702.1238.20840)
CCC Help German (Version: 2009.0702.1238.20840)
CCC Help Greek (Version: 2009.0702.1238.20840)
CCC Help Hungarian (Version: 2009.0702.1238.20840)
CCC Help Italian (Version: 2009.0702.1238.20840)
CCC Help Japanese (Version: 2009.0702.1238.20840)
CCC Help Korean (Version: 2009.0702.1238.20840)
CCC Help Norwegian (Version: 2009.0702.1238.20840)
CCC Help Polish (Version: 2009.0702.1238.20840)
CCC Help Portuguese (Version: 2009.0702.1238.20840)
CCC Help Russian (Version: 2009.0702.1238.20840)
CCC Help Spanish (Version: 2009.0702.1238.20840)
CCC Help Swedish (Version: 2009.0702.1238.20840)
CCC Help Thai (Version: 2009.0702.1238.20840)
CCC Help Turkish (Version: 2009.0702.1238.20840)
ccc-core-static (Version: 2009.0702.1239.20840)
ccc-utility64 (Version: 2009.0702.1239.20840)
CCleaner (Version: 3.16)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Copy (Version: 130.0.428.000)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
dm-Fotowelt
DocProc (Version: 13.0.0.0)
ElsterFormular (Version: 13.1.0.8394p)
ESET Online Scanner v3
eSobi v2 (Version: 2.0.4.000274)
Fax (Version: 130.0.418.000)
File Uploader (Version: 1.2.1)
Foto Paradies
FoxTab Music Converter
Free M4a to MP3 Converter 7.0
Free PDF to Word Doc Converter v1.1 (Version: 1.1)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
FreeStar Free MP3 Splitter 1.0.2 (Version: 1.0.2)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 28.0.1500.95)
Google Earth (Version: 6.2.1.6014)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
GPBaseService2 (Version: 130.0.371.000)
Hotkey Utility (Version: 1.00.3003)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
hpphotosmartdisclabelplugin (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Identity Card (Version: 1.00.3001)
ImagXpress (Version: 7.0.74.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (Version: 7.0.250)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (Version: 12.0.6612.1000)
Microsoft Office O MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Mozilla Thunderbird 11.0 (x86 de) (Version: 11.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyWinLocker (Version: 3.1.72.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.7.201)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.7.201)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.9.100)
Nero InfoTool (Version: 6.4.7.201)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.8.1)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.11.209)
Nero StartSmart Help (Version: 9.4.1.100)
Nero StartSmart OEM (Version: 9.16.0.100)
NeroExpress (Version: 9.4.10.505)
neroxml (Version: 1.0.0)
Network64 (Version: 130.0.572.000)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.0)
NVIDIA Drivers (Version: 1.7)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7305)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PDFCreator (Version: 1.0.1)
Photo Frames & Effects Free 1.12 (Version: 1.12)
Picasa 3 (Version: 3.9)
Picture Control Utility (Version: 1.1.6)
PixiePack Codec Pack (Version: 0.10.6.0)
PS_AIO_02_ProductContext (Version: 130.0.365.000)
PS_AIO_02_Software (Version: 130.0.365.000)
PS_AIO_02_Software_Min (Version: 130.0.365.000)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5898)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartPCFixer 4.2 (Version: 4.2)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 130.0.469.000)
SUPERAntiSpyware (Version: 5.0.1146)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Uncompressor
UnloadSupport (Version: 11.0.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
ViewNX (Version: 1.4.0)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.0 (Version: 2.0.0)
WD SmartWare (Version: 1.4.1.1)
WebReg (Version: 130.0.132.017)
Welcome Center (Version: 1.00.3004)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WISO Sparbuch 2010 (Version: 17.03.6583)
WISO Steuer-Sparbuch 2011 (Version: 18.00.6928)
WISO Steuer-Sparbuch 2012 (Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (Version: 20.00.8137)

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3070.55 MB
Available physical RAM: 1919.12 MB
Total Pagefile: 6139.29 MB
Available Pagefile: 4180.25 MB
Total Virtual: 4095.88 MB
Available Virtual: 3946.29 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:290.22 GB) (Free:182.37 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:290.22 GB) (Free:289.98 GB) NTFS
4 Drive f: (CRUZER) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
5 Drive g: (My Book) (Fixed) (Total:931.48 GB) (Free:759.85 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\SCHORSCH

Admin neu                Administrator            Gast                     
Peter_2                  Ruth                     
Der Befehl wurde erfolgreich ausgefhrt.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
         
Vielen Dank

Mariheli

Alt 19.08.2013, 16:41   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Unsere Tools müssen immer mit Adminrechten laufen.

Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.08.2013, 17:17   #11
mariheli
 
Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Hallo Schrauber, nach "Check disk - do it" kommt folgende Fehlermeldung:
"Execute processes remotely funktioniert nicht mehr und folgende Problemsignatur:
Code:
ATTFilter
Problemsignatur:
  Problemereignisname:	APPCRASH
  Anwendungsname:	psexec.exe
  Anwendungsversion:	1.98.0.0
  Anwendungszeitstempel:	4bd62e9f
  Fehlermodulname:	psexec.exe
  Fehlermodulversion:	1.98.0.0
  Fehlermodulzeitstempel:	4bd62e9f
  Ausnahmecode:	c0000005
  Ausnahmeoffset:	00002b46
  Betriebsystemversion:	6.1.7601.2.1.0.768.3
  Gebietsschema-ID:	1031
  Zusatzinformation 1:	0a9e
  Zusatzinformation 2:	0a9e372d3b4ad19135b953a78882e789
  Zusatzinformation 3:	0a9e
  Zusatzinformation 4:	0a9e372d3b4ad19135b953a78882e789

Lesen Sie unsere Datenschutzbestimmungen online:
  hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407

Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
  C:\Windows\system32\de-DE\erofflps.txt
         

Alt 20.08.2013, 11:26   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Überspring das, am wichtigsten ist der letzte Schritt mit den Haken setzen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.08.2013, 12:31   #13
mariheli
 
Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Hallo Schrauber, nach "Start repairs musste ich die Fehlermeldung "Execute processes remotely funktioniert nicht mehr" noch ungefähr 50 x wegklicken, aber das Programm hat durchgearbeitet. die LOGS nachstehend. Internet geht auf jeden Fall schon mal wieder, juhu! Muss ich jetzt noch was machen? Erst mal schon vielen Dank für Deinen kompetente und Schnelle Hilfe!

Code:
ATTFilter
   Running Repair Under System Account
   Running Repair Under System Account
   Running Repair Under System Account
   Running Repair Under System Account
Starting Repairs...
   Start (20.08.2013 13:13:49)

Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (20.08.2013 13:13:49)
   Running Repair Under Current User Account
   Done (20.08.2013 13:13:51)

Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (20.08.2013 13:13:51)
   Running Repair Under System Account
   Done (20.08.2013 13:14:29)

Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (20.08.2013 13:14:29)
   Running Repair Under System Account
   Done (20.08.2013 13:14:34)

Reset File Permissions 01/20
   C:\$AVG & Sub Folders
   Start (20.08.2013 13:14:34)
   Running Repair Under System Account
   Done (20.08.2013 13:14:36)

Reset File Permissions 02/20
   C:\book & Sub Folders
   Start (20.08.2013 13:14:36)
   Running Repair Under System Account
   Done (20.08.2013 13:14:38)

Reset File Permissions 03/20
   C:\ComboFix & Sub Folders
   Start (20.08.2013 13:14:38)
   Running Repair Under System Account
   Done (20.08.2013 13:14:41)

Reset File Permissions 04/20
   C:\Config.Msi & Sub Folders
   Start (20.08.2013 13:14:41)
   Running Repair Under System Account
   Done (20.08.2013 13:14:43)

Reset File Permissions 05/20
   C:\Dokumente und Einstellungen & Sub Folders
   Start (20.08.2013 13:14:43)
   Running Repair Under System Account
   Done (20.08.2013 13:14:46)

Reset File Permissions 06/20
   C:\FRST & Sub Folders
   Start (20.08.2013 13:14:46)
   Running Repair Under System Account
   Done (20.08.2013 13:14:48)

Reset File Permissions 07/20
   C:\Medion & Sub Folders
   Start (20.08.2013 13:14:48)
   Running Repair Under System Account
   Done (20.08.2013 13:14:55)

Reset File Permissions 08/20
   C:\MSOCache & Sub Folders
   Start (20.08.2013 13:14:55)
   Running Repair Under System Account
   Done (20.08.2013 13:14:57)

Reset File Permissions 09/20
   C:\OEM & Sub Folders
   Start (20.08.2013 13:14:57)
   Running Repair Under System Account
   Done (20.08.2013 13:15:00)

Reset File Permissions 10/20
   C:\PerfLogs & Sub Folders
   Start (20.08.2013 13:15:00)
   Running Repair Under System Account
   Done (20.08.2013 13:15:02)

Reset File Permissions 11/20
   C:\Program Files & Sub Folders
   Start (20.08.2013 13:15:02)
   Running Repair Under System Account
   Done (20.08.2013 13:15:05)

Reset File Permissions 12/20
   C:\Program Files (x86) & Sub Folders
   Start (20.08.2013 13:15:05)
   Running Repair Under System Account
   Done (20.08.2013 13:15:07)

Reset File Permissions 13/20
   C:\ProgramData & Sub Folders
   Start (20.08.2013 13:15:07)
   Running Repair Under System Account
   Done (20.08.2013 13:15:12)

Reset File Permissions 14/20
   C:\Programme & Sub Folders
   Start (20.08.2013 13:15:12)
   Running Repair Under System Account
   Done (20.08.2013 13:15:14)

Reset File Permissions 15/20
   C:\Qoobox & Sub Folders
   Start (20.08.2013 13:15:14)
   Running Repair Under System Account
   Done (20.08.2013 13:15:17)

Reset File Permissions 16/20
   C:\Recovery & Sub Folders
   Start (20.08.2013 13:15:17)
   Running Repair Under System Account
   Done (20.08.2013 13:15:19)

Reset File Permissions 17/20
   C:\RegBackup & Sub Folders
   Start (20.08.2013 13:15:19)
   Running Repair Under System Account
   Done (20.08.2013 13:15:22)

Reset File Permissions 18/20
   C:\TEMP & Sub Folders
   Start (20.08.2013 13:15:22)
   Running Repair Under System Account
   Done (20.08.2013 13:15:24)

Reset File Permissions 19/20
   C:\Wiederherstellung & Sub Folders
   Start (20.08.2013 13:15:24)
   Running Repair Under System Account
   Done (20.08.2013 13:15:27)

Reset File Permissions 20/20
   C:\Windows & Sub Folders
   Start (20.08.2013 13:15:27)
   Running Repair Under System Account
   Done (20.08.2013 13:15:29)

Reset File Permissions 01/04
   D:\$AVG & Sub Folders
   Start (20.08.2013 13:15:29)
   Running Repair Under System Account
   Done (20.08.2013 13:15:32)

Reset File Permissions 02/04
   D:\640abde048c27a067ffcdea44b & Sub Folders
   Start (20.08.2013 13:15:32)
   Running Repair Under System Account
   Done (20.08.2013 13:15:34)

Reset File Permissions 03/04
   D:\6f06ab122222a4551a68d6be59cfc62d & Sub Folders
   Start (20.08.2013 13:15:34)
   Running Repair Under System Account
   Done (20.08.2013 13:15:36)

Reset File Permissions 04/04
   D:\af861f6f6c33c040c220c54112dd1e96 & Sub Folders
   Start (20.08.2013 13:15:37)
   Running Repair Under System Account
   Done (20.08.2013 13:15:41)

Reset File Permissions 01/10
   G:\$AVG & Sub Folders
   Start (20.08.2013 13:15:41)
   Running Repair Under System Account
   Done (20.08.2013 13:15:44)

Reset File Permissions 02/10
   G:\Datensicherung manuell & Sub Folders
   Start (20.08.2013 13:15:44)
   Running Repair Under System Account
   Done (20.08.2013 13:15:46)

Reset File Permissions 03/10
   G:\Extras & Sub Folders
   Start (20.08.2013 13:15:46)
   Running Repair Under System Account
   Done (20.08.2013 13:15:48)

Reset File Permissions 04/10
   G:\kl.files & Sub Folders
   Start (20.08.2013 13:15:48)
   Running Repair Under System Account
   Done (20.08.2013 13:15:51)

Reset File Permissions 05/10
   G:\SCHORSCH & Sub Folders
   Start (20.08.2013 13:15:51)
   Running Repair Under System Account
   Done (20.08.2013 13:15:53)

Reset File Permissions 06/10
   G:\User Manuals & Sub Folders
   Start (20.08.2013 13:15:53)
   Running Repair Under System Account
   Done (20.08.2013 13:15:56)

Reset File Permissions 07/10
   G:\WD SmartWare & Sub Folders
   Start (20.08.2013 13:15:56)
   Running Repair Under System Account
   Done (20.08.2013 13:15:58)

Reset File Permissions 08/10
   G:\WD SmartWare for Mac & Sub Folders
   Start (20.08.2013 13:15:58)
   Running Repair Under System Account
   Done (20.08.2013 13:16:01)

Reset File Permissions 09/10
   G:\WD SmartWare.swstor & Sub Folders
   Start (20.08.2013 13:16:01)
   Running Repair Under System Account
   Done (20.08.2013 13:16:26)

Reset File Permissions 10/10
   G:\WindowsImageBackup & Sub Folders
   Start (20.08.2013 13:16:26)
   Running Repair Under System Account
   Done (20.08.2013 13:16:29)

Reset File Permissions: Cleanup
    & Sub Folders
   Start (20.08.2013 13:16:29)
   Running Repair Under System Account
   Done (20.08.2013 13:16:31)

Repair WMI
   Start (20.08.2013 13:16:31)
   Running Repair Under Current User Account
Ungltiger globaler Parameter.

Ungltiger globaler Parameter.

   Running Repair Under System Account
   Done (20.08.2013 13:17:58)

Repair Windows Firewall
   Start (20.08.2013 13:17:58)
   Running Repair Under Current User Account
Gemeinsame Nutzung der Internetverbindung ist nicht gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.

Gemeinsame Nutzung der Internetverbindung konnte nicht gestartet werden.

Der Dienst hat keinen Fehler gemeldet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3534 eingeben.

   Running Repair Under System Account
   Done (20.08.2013 13:18:20)

Repair Internet Explorer
   Start (20.08.2013 13:18:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20.08.2013 13:18:37)

Remove Policies Set By Infections
   Start (20.08.2013 13:18:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20.08.2013 13:18:42)

Repair Winsock & DNS Cache
   Start (20.08.2013 13:18:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20.08.2013 13:18:55)

Repair Proxy Settings
   Start (20.08.2013 13:18:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20.08.2013 13:19:00)

Repair Windows Updates
   Start (20.08.2013 13:19:00)
   Running Repair Under Current User Account
Das System kann die angegebene Datei nicht finden.
   Running Repair Under System Account
Kryptografiedienste ist nicht gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.

Intelligenter Hintergrundbertragungsdienst ist nicht gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.

Windows Update ist nicht gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.

Das System kann die angegebene Datei nicht finden.
   Done (20.08.2013 13:19:29)

Set Windows Services To Default Startup
   Start (20.08.2013 13:19:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20.08.2013 13:19:38)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (20.08.2013 13:19:38)
   Total Repair Time: 00:05:49


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account
         
Code:
ATTFilter
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)
         
Code:
ATTFilter
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\* : registry key is skipped (contains wildcard)

WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)
         
LG Mariheli

Alt 20.08.2013, 13:01   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.08.2013, 19:03   #15
mariheli
 
Admin Profil nicht mehr da - Widgi Toolbar - Standard

Admin Profil nicht mehr da - Widgi Toolbar



Hallo Schrauber,

anliegend die Logs. Probleme hab ich keine mehr

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 01
Ran by Admin neu (administrator) on 20-08-2013 19:57:17
Running from C:\Users\Peter_2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [combofix] - C:\ComboFix\CF30478.3XE /c C:\ComboFix\Combobatch.bat [x]
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\TEMP\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
BootExecute: 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin neu\AppData\Roaming\Mozilla\Firefox\Profiles\d6gb0lhc.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] C:\Program Files (x86)\AVG\AVG2012\Thunderbird\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-24] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-02] (AVG Secure Search)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] ()

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-02] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SMR210; C:\Windows\System32\drivers\SMR210.SYS [96376 2012-01-22] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 14:42 - 2013-08-20 14:42 - 00000768 _____ C:\Users\Peter_2\Desktop\checkup.lnk
2013-08-20 14:36 - 2013-08-20 14:36 - 00891115 _____ C:\Users\Peter_2\Desktop\SecurityCheck.exe
2013-08-20 14:35 - 2013-08-20 14:35 - 02347384 _____ (ESET) C:\Users\Peter_2\Desktop\esetsmartinstaller_enu.exe
2013-08-20 13:43 - 2013-08-20 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 13:18 - 2013-08-20 13:19 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-08-20 13:10 - 2013-08-20 13:10 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SCHORSCH-Microsoft-Windows-7-Home-Premium-(64-Bit).dat
2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\RegBackup
2013-08-19 18:30 - 2013-08-19 18:30 - 00000000 ____D C:\Users\Peter_2\Desktop\tweaking.com_windows_repair_aio
2013-08-19 18:13 - 2013-08-19 18:13 - 00013192 _____ C:\Users\Peter\Documents\LOG.odt
2013-08-19 18:06 - 2013-08-20 13:18 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\CrashDumps
2013-08-19 17:56 - 2013-08-19 18:04 - 00000000 ____D C:\Users\Peter_2\Desktop\Tweaking.com - Windows Repair
2013-08-19 17:55 - 2013-08-19 17:48 - 03268369 _____ C:\Users\Peter_2\Desktop\tweaking.com_windows_repair_aio.zip
2013-08-19 12:44 - 2013-08-19 12:44 - 00003037 _____ C:\Users\Peter_2\FSS.txt
2013-08-19 12:40 - 2013-08-19 12:42 - 00003037 _____ C:\Users\Peter_2\Desktop\FSS.txt
2013-08-19 12:37 - 2013-08-19 12:37 - 00028706 _____ C:\Users\Peter_2\Desktop\Result.txt
2013-08-19 12:36 - 2013-08-19 12:31 - 00760937 _____ (Farbar) C:\Users\Peter_2\Desktop\MiniToolBox.exe
2013-08-19 12:36 - 2013-08-19 12:31 - 00358507 _____ (Farbar) C:\Users\Peter_2\Desktop\FSS.exe
2013-08-18 18:23 - 2013-08-18 18:23 - 00002852 _____ C:\Users\Peter_2\Desktop\JRT.txt
2013-08-18 18:22 - 2013-08-18 18:22 - 00002852 _____ C:\Users\Admin neu\Desktop\JRT.txt
2013-08-18 18:18 - 2013-08-18 18:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 18:10 - 2013-08-18 18:11 - 00001651 _____ C:\Users\Peter_2\Desktop\AdwCleaner[S2].txt
2013-08-18 18:10 - 2013-08-18 18:08 - 01018166 _____ (Thisisu) C:\Users\Peter_2\Desktop\JRT.exe
2013-08-18 18:10 - 2013-08-18 18:07 - 00666633 _____ C:\Users\Peter_2\Desktop\adwcleaner.exe
2013-08-18 13:41 - 2013-08-18 14:29 - 00000000 ___SD C:\ComboFix
2013-08-18 10:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-18 10:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-18 10:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-18 10:18 - 2013-08-18 11:20 - 00000000 ____D C:\Windows\erdnt
2013-08-18 10:18 - 2013-08-18 10:18 - 00000000 ____D C:\Qoobox
2013-08-18 10:13 - 2013-08-18 10:14 - 05105390 ____R (Swearware) C:\Users\Peter_2\Desktop\ComboFix.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-16 18:43 - 2013-08-16 18:43 - 00008767 _____ C:\Users\Peter_2\Desktop\FRST.zip
2013-08-16 18:43 - 2013-08-16 18:43 - 00007509 _____ C:\Users\Peter_2\Desktop\Addition.zip
2013-08-16 18:42 - 2013-08-16 18:42 - 00004026 _____ C:\Users\Peter_2\Desktop\gmer.zip
2013-08-16 18:38 - 2013-08-16 18:38 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-16 18:37 - 2013-08-16 18:37 - 01110476 _____ C:\Users\Peter\Downloads\7z920.exe
2013-08-16 17:38 - 2013-08-16 17:46 - 00000803 _____ C:\Users\Peter_2\Desktop\SpybotSD.Results.txt
2013-08-16 17:38 - 2013-08-16 17:38 - 00317787 _____ C:\Users\Peter\Desktop\SpybotSD.Results.txt
2013-08-16 17:19 - 2013-08-16 17:19 - 00051796 _____ C:\Users\Peter_2\Desktop\gmer.txt
2013-08-16 17:04 - 2013-08-16 17:04 - 00377856 _____ C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe
2013-08-16 17:02 - 2013-08-16 21:31 - 00030507 _____ C:\Users\Peter_2\Desktop\Addition.txt
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:58 - 2013-08-16 16:59 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:49 - 2013-08-15 15:50 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Secunia PSI
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:17 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-24 15:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 13:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:17 - 2013-07-24 13:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:17 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 14:17 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 14:17 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 14:17 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 14:15 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 14:15 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 14:15 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 14:15 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 14:15 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 14:15 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 14:15 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 19:24 - 2013-08-14 19:24 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 19:24 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Macromedia
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Mozilla
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-16 14:40 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-20 13:21 - 00006706 _____ C:\Windows\PFRO.log
2013-08-14 14:58 - 2013-08-20 13:21 - 00002520 _____ C:\Windows\setupact.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:09 - 2013-08-14 13:10 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-18 17:31 - 00000000 ____D C:\Users\Admin neu
2013-08-12 18:31 - 2013-08-18 10:15 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Avg2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00085296 _____ C:\Users\ADMINN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-12 18:31 - 2013-08-12 18:31 - 00001443 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00001409 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Verlauf
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Musik
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Bilder
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Western Digital
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\VirtualStore
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\EgisTec
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:31 - 2012-10-13 10:07 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\TuneUp Software
2013-08-12 18:31 - 2009-11-22 22:55 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Microsoft Help
2013-08-12 18:31 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-12 18:31 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-11 09:28 - 2013-08-11 09:29 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-03 20:11 - 2013-08-12 11:19 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-27 12:28 - 2013-08-15 16:28 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-08-20 19:57 - 2013-07-04 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-20 19:17 - 2012-03-31 17:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 19:04 - 2012-03-15 22:36 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004UA.job
2013-08-20 19:04 - 2009-12-10 21:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 14:42 - 2013-08-20 14:42 - 00001038 _____ C:\Users\Peter\checkup.txt
2013-08-20 14:42 - 2013-08-20 14:42 - 00000768 _____ C:\Users\Peter_2\Desktop\checkup.lnk
2013-08-20 14:42 - 2009-11-21 14:10 - 00000000 ____D C:\Users\Peter
2013-08-20 14:36 - 2013-08-20 14:36 - 00891115 _____ C:\Users\Peter_2\Desktop\SecurityCheck.exe
2013-08-20 14:36 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-20 14:36 - 2006-10-10 10:57 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-20 14:36 - 2006-10-10 10:57 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-20 14:35 - 2013-08-20 14:35 - 02347384 _____ (ESET) C:\Users\Peter_2\Desktop\esetsmartinstaller_enu.exe
2013-08-20 13:43 - 2013-08-20 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 13:26 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 13:26 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 13:26 - 2006-10-10 01:06 - 02051438 _____ C:\Windows\WindowsUpdate.log
2013-08-20 13:21 - 2013-08-14 14:58 - 00006706 _____ C:\Windows\PFRO.log
2013-08-20 13:21 - 2013-08-14 14:58 - 00002520 _____ C:\Windows\setupact.log
2013-08-20 13:21 - 2013-06-04 19:46 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-20 13:21 - 2009-12-10 21:15 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-20 13:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 13:19 - 2013-08-20 13:18 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-08-20 13:18 - 2013-08-19 18:06 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\CrashDumps
2013-08-20 13:18 - 2009-07-14 04:34 - 00000581 _____ C:\Windows\win.ini
2013-08-20 13:10 - 2013-08-20 13:10 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SCHORSCH-Microsoft-Windows-7-Home-Premium-(64-Bit).dat
2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\RegBackup
2013-08-20 11:24 - 2010-11-16 18:30 - 00000000 ____D C:\ProgramData\MFAData
2013-08-19 18:30 - 2013-08-19 18:30 - 00000000 ____D C:\Users\Peter_2\Desktop\tweaking.com_windows_repair_aio
2013-08-19 18:13 - 2013-08-19 18:13 - 00013192 _____ C:\Users\Peter\Documents\LOG.odt
2013-08-19 18:04 - 2013-08-19 17:56 - 00000000 ____D C:\Users\Peter_2\Desktop\Tweaking.com - Windows Repair
2013-08-19 17:48 - 2013-08-19 17:55 - 03268369 _____ C:\Users\Peter_2\Desktop\tweaking.com_windows_repair_aio.zip
2013-08-19 12:44 - 2013-08-19 12:44 - 00003037 _____ C:\Users\Peter_2\FSS.txt
2013-08-19 12:44 - 2011-02-06 19:30 - 00000000 ____D C:\Users\Peter_2
2013-08-19 12:42 - 2013-08-19 12:40 - 00003037 _____ C:\Users\Peter_2\Desktop\FSS.txt
2013-08-19 12:37 - 2013-08-19 12:37 - 00028706 _____ C:\Users\Peter_2\Desktop\Result.txt
2013-08-19 12:31 - 2013-08-19 12:36 - 00760937 _____ (Farbar) C:\Users\Peter_2\Desktop\MiniToolBox.exe
2013-08-19 12:31 - 2013-08-19 12:36 - 00358507 _____ (Farbar) C:\Users\Peter_2\Desktop\FSS.exe
2013-08-18 18:23 - 2013-08-18 18:23 - 00002852 _____ C:\Users\Peter_2\Desktop\JRT.txt
2013-08-18 18:23 - 2012-02-21 14:43 - 00000000 ____D C:\Users\Peter_2\Documents\Mein Steuer-Sparbuch Heute
2013-08-18 18:22 - 2013-08-18 18:22 - 00002852 _____ C:\Users\Admin neu\Desktop\JRT.txt
2013-08-18 18:18 - 2013-08-18 18:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 18:11 - 2013-08-18 18:10 - 00001651 _____ C:\Users\Peter_2\Desktop\AdwCleaner[S2].txt
2013-08-18 18:08 - 2013-08-18 18:10 - 01018166 _____ (Thisisu) C:\Users\Peter_2\Desktop\JRT.exe
2013-08-18 18:07 - 2013-08-18 18:10 - 00666633 _____ C:\Users\Peter_2\Desktop\adwcleaner.exe
2013-08-18 17:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu
2013-08-18 17:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-18 14:29 - 2013-08-18 13:41 - 00000000 ___SD C:\ComboFix
2013-08-18 11:20 - 2013-08-18 10:18 - 00000000 ____D C:\Windows\erdnt
2013-08-18 11:17 - 2011-02-15 13:38 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\Adobe
2013-08-18 11:04 - 2012-03-15 22:36 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004Core.job
2013-08-18 10:18 - 2013-08-18 10:18 - 00000000 ____D C:\Qoobox
2013-08-18 10:15 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Avg2013
2013-08-18 10:14 - 2013-08-18 10:13 - 05105390 ____R (Swearware) C:\Users\Peter_2\Desktop\ComboFix.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-17 19:35 - 2012-09-05 19:03 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-17 19:35 - 2010-05-26 18:19 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-16 21:31 - 2013-08-16 17:02 - 00030507 _____ C:\Users\Peter_2\Desktop\Addition.txt
2013-08-16 18:43 - 2013-08-16 18:43 - 00008767 _____ C:\Users\Peter_2\Desktop\FRST.zip
2013-08-16 18:43 - 2013-08-16 18:43 - 00007509 _____ C:\Users\Peter_2\Desktop\Addition.zip
2013-08-16 18:42 - 2013-08-16 18:42 - 00004026 _____ C:\Users\Peter_2\Desktop\gmer.zip
2013-08-16 18:38 - 2013-08-16 18:38 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-16 18:37 - 2013-08-16 18:37 - 01110476 _____ C:\Users\Peter\Downloads\7z920.exe
2013-08-16 17:46 - 2013-08-16 17:38 - 00000803 _____ C:\Users\Peter_2\Desktop\SpybotSD.Results.txt
2013-08-16 17:38 - 2013-08-16 17:38 - 00317787 _____ C:\Users\Peter\Desktop\SpybotSD.Results.txt
2013-08-16 17:19 - 2013-08-16 17:19 - 00051796 _____ C:\Users\Peter_2\Desktop\gmer.txt
2013-08-16 17:04 - 2013-08-16 17:04 - 00377856 _____ C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:59 - 2013-08-16 16:58 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-16 14:40 - 2013-08-14 15:13 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-16 13:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 16:28 - 2013-07-27 12:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:26 - 2009-11-29 10:58 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2009-08-14 20:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 15:57 - 2009-11-25 00:12 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-15 15:51 - 2012-03-31 17:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 15:51 - 2012-03-31 17:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 15:51 - 2011-06-02 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:50 - 2013-08-15 15:49 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:50 - 2012-09-05 19:02 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-15 15:50 - 2012-03-12 17:59 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:47 - 2012-03-09 23:20 - 00000000 ____D C:\Users\Peter_2\AppData\Local\CrashDumps
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Secunia PSI
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:19 - 2009-11-29 11:23 - 00000000 ____D C:\Users\Peter\Documents\Dokumente Peter
2013-08-15 09:22 - 2012-11-04 22:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-14 19:37 - 2012-03-15 23:05 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\vlc
2013-08-14 19:24 - 2013-08-14 19:24 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Adobe
2013-08-14 19:24 - 2013-08-14 18:22 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Macromedia
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Mozilla
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 14:58 - 2012-03-31 17:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-14 13:13 - 2012-01-22 19:01 - 00000000 ____D C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE 
2013-08-14 13:13 - 2012-01-22 18:57 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-14 13:13 - 2010-05-12 07:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:11 - 2009-12-26 11:59 - 00000000 ____D C:\Windows\Minidump
2013-08-14 13:10 - 2013-08-14 13:09 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-12 18:31 - 00085296 _____ C:\Users\ADMINN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-12 18:31 - 2013-08-12 18:31 - 00001443 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00001409 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Verlauf
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Musik
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Bilder
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Western Digital
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\VirtualStore
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\EgisTec
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:09 - 2012-01-08 10:40 - 00000000 ____D C:\Users\Public\Documents\Screensaver
2013-08-12 11:23 - 2011-02-13 21:39 - 00060416 ___SH C:\Users\Ruth\Thumbs.db
2013-08-12 11:23 - 2011-02-06 18:34 - 00000000 ____D C:\Users\Ruth
2013-08-12 11:19 - 2013-08-03 20:11 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-08-11 09:29 - 2013-08-11 09:28 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-10 12:04 - 2010-03-28 18:47 - 00001212 _____ C:\Windows\wiso.ini
2013-08-03 19:43 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-03 16:09 - 2011-02-06 23:05 - 00000000 ____D C:\Users\Ruth\Dokumente Ruth
2013-08-02 10:54 - 2013-06-18 20:13 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-08-02 10:53 - 2012-09-04 20:23 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-31 11:29 - 2010-03-28 18:47 - 00000000 ____D C:\Users\Peter\Documents\Mein Sparbuch Heute
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-31 11:26 - 2011-02-21 23:51 - 00000000 ____D C:\Users\Peter_2\AppData\Local\Google
2013-07-30 18:30 - 2011-07-18 19:25 - 00003226 _____ C:\Users\Ruth\AppData\Roaming\wklnhst.dat
2013-07-30 18:16 - 2012-10-04 19:28 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 11:25 - 2013-08-15 14:17 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 14:17 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 15:40 - 2013-08-15 14:17 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-24 13:43 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-24 13:23 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 17:01

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2013   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 AVG PC Tuneup 2011  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox 22.0 Firefox out of Date!  
 Mozilla Thunderbird 11.0. Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe  
 ESET ESET Online Scanner OnlineCmdLineScanner.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dcf938388112bf4d8e6e413f99bc5799
# engine=14839
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-20 12:42:49
# local_time=2013-08-20 02:42:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 160704 64136553 0 0
# compatibility_mode=5893 16776574 100 94 3350024 128632419 0 0
# scanned=2315
# found=0
# cleaned=0
# scan_time=265
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dcf938388112bf4d8e6e413f99bc5799
# engine=14839
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-20 04:57:18
# local_time=2013-08-20 06:57:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 175973 64151822 0 0
# compatibility_mode=5893 16776574 100 94 3365293 128647688 0 0
# scanned=327714
# found=1
# cleaned=0
# scan_time=15239
sh=69DB0B090040ED226A7E8B6B1A1211230362FEC7 ft=0 fh=0000000000000000 vn="Win32/Adware.Gator.Trickler application" ac=I fn="G:\SCHORSCH\Backup Set 2011-02-18 184300\Backup Files 2011-02-18 184300\Backup files 2.zip"
         
Gruß

Mariheli

Antwort

Themen zu Admin Profil nicht mehr da - Widgi Toolbar
administrator, anti-malware, appdata, autostart, code, dateien, explorer, firefox, folge, gelöscht, hilfe!, malwarebytes, meldung, microsoft, mozilla, nicht mehr, programm, quarantäne, registry, registry key, roaming, software, speicher, spybot, version, öffnen



Ähnliche Themen: Admin Profil nicht mehr da - Widgi Toolbar


  1. Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A
    Log-Analyse und Auswertung - 23.05.2015 (16)
  2. Myserach toolbar lässt sich nicht mehr entfernen
    Log-Analyse und Auswertung - 08.04.2015 (7)
  3. tlbsearch.com Toolbar lässt sich nicht mehr entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.12.2014 (13)
  4. Admin-Konto funktioniert nicht mehr
    Log-Analyse und Auswertung - 30.12.2013 (11)
  5. Widgi Toolbar gefunden und deinstalliert - Weitere Malware vorhanden ?
    Log-Analyse und Auswertung - 18.12.2013 (10)
  6. GVU Trojaner / windows7 / admin-konto funktioniert nicht mehr
    Log-Analyse und Auswertung - 01.08.2013 (15)
  7. Win32/Toolbar.Widgi Anwendung
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (30)
  8. pdfforge und widgi toolbar, sowie SpyHunter entfernen?
    Log-Analyse und Auswertung - 04.09.2012 (1)
  9. Kann nicht mehr auf mein Windows Profil zugreifen (temporäres Profil)
    Alles rund um Windows - 18.05.2012 (10)
  10. widgi toolbar
    Überwachung, Datenschutz und Spam - 22.01.2012 (0)
  11. spyhunter, widgi toolbar, spigot....was tue ich am Besten?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (35)
  12. Admin Konto hat keine Admin Rechte mehr
    Log-Analyse und Auswertung - 08.08.2011 (1)
  13. Worm.Autorun.B u. Adware Widgi Toolbar , Kaspersky außer Kontrolle
    Plagegeister aller Art und deren Bekämpfung - 17.11.2010 (3)
  14. Admin Konto startet nicht mehr
    Log-Analyse und Auswertung - 24.09.2008 (4)
  15. Google Toolbar funktioniert nicht mehr... Server nicht gefunden!
    Log-Analyse und Auswertung - 08.11.2005 (2)
  16. Toolbar will nicht mehr verschwinden
    Log-Analyse und Auswertung - 25.02.2005 (2)
  17. Admin Profil?
    Alles rund um Windows - 10.02.2003 (0)

Zum Thema Admin Profil nicht mehr da - Widgi Toolbar - Hallo liebe Trojaner-Board-Fachleute, als ich kürzlich das Admin Profil öffnen wollte, war dieses nicht mehr zugänglich. Stattdessen erschien ein temporäres Profil. Ich habe ein neues Admin-profil erstellt und Malwarebytes laufen - Admin Profil nicht mehr da - Widgi Toolbar...
Archiv
Du betrachtest: Admin Profil nicht mehr da - Widgi Toolbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.