Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win7: Internetbrowser machen sich selbständig mit Werbung; langsamer Pc (https://www.trojaner-board.de/140947-win7-internetbrowser-selbstaendig-werbung-langsamer-pc.html)

CoffinCutie 06.09.2013 14:31
Eine kurze Zwischenfrage hab ich noch.
Ich hab ziemlich viele Lesezeichen, kann ich die vorher noch retten? bzw in nen anderen browser kurz importieren und dann, wenn ich firefox wieder drauf hab, wieder zurück importieren?
oder riskiere ich beim hin und her importieren das ich mir irgendwas mitnehme, was nicht so prickelnd ist?

schrauber 06.09.2013 17:49
Lesezeichen kannste exportieren und sichern, mehr aber nicht :)

CoffinCutie 06.09.2013 21:06
Hallo Schrauber

Adobe geupdated (gemeint war doch der Reader oder?)
FireFox neu gemacht. Nur Lesezeichen gerettet.
Tab mit werbung, öffnet sich immernoch.
Wieder dieser blöde Webelink mit Verdienstmöglichkeiten.

Ich bin den Samstag über nicht Online und erst wieder Sonntag aktiv.
Nicht das du dich wunderst oder so.


Hier der neueste FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by Mnemosyne (administrator) on KEKZ on 06-09-2013 22:00:13
Running from C:\Users\Mnemosyne\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PSIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() c:\program files (x86)\trillian\plugins\skypekit.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-01-16] ()
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-27] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [MessengerPlusForSkypeService] - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [128000 2013-05-07] (Yuna Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\Users\Mnemosyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: adblockpopups - C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: elemhidehelper - C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: No Name - C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Docs) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-01-16] ()
R2 MsgPlusService; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [128000 2013-05-07] (Yuna Software)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-24] (DT Soft Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-06 21:42 - 2013-09-06 21:42 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-06 20:19 - 2013-09-06 20:19 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-06 20:19 - 2013-09-06 20:19 - 00000000 ____D C:\Users\Mnemosyne\AppData\Roaming\Mozilla
2013-09-06 20:19 - 2013-09-06 20:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-06 20:17 - 2013-09-06 20:17 - 00282008 _____ (Mozilla) C:\Users\Mnemosyne\Downloads\Firefox Setup Stub 23.0.1.exe
2013-09-06 20:12 - 2013-09-06 20:12 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-06 20:11 - 2013-09-06 21:16 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 20:11 - 2013-09-06 20:16 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 20:11 - 2013-09-06 20:12 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-06 20:11 - 2013-09-06 20:11 - 00784840 _____ (Google Inc.) C:\Users\Mnemosyne\Downloads\ChromeSetup.exe
2013-09-06 20:11 - 2013-09-06 20:11 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-06 20:11 - 2013-09-06 20:11 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-06 17:10 - 2013-09-06 17:10 - 00530847 _____ C:\Users\Mnemosyne\Downloads\download-downloadfile-22485.zip
2013-09-05 20:30 - 2013-09-06 21:59 - 00000000 ____D C:\Users\Mnemosyne\Desktop\Trojaner Board
2013-09-05 20:18 - 2013-09-05 20:19 - 01766784 _____ C:\Users\Mnemosyne\Downloads\wrar500.exe
2013-09-04 21:12 - 2013-09-04 21:12 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-04 16:09 - 2013-09-04 16:09 - 00000000 ____D C:\Windows\ERUNT
2013-09-04 15:49 - 2013-09-04 15:51 - 00000000 ____D C:\AdwCleaner
2013-09-04 15:46 - 2013-09-04 15:46 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mnemosyne\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-03 22:16 - 2013-09-03 22:16 - 00021639 _____ C:\ComboFix.txt
2013-09-03 22:01 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-03 22:01 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-03 22:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-03 22:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-03 22:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-03 22:01 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-03 22:01 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-03 22:01 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-03 21:39 - 2013-09-03 22:16 - 00000000 ____D C:\Qoobox
2013-09-03 21:38 - 2013-09-03 22:15 - 00000000 ____D C:\Windows\erdnt
2013-09-03 20:41 - 2013-09-03 20:41 - 00082220 _____ C:\Users\Mnemosyne\Downloads\download-downloadfile-27500.zip
2013-09-03 06:47 - 2013-09-03 06:47 - 00036161 _____ C:\Users\Mnemosyne\Downloads\FRST.txt
2013-09-03 06:46 - 2013-09-03 06:47 - 00033716 _____ C:\Users\Mnemosyne\Downloads\Addition.txt
2013-09-03 06:45 - 2013-09-03 06:45 - 00000000 ____D C:\FRST
2013-09-03 06:42 - 2013-09-03 06:42 - 00000168 _____ C:\Users\Mnemosyne\defogger_reenable
2013-09-02 23:06 - 2013-09-05 20:19 - 00000000 ____D C:\Users\Mnemosyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-02 23:04 - 2013-09-02 23:04 - 01517376 _____ C:\Users\Mnemosyne\Downloads\wrar420.exe
2013-09-02 22:48 - 2013-09-06 15:27 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-02 22:48 - 2013-09-04 21:55 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-02 22:48 - 2013-09-02 22:48 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-02 22:48 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-02 22:48 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-02 22:48 - 2013-08-30 09:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-02 22:48 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-02 22:48 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-02 22:48 - 2013-08-30 09:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-02 22:48 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-02 22:48 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-02 22:48 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-02 22:47 - 2013-09-02 22:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 22:47 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-02 22:46 - 2013-09-02 22:47 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 22:31 - 2013-09-02 22:32 - 131918888 _____ C:\Users\Mnemosyne\Downloads\avast_free_antivirus_setup.exe
2013-09-02 20:19 - 2013-09-02 20:19 - 00005294 _____ C:\Users\Mnemosyne\Documents\cc_20130902_201813.reg
2013-09-02 19:15 - 2013-09-02 19:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-02 19:14 - 2013-09-03 21:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-02 19:14 - 2013-09-02 19:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-02 19:11 - 2013-09-02 19:11 - 37672592 _____ (Safer-Networking Ltd.                                      ) C:\Users\Mnemosyne\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-02 16:36 - 2013-09-02 16:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-02 16:35 - 2013-09-02 20:10 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-08-28 06:49 - 2013-08-28 06:49 - 00041596 _____ C:\Users\Mnemosyne\Downloads\juli.zip
2013-08-28 06:48 - 2013-08-28 06:48 - 00042108 _____ C:\Users\Mnemosyne\Downloads\Manga.zip
2013-08-24 17:03 - 2013-08-24 17:04 - 83655536 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\Mnemosyne\Downloads\FreeStudio(1).exe
2013-08-20 21:17 - 2013-08-20 21:17 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-20 21:17 - 2013-08-20 21:17 - 00000000 ____D C:\Users\Mnemosyne\AppData\Roaming\OpenOffice
2013-08-20 21:17 - 2013-08-20 21:17 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-20 21:13 - 2013-08-20 21:13 - 00000000 ____D C:\Users\Mnemosyne\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-08-20 21:10 - 2013-08-20 21:13 - 162401424 _____ C:\Users\Mnemosyne\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-08-17 15:12 - 2013-09-06 20:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 00:58 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 00:58 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 00:58 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 00:58 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 00:58 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 00:58 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 00:58 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 00:58 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 00:58 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 00:58 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 00:58 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 00:58 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 00:58 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 00:58 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 00:58 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 00:58 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 00:58 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 00:58 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 00:58 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 00:58 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 00:58 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 00:58 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 00:58 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 00:58 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 00:58 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 00:58 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 00:58 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 00:58 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 00:58 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 00:57 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 00:57 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 00:54 - 2013-08-15 00:55 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:30 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 00:30 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 00:30 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 00:30 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 00:30 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 00:30 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 00:30 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 00:30 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 00:30 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 00:30 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 00:30 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 00:30 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 00:30 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 00:30 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 00:30 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 00:30 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 00:30 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 00:30 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 00:30 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 00:30 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 00:30 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 00:30 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 00:30 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 00:30 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 00:30 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 00:30 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 00:30 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-06 21:59 - 2013-09-06 21:59 - 01948360 _____ (Farbar) C:\Users\Mnemosyne\Desktop\FRST64.exe
2013-09-06 21:59 - 2013-09-05 20:30 - 00000000 ____D C:\Users\Mnemosyne\Desktop\Trojaner Board
2013-09-06 21:42 - 2013-09-06 21:42 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-06 21:42 - 2012-01-16 18:31 - 00000000 ____D C:\Users\MNEMOS~1\AppData\Local\Adobe
2013-09-06 21:42 - 2012-01-16 18:31 - 00000000 ____D C:\ProgramData\Adobe
2013-09-06 21:42 - 2012-01-16 18:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-06 21:16 - 2013-09-06 20:11 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 20:47 - 2012-01-16 14:37 - 00000000 ____D C:\Users\MNEMOS~1\AppData\Local\Google
2013-09-06 20:19 - 2013-09-06 20:19 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-06 20:19 - 2013-09-06 20:19 - 00000000 ____D C:\Users\Mnemosyne\AppData\Roaming\Mozilla
2013-09-06 20:19 - 2013-09-06 20:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-06 20:19 - 2013-08-17 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-06 20:17 - 2013-09-06 20:17 - 00282008 _____ (Mozilla) C:\Users\Mnemosyne\Downloads\Firefox Setup Stub 23.0.1.exe
2013-09-06 20:16 - 2013-09-06 20:11 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 20:12 - 2013-09-06 20:12 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-06 20:12 - 2013-09-06 20:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-06 20:11 - 2013-09-06 20:11 - 00784840 _____ (Google Inc.) C:\Users\Mnemosyne\Downloads\ChromeSetup.exe
2013-09-06 20:11 - 2013-09-06 20:11 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-06 20:11 - 2013-09-06 20:11 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-06 17:26 - 2012-01-01 13:05 - 01798923 _____ C:\Windows\WindowsUpdate.log
2013-09-06 17:10 - 2013-09-06 17:10 - 00530847 _____ C:\Users\Mnemosyne\Downloads\download-downloadfile-22485.zip
2013-09-06 15:34 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-06 15:34 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-06 15:27 - 2013-09-02 22:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-06 15:26 - 2012-07-07 17:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-06 15:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-06 15:26 - 2009-07-14 06:51 - 00041507 _____ C:\Windows\setupact.log
2013-09-06 07:47 - 2012-03-06 13:36 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-09-05 20:19 - 2013-09-05 20:18 - 01766784 _____ C:\Users\Mnemosyne\Downloads\wrar500.exe
2013-09-05 20:19 - 2013-09-02 23:06 - 00000000 ____D C:\Users\Mnemosyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-05 02:40 - 2013-01-23 15:39 - 00000000 ____D C:\Program Files (x86)\Trillian
2013-09-04 21:55 - 2013-09-02 22:48 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-04 21:55 - 2012-10-02 17:59 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-04 21:14 - 2011-04-12 09:43 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-04 21:14 - 2011-04-12 09:43 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-04 21:14 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 21:12 - 2013-09-04 21:12 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-04 16:09 - 2013-09-04 16:09 - 00000000 ____D C:\Windows\ERUNT
2013-09-04 15:59 - 2013-03-25 16:02 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-04 15:59 - 2013-03-25 16:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 15:51 - 2013-09-04 15:49 - 00000000 ____D C:\AdwCleaner
2013-09-04 15:46 - 2013-09-04 15:46 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mnemosyne\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-04 15:40 - 2010-11-21 05:47 - 00224240 _____ C:\Windows\PFRO.log
2013-09-04 00:37 - 2013-05-23 18:20 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-03 22:16 - 2013-09-03 22:16 - 00021639 _____ C:\ComboFix.txt
2013-09-03 22:16 - 2013-09-03 21:39 - 00000000 ____D C:\Qoobox
2013-09-03 22:16 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-03 22:15 - 2013-09-03 21:38 - 00000000 ____D C:\Windows\erdnt
2013-09-03 22:14 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-03 21:59 - 2013-09-02 19:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-03 20:41 - 2013-09-03 20:41 - 00082220 _____ C:\Users\Mnemosyne\Downloads\download-downloadfile-27500.zip
2013-09-03 06:47 - 2013-09-03 06:47 - 00036161 _____ C:\Users\Mnemosyne\Downloads\FRST.txt
2013-09-03 06:47 - 2013-09-03 06:46 - 00033716 _____ C:\Users\Mnemosyne\Downloads\Addition.txt
2013-09-03 06:45 - 2013-09-03 06:45 - 00000000 ____D C:\FRST
2013-09-03 06:42 - 2013-09-03 06:42 - 00000168 _____ C:\Users\Mnemosyne\defogger_reenable
2013-09-03 06:42 - 2012-01-16 13:35 - 00000000 ____D C:\Users\Mnemosyne
2013-09-02 23:04 - 2013-09-02 23:04 - 01517376 _____ C:\Users\Mnemosyne\Downloads\wrar420.exe
2013-09-02 23:01 - 2012-04-14 11:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-02 23:01 - 2012-01-16 21:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-02 22:48 - 2013-09-02 22:48 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-02 22:47 - 2013-09-02 22:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 22:47 - 2013-09-02 22:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 22:32 - 2013-09-02 22:31 - 131918888 _____ C:\Users\Mnemosyne\Downloads\avast_free_antivirus_setup.exe
2013-09-02 20:19 - 2013-09-02 20:19 - 00005294 _____ C:\Users\Mnemosyne\Documents\cc_20130902_201813.reg
2013-09-02 20:10 - 2013-09-02 16:35 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-09-02 19:34 - 2013-09-02 19:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-02 19:15 - 2013-09-02 19:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-02 19:11 - 2013-09-02 19:11 - 37672592 _____ (Safer-Networking Ltd.                                      ) C:\Users\Mnemosyne\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-02 16:36 - 2013-09-02 16:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-30 09:48 - 2013-09-02 22:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-02 22:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-02 22:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-02 22:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-02 22:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-02 22:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-09-02 22:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-02 22:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-09-02 22:48 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-02 22:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-29 21:18 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-28 06:49 - 2013-08-28 06:49 - 00041596 _____ C:\Users\Mnemosyne\Downloads\juli.zip
2013-08-28 06:48 - 2013-08-28 06:48 - 00042108 _____ C:\Users\Mnemosyne\Downloads\Manga.zip
2013-08-24 17:43 - 2012-03-05 16:49 - 00000000 ____D C:\Users\Mnemosyne\Documents\Photoshop TUT
2013-08-24 17:42 - 2012-01-16 16:22 - 00000000 ____D C:\Users\Mnemosyne\Documents\Nähsachen
2013-08-24 17:08 - 2013-06-04 23:02 - 00001239 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-24 17:08 - 2013-06-04 23:01 - 00000000 ____D C:\Users\Mnemosyne\AppData\Roaming\DVDVideoSoft
2013-08-24 17:08 - 2013-06-04 23:01 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-24 17:04 - 2013-08-24 17:03 - 83655536 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\Mnemosyne\Downloads\FreeStudio(1).exe
2013-08-21 15:32 - 2009-07-14 06:45 - 05017424 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-20 22:06 - 2012-01-16 14:24 - 00131240 _____ C:\Users\MNEMOS~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 21:17 - 2013-08-20 21:17 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-20 21:17 - 2013-08-20 21:17 - 00000000 ____D C:\Users\Mnemosyne\AppData\Roaming\OpenOffice
2013-08-20 21:17 - 2013-08-20 21:17 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-20 21:16 - 2012-01-16 18:05 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-08-20 21:13 - 2013-08-20 21:13 - 00000000 ____D C:\Users\Mnemosyne\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-08-20 21:13 - 2013-08-20 21:10 - 162401424 _____ C:\Users\Mnemosyne\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-08-16 19:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 00:55 - 2013-08-15 00:54 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:54 - 2012-01-27 13:55 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\MNEMOS~1\AppData\Local\Temp\Quarantine.exe
C:\Users\MNEMOS~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\MNEMOS~1\AppData\Local\Temp\~nsu.tmp\Bu_.exe
C:\Users\MNEMOS~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 21:05

==================== End Of Log ============================
--- --- ---


und der Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013
Ran by Mnemosyne at 2013-09-06 22:00:45
Running from C:\Users\Mnemosyne\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Media Player (x32 Version: 1.8)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
ArtRage Studio Pro (x32 Version: 3.5.5)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.8.0)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Bamboo (Version: 5.2.5-5)
Bamboo Dock (x32 Version: 4.0)
Bamboo Dock (x32 Version: 4.0.0)
Benutzerhandbuch - Grundlagen EPSON XP-402 403 405 406 Series (x32)
Benutzerhandbuch EPSON XP-402 403 405 406 Series (x32)
BioShock (x32 Version: 2.62.0000)
Corel Painter Essentials 4 (x32 Version: 4.0)
Corel Painter Essentials 4 (x32)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Die Sims™ 3 (x32 Version: 1.50.56)
Die Sims™ 3 Design-Garten-Accessoires (x32 Version: 7.0.55)
Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96)
Die Sims™ 3 Gib Gas-Accessoires (x32 Version: 5.0.44)
Die Sims™ 3 Late Night (x32 Version: 6.0.81)
Die Sims™ 3 Lebensfreude (x32 Version: 8.0.152)
Die Sims™ 3 Luxus-Accessoires (x32 Version: 3.0.38)
Die Sims™ 3 Reiseabenteuer (x32 Version: 2.0.86)
Die Sims™ 3 Showtime (x32 Version: 12.0.273)
Die Sims™ 3 Stadt-Accessoires (x32 Version: 9.0.73)
Die Sims™ 3 Supernatural (x32 Version: 15.0.135)
Die Sims™ 3 Traumkarrieren (x32 Version: 4.0.87)
Die Sims™ 3 Traumsuite-Accessoires (x32 Version: 11.0.84)
Download Navigator (x32 Version: 3.4.1)
eaner (Version: 4.00)
Epson Easy Photo Print 2 (x32 Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
Epson Event Manager (x32 Version: 3.01.0000)
EPSON Scan (x32)
EPSON XP-402 403 405 406 Series Printer Uninstall
EpsonNet Print (x32 Version: 2.5.00)
ESET Online Scanner v3 (x32)
FileZilla Client 3.7.1 (x32 Version: 3.7.1)
Free Studio version 2013 (x32 Version: 6.1.10.812)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
Guard.ICQ (x32)
ICQ7.7 (x32 Version: 7.7)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Messenger Plus! for Skype (x32 Version: 1.8.0.125)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Netzwerkhandbuch EPSON XP-402 403 405 406 Series (x32)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.6 (Version: 1.6)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.131.854)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 7.2.17 (Version: 7.2.17)
NVIDIA Update Components (Version: 7.2.17)
NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Origin (x32 Version: 8.6.0.357)
PDF Settings CS5 (x32 Version: 10.0)
Pharao (x32)
PreReq (x32 Version: 6.2.4.0)
PxMergeModule (x32 Version: 1.00.0000)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
SHIELD Streaming (Version: 1.05.19)
Skype™ 6.7 (x32 Version: 6.7.102)
Tomb Raider: Anniversary 1.0 (x32)
Torchlight (x32 Version: 1.0.0)
Torchlight German Patch (x32 Version: 1.0.0)
Trillian (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000)
WebTablet FB Plugin (x32 Version: 2.0.0.1)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
WinRAR 5.00 (32-bit) (x32 Version: 5.00.0)

==================== Restore Points  =========================

03-09-2013 13:15:42 Windows Update
03-09-2013 22:31:18 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-03 22:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {13FC3A88-7DB7-4368-B97C-59876077766E} - System32\Tasks\{DA334DD2-F63B-4BFF-98BC-652B20E08EAE} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {1FE9BC8A-B82E-4C9A-977C-15CEAE7A4379} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {2870937E-9F74-4FB6-A960-9F1774955BE4} - System32\Tasks\{94DC0BFC-3DDF-4485-8A41-928717CB26B5} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {2AF75043-1A8F-4E9C-890B-F86CCC262A72} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {2F6FB4DD-89C4-488E-862F-FC1E3E8629A5} - System32\Tasks\{9ADDDA80-C99D-4140-8EF6-C2300E814D65} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {2F912C6B-2D26-4C28-BC90-960140EC2F38} - System32\Tasks\{A8B94B43-3AB6-482A-80A3-EF19837CBFC1} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {4DAF3558-3F38-4835-AEF6-EF5D4CD10783} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {59453F9F-DF7C-47AD-BB46-AD56D4939C8B} - System32\Tasks\{90EA3B56-34E7-41DA-8643-B1930CB603BF} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {5DADC19B-31E0-4600-8D85-E4676C9E5BB0} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {66A342F1-7522-45FF-A6BF-8DEC2C1EC580} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {7CDC7AAA-F4DC-45D6-BFB9-80ACDF39F403} - System32\Tasks\{5C6BEA30-BB2C-424D-815F-F56FF02E2B15} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {7D979323-F5CB-4071-A776-EF5FB2A9F2C6} - System32\Tasks\{73BC9927-174E-4BC5-89F5-56691C32E054} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {8A756D2A-D6A6-4B50-A5F3-46B086270BA5} - System32\Tasks\{FCA1AD46-06F7-4EFB-829F-1BC8CEDADD2C} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {AFAFE870-B53A-49C9-B77A-54064D7FC68D} - System32\Tasks\{EA7371E2-7B04-48A6-B738-A4B39C9BD90C} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {B314C6F0-CB1D-4128-878D-4BF75D1AD8B2} - System32\Tasks\{000B787D-91A3-4DEA-82FA-7349F8A14AEC} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {B854BDDB-0E12-4413-A68E-CE9E674F1D60} - System32\Tasks\{EEB23FCA-527B-4134-ADB3-0ADA9FDE56B9} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {B9ACFBF8-209B-4268-9F38-D1222C763C65} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {C8735AE6-6299-4B85-8889-F24410DA4E7F} - System32\Tasks\{AB3ACEF7-9979-42DF-9738-86F85AFEBADA} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {C970EC5F-B82D-4E6D-98F8-66F76C7D1067} - System32\Tasks\{927108AD-90E8-4CB0-A338-5237650BF34F} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {D156A29F-F835-459E-AA35-2EF899C5312D} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {E4450A27-FBA1-4B1D-B454-72228607C10A} - System32\Tasks\{62377DDD-9C63-42A7-9F2D-CB05CEF89C44} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {EA0C451A-4DB4-4967-B5FF-E37CBE1E44AB} - System32\Tasks\{140B5FA2-D27D-480E-992D-C53FE5F93BB7} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {ED2D3459-AD4C-4CF5-9B00-F1695EE29476} - System32\Tasks\{0456133A-8D2D-49DD-952A-9735284B27FA} => C:\Program Files (x86)\Electronic Arts\Die Sims 3 Showtime\Game\Bin\Sims3Launcher.exe [2012-02-02] (Electronic Arts, Inc.)
Task: {EEEF5A91-44E4-4B08-9A86-81D206B7288C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {FF064ADE-20FF-42BF-AD35-0E543037AE6F} - System32\Tasks\{8C92DE5D-2545-46AF-BD0D-F1ECE35C18A9} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-30 01:00 - 2013-01-30 01:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 01264032 _____ (Cerulean Studios) C:\Program Files (x86)\Trillian\images.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 01103264 _____ (Cerulean Studios, LLC) C:\Program Files (x86)\Trillian\core.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00127488 _____ (Independent JPEG Group <www.ijg.org>) C:\Program Files (x86)\Trillian\jpeg62.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00342944 _____ (Cerulean Studios) C:\Program Files (x86)\Trillian\expatxml.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 01255840 _____ (Cerulean Studios) C:\Program Files (x86)\Trillian\toolkit.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00299520 _____ (The University of New South Wales) C:\Program Files (x86)\Trillian\kdu_v43R.dll
2012-05-02 11:40 - 2012-05-02 11:40 - 00005120 _____ () c:\users\mnemosyne\appdata\roaming\trillian\languages\de\trillian.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00310176 _____ (Cerulean Studios) C:\Program Files (x86)\Trillian\events.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00685984 _____ (Cerulean Studios) C:\Program Files (x86)\Trillian\list.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00770464 _____ (Cerulean Studios) C:\Program Files (x86)\Trillian\buddy.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 02334624 _____ (Cerulean Studios) C:\Program Files (x86)\Trillian\talk.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00375296 _____ (hxxp://hunspell.sourceforge.net/) C:\Program Files (x86)\Trillian\libhunspell.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 01046432 _____ (Cerulean Studios, LLC) C:\Program Files (x86)\Trillian\plugins\astra.dll
2012-05-02 11:40 - 2012-05-02 11:40 - 00002048 _____ () c:\users\mnemosyne\appdata\roaming\trillian\languages\de\toolkit.dll
2012-05-02 11:40 - 2012-05-02 11:40 - 00007168 _____ () c:\users\mnemosyne\appdata\roaming\trillian\languages\de\events.dll
2012-05-02 11:40 - 2012-05-02 11:40 - 00010240 _____ () c:\users\mnemosyne\appdata\roaming\trillian\languages\de\buddy.dll
2012-05-02 11:40 - 2012-05-02 11:40 - 00006144 _____ () c:\users\mnemosyne\appdata\roaming\trillian\languages\de\talk.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00719264 _____ (Cerulean Studios, LLC) C:\Program Files (x86)\Trillian\plugins\xmpp.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00635808 _____ (Cerulean Studios) C:\Program Files (x86)\Trillian\plugins\mail.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00486816 _____ (Cerulean Studios, LLC) C:\Program Files (x86)\Trillian\plugins\myspace.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00612256 _____ (Cerulean Studios, LLC) C:\Program Files (x86)\Trillian\plugins\skype.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00647072 _____ (Cerulean Studios, LLC) C:\Program Files (x86)\Trillian\plugins\oscar.dll
2013-01-30 01:00 - 2013-01-30 01:00 - 00978336 _____ (Cerulean Studios, LLC) C:\Program Files (x86)\Trillian\plugins\msn.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 00291328 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2011-04-14 10:16 - 2011-04-14 10:16 - 00136704 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\ScanEngine30.dll
2011-04-14 10:25 - 2011-04-14 10:25 - 00055808 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ScnMgr10.dll
2011-04-14 10:25 - 2011-04-14 10:25 - 00206336 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ScnCom10.dll
2011-04-14 10:25 - 2011-04-14 10:25 - 00082944 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ScnEps25.dll
2011-11-25 18:47 - 2011-11-25 18:47 - 00110080 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2005-01-13 11:47 - 2005-01-13 11:47 - 00049152 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ESPSUTL.dll
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codeca.acm
2013-09-06 20:19 - 2013-08-14 19:55 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-21 05:16 - 2013-06-21 05:16 - 00575984 _____ (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2013-06-21 05:16 - 2013-06-21 05:16 - 00361744 _____ (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
2013-06-21 05:16 - 2013-06-21 05:16 - 01154832 _____ (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2013-07-12 07:25 - 2013-07-12 07:25 - 16166280 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
2013-06-22 16:53 - 2013-06-22 16:53 - 00463272 _____ (Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\ssv.dll
2013-06-22 16:53 - 2013-06-22 16:53 - 00171944 _____ (Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
2013-09-02 23:01 - 2013-09-02 23:01 - 16230792 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_94.ocx

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Mnemosyne\Lokale Einstellungen:0zUuo0srd22m21Q64bs
AlternateDataStreams: C:\Users\Mnemosyne\Lokale Einstellungen:Uwg7v3jj8k1VEsDMfweUhnHGP27
AlternateDataStreams: C:\Users\Mnemosyne\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Mnemosyne\AppData\Local:0zUuo0srd22m21Q64bs
AlternateDataStreams: C:\Users\Mnemosyne\AppData\Local:Uwg7v3jj8k1VEsDMfweUhnHGP27
AlternateDataStreams: C:\Users\MNEMOS~1\AppData\Local\Anwendungsdaten:0zUuo0srd22m21Q64bs
AlternateDataStreams: C:\Users\MNEMOS~1\AppData\Local\Anwendungsdaten:Uwg7v3jj8k1VEsDMfweUhnHGP27
AlternateDataStreams: C:\Users\MNEMOS~1\AppData\Local\R7lzU9Yx11:GRVHpujCk2u38rAe8
AlternateDataStreams: C:\Users\MNEMOS~1\AppData\Local\Temp:1Th6C9jBklNwTNamyZdBQfE6VLab0g


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2013 09:15:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/06/2013 04:29:11 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/06/2013 03:28:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2013 03:26:20 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/06/2013 03:26:19 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/06/2013 07:49:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2013 07:48:19 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/06/2013 07:48:19 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/05/2013 08:33:32 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/05/2013 08:30:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/05/2013 07:47:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2013 09:12:16 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/06/2013 09:15:11 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/06/2013 04:29:11 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (09/06/2013 03:28:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2013 03:26:20 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/06/2013 03:26:19 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/06/2013 07:49:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2013 07:48:19 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/06/2013 07:48:19 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/05/2013 08:33:32 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (09/05/2013 08:30:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mnemosyne\Desktop\Trojaner Board\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2013-09-03 22:13:15.359
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-03 22:13:15.281
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-01 00:51:56.227
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:56.080
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:55.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:55.749
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:55.614
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:55.479
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:39:25.591
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:39:25.456
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 8154.44 MB
Available physical RAM: 5060.12 MB
Total Pagefile: 16307.07 MB
Available Pagefile: 12878.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:527.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E87C0DFF)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 07.09.2013 07:51
wann genau? wenn du eine spezielle Seite nutzt oder immer? Hast Du das Addon Adblock plus installiert?

CoffinCutie 07.09.2013 20:39
Edit: Bin doch früher zurück als erwartet. x)


Ein Muster konnte ich bisher noch nicht erkennen. Aber meistens ist es Abends zwischen 18 und 22 Uhr, zumindest würde ich es in der Richtung eingrenzen. Einmal kam es auch um 16 Uhr. Aber halt immer sehr sporadisch.

Ich hab installiert: Adblock, Adblock plus und No Script.

Die Seiten die ich nutze während es auftaucht nutze ich schon seit mehreren Jahren. Foren, Deviantart, Animexx usw. Da hatte ich nie irgendwelche Werbungen und schon gar nicht solch unseriöse, deswegen wundert es mich ja umso mehr, das so ein Müll zu "mir durchkommt"

Kann ich Daten wie Fotos, Musik usw. ohne Gefahr retten? oder kann es passieren das ich mir dann den Virus oder was immer es ist, mit rüber kopiere?


edit 2:
eben öffnete sich ein Tab mit diesem Link
https://www.sunmaker.com/?a_aid=4e146f8b6ecd9&chan=wiDE4

Irgendso ein doofes Casino

Argh ganz viel rumeditieren. Tut mir leid.
Habe gerade gesehen das bei meinem mit Firefox neu installiertem Adblocker nur die deutsche Liste aktiviert war und das Casino ein .com ist.
Habe jetzt die englische liste hinzugefügt. Kann es vielleicht daran liegen? (aber vorher kam der kram ja auch durch und da hatte ich sie definitiv schon aktiv.
Werde es jetzt auf jedenfall noch mal gesondert deswegen im Auge behalten.

schrauber 09.09.2013 05:04
ja beobachte das mal und meld dich wieder :)

CoffinCutie 24.09.2013 20:39
Also bisher sind keine Probleme aufgetaucht.
Keine komischen Werbevideos mehr.

Dickes fettes DANKE dafür!

Abschließende Fragen:

Was jetzt?
Ich musste ja für die ganzen Tests virtuelle Laufwerke abschalten, wie krieg ich die wieder an?
Zumindest stand das in der Anleitung für die ersterstellung eines Threads. Keinen Plan ob defogger da was an oder aus gemacht hat. Ich bin da recht unwissend rangegangen Ö_ö

schrauber 25.09.2013 11:51
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

CoffinCutie 28.09.2013 14:41
Alles erledigt!
Bisher immernoch Werbefrei und kein verselbstständigen mehr von IE oder Firefox auf irgendwelche komischen Seiten! :D

Eine kurze Frage hab ich allerdings doch noch, weil das Problem erst auftritt nachdem ich hier artig alles gemacht hab.

Wenn ich mit dem Mausrad oder Strg + Links-Klick; auf einen Link klicke, öffnet Firefox den Link machmal normal in einem Tab oder auch zufällig in zwei Tabs. So dass ich dann also 2 Tabs hab die beide dem selben link folgen. Auf welchen Seiten das passiert ist auch zufällig. Auf dem Trojaner Board bin ich auch schon "doppelt" gelandet.

schrauber 29.09.2013 05:50
Zitat:
Wenn ich mit dem Mausrad oder Strg + Links-Klick; auf einen Link klicke, öffnet Firefox den Link machmal normal in einem Tab oder auch zufällig in zwei Tabs. So dass ich dann also 2 Tabs hab die beide dem selben link folgen. Auf welchen Seiten das passiert ist auch zufällig. Auf dem Trojaner Board bin ich auch schon "doppelt" gelandet.
Hmm, seit wann genau`?

CoffinCutie 30.10.2013 20:52
Hallo liebes Trojaner Board,

da bin ich wieder, mit guten und schlechten Nachrichten.
Erstmal vorweg es tut mir sehr leid, dass ich mich so lange nicht gemeldet habe. Ich war lange Zeit krank, dann gabs Stress auf der Arbeit. Manch einer kennt das ja.

Zu meinem "Click" Problem. Es scheint sich dabei um ein Problem mit der Maus zu handeln.
Das ist die gute Nachricht.

Die schlechte: Eben öffnete sich wieder ungefragt ein Popcash Tab mit Werbung. (für irgendwelche Autos.) :/

schrauber 31.10.2013 10:07
poste mal frische FRST logs. Das Popup kam in Firefox?

CoffinCutie 01.11.2013 20:58
Ja Pop up kam mit Firefox (eben schon wieder @-@ ... ich weiß nicht ob das was bringt wenn ich immer sage wann und wie oft es auftaucht)

FRST log

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Mnemosyne (administrator) on KEKZ on 01-11-2013 20:52:40
Running from C:\Users\Mnemosyne\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PSIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() c:\program files (x86)\trillian\plugins\skypekit.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-01-16] ()
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-27] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [MessengerPlusForSkypeService] - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [128000 2013-06-27] (Yuna Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-21] (AVAST Software)
Startup: C:\Users\Mnemosyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F7598702228CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: adblockpopups - C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: elemhidehelper - C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: lazarus - C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\Extensions\lazarus@interclue.com.xpi
FF Extension: noscript - C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Docs) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\MNEMOS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-21] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-01-16] ()
R2 MsgPlusService; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [128000 2013-06-27] (Yuna Software)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-21] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-10-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-24] (DT Soft Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-01 20:52 - 2013-11-01 20:52 - 00000000 ____D C:\FRST
2013-11-01 20:51 - 2013-11-01 20:51 - 01957098 _____ (Farbar) C:\Users\Mnemosyne\Desktop\FRST64.exe
2013-10-28 21:37 - 2013-10-28 21:37 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-28 21:34 - 2013-10-23 11:30 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-28 21:34 - 2013-10-23 11:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-28 21:34 - 2013-10-23 11:30 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-28 21:34 - 2013-06-16 13:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-10-28 21:34 - 2013-06-16 13:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-10-28 21:34 - 2013-01-29 09:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-10-28 21:27 - 2013-10-18 02:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-28 21:27 - 2013-10-18 02:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-28 21:26 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-28 21:26 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-24 21:45 - 2013-10-24 21:45 - 00947783 _____ C:\Users\Mnemosyne\Downloads\autumn_vintage_photoshop_action_by_lieveheersbeestje-d6rmkih.zip
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-21 11:29 - 2013-10-21 11:29 - 00000000 ____D C:\Users\Mnemosyne\AppData\Roaming\AVAST Software
2013-10-19 08:09 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-19 08:09 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-19 08:09 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-19 08:09 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-19 08:08 - 2013-10-19 08:09 - 00004249 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-12 00:41 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 00:41 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 00:41 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-12 00:41 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 00:41 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 00:41 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-12 00:41 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 00:41 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-12 00:41 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 00:41 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 00:41 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-12 00:41 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 19:11 - 2013-10-11 19:11 - 00729531 _____ C:\Users\Mnemosyne\Downloads\download-downloadfile-28418.zip
2013-10-11 14:19 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 14:19 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 14:19 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 14:19 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 14:19 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 14:19 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 14:19 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 14:19 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 14:19 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 14:19 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 14:19 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 14:19 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 14:19 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 14:19 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 14:19 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 14:19 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 14:19 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 14:19 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 14:19 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 14:19 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 14:19 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 14:19 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 14:19 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 14:19 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 14:19 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 14:19 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 14:19 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 14:19 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 14:18 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 14:18 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 14:18 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 14:18 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 14:18 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 14:18 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 14:18 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 14:18 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 14:18 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 14:18 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 14:18 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 14:18 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 14:18 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 14:18 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 14:18 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 14:18 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 14:18 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 14:18 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-07 19:02 - 2013-10-07 19:02 - 00828922 _____ C:\Users\Mnemosyne\Downloads\SilvanaSig.psd

==================== One Month Modified Files and Folders =======

2013-11-01 20:52 - 2013-11-01 20:52 - 00000000 ____D C:\FRST
2013-11-01 20:51 - 2013-11-01 20:51 - 01957098 _____ (Farbar) C:\Users\Mnemosyne\Desktop\FRST64.exe
2013-11-01 20:21 - 2013-09-06 19:11 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-01 19:51 - 2011-04-12 08:43 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-11-01 19:51 - 2011-04-12 08:43 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-11-01 19:51 - 2009-07-14 06:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 19:51 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-01 19:51 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-01 19:49 - 2012-01-01 12:05 - 01533629 _____ C:\Windows\WindowsUpdate.log
2013-11-01 19:45 - 2013-09-02 21:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-01 19:44 - 2013-09-06 19:11 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-01 19:44 - 2012-07-07 16:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-01 19:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-01 19:44 - 2009-07-14 05:51 - 00054566 _____ C:\Windows\setupact.log
2013-10-31 18:36 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-30 21:03 - 2010-11-21 04:47 - 00248756 _____ C:\Windows\PFRO.log
2013-10-28 21:37 - 2013-10-28 21:37 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-28 21:37 - 2012-07-07 16:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-28 21:37 - 2012-01-16 16:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-28 21:27 - 2012-01-16 16:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-24 21:45 - 2013-10-24 21:45 - 00947783 _____ C:\Users\Mnemosyne\Downloads\autumn_vintage_photoshop_action_by_lieveheersbeestje-d6rmkih.zip
2013-10-23 11:30 - 2013-10-28 21:34 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-23 11:30 - 2013-10-28 21:34 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-23 11:30 - 2013-10-28 21:34 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-23 11:30 - 2013-05-23 17:18 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-23 11:30 - 2012-07-07 16:43 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-23 11:30 - 2012-07-07 16:43 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-23 11:30 - 2012-07-07 16:43 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-23 11:30 - 2012-07-07 16:43 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-23 11:30 - 2012-07-07 16:43 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-10-23 11:30 - 2012-07-07 16:43 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-23 09:20 - 2012-07-07 16:44 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-23 09:20 - 2012-07-07 16:44 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-23 09:20 - 2012-07-07 16:44 - 03426956 _____ C:\Windows\system32\nvcoproc.bin
2013-10-23 09:20 - 2012-07-07 16:44 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-10-23 09:20 - 2012-07-07 16:44 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-23 09:20 - 2012-07-07 16:44 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-23 09:20 - 2012-07-07 16:44 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-21 11:29 - 2013-10-21 11:29 - 00000000 ____D C:\Users\Mnemosyne\AppData\Roaming\AVAST Software
2013-10-21 11:26 - 2013-09-02 21:48 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-21 11:26 - 2013-09-02 21:48 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-21 11:26 - 2013-09-02 21:48 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-21 11:26 - 2013-09-02 21:48 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-21 11:26 - 2013-09-02 21:48 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-21 11:26 - 2013-09-02 21:48 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-21 11:26 - 2013-09-02 21:48 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-21 11:26 - 2013-09-02 21:48 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-21 11:26 - 2013-09-02 21:48 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-21 11:26 - 2013-09-02 21:48 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-21 11:26 - 2013-09-02 21:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-21 11:23 - 2013-09-02 21:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-21 11:22 - 2013-09-02 21:48 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-19 08:18 - 2013-09-19 19:01 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 08:09 - 2013-10-19 08:08 - 00004249 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-19 08:09 - 2012-06-28 20:33 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-18 13:06 - 2013-01-23 14:39 - 00000000 ____D C:\Program Files (x86)\Trillian
2013-10-18 02:36 - 2013-10-28 21:27 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-18 02:36 - 2013-10-28 21:27 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-12 11:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-12 09:11 - 2009-07-14 05:45 - 05017424 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 00:40 - 2013-03-14 00:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-12 00:40 - 2013-03-14 00:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-12 00:39 - 2013-05-23 17:20 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-12 00:36 - 2013-08-14 23:54 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 00:35 - 2012-01-27 12:55 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-12 00:16 - 2013-09-06 19:11 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 00:16 - 2013-09-06 19:11 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 22:22 - 2012-04-14 10:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 22:22 - 2012-01-16 20:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 22:22 - 2012-01-16 17:31 - 00000000 ____D C:\Users\Mnemosyne\AppData\Local\Adobe
2013-10-11 19:11 - 2013-10-11 19:11 - 00729531 _____ C:\Users\Mnemosyne\Downloads\download-downloadfile-28418.zip
2013-10-08 06:50 - 2013-10-19 08:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 06:46 - 2013-10-19 08:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 06:46 - 2013-10-19 08:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 06:46 - 2013-10-19 08:09 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-07 19:02 - 2013-10-07 19:02 - 00828922 _____ C:\Users\Mnemosyne\Downloads\SilvanaSig.psd

Some content of TEMP:
====================
C:\Users\Mnemosyne\AppData\Local\Temp\InstallAX.exe
C:\Users\Mnemosyne\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Mnemosyne\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mnemosyne\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Mnemosyne\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Mnemosyne\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Mnemosyne\AppData\Local\Temp\nvStInst.exe
C:\Users\Mnemosyne\AppData\Local\Temp\Quarantine.exe
C:\Users\Mnemosyne\AppData\Local\Temp\Update_182b.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-01 20:05

==================== End Of Log ============================
--- --- ---

--- --- ---



Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Mnemosyne at 2013-11-01 20:53:28
Running from C:\Users\Mnemosyne\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1030)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Media Player (x32 Version: 1.8)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
ArtRage Studio Pro (x32 Version: 3.5.5)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.8.0)
avast! Free Antivirus (x32 Version: 9.0.2006)
Bamboo (Version: 5.2.5-5)
Bamboo Dock (x32 Version: 4.0)
Bamboo Dock (x32 Version: 4.0.0)
Benutzerhandbuch - Grundlagen EPSON XP-402 403 405 406 Series (x32)
Benutzerhandbuch EPSON XP-402 403 405 406 Series (x32)
BioShock (x32 Version: 2.62.0000)
CCleaner (Version: 4.00)
Corel Painter Essentials 4 (x32 Version: 4.0)
Corel Painter Essentials 4 (x32)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Die Sims™ 3 (x32 Version: 1.50.56)
Die Sims™ 3 Design-Garten-Accessoires (x32 Version: 7.0.55)
Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96)
Die Sims™ 3 Gib Gas-Accessoires (x32 Version: 5.0.44)
Die Sims™ 3 Late Night (x32 Version: 6.0.81)
Die Sims™ 3 Lebensfreude (x32 Version: 8.0.152)
Die Sims™ 3 Luxus-Accessoires (x32 Version: 3.0.38)
Die Sims™ 3 Reiseabenteuer (x32 Version: 2.0.86)
Die Sims™ 3 Showtime (x32 Version: 12.0.273)
Die Sims™ 3 Stadt-Accessoires (x32 Version: 9.0.73)
Die Sims™ 3 Supernatural (x32 Version: 15.0.135)
Die Sims™ 3 Traumkarrieren (x32 Version: 4.0.87)
Die Sims™ 3 Traumsuite-Accessoires (x32 Version: 11.0.84)
Download Navigator (x32 Version: 3.4.1)
Epson Easy Photo Print 2 (x32 Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
Epson Event Manager (x32 Version: 3.01.0000)
EPSON Scan (x32)
EPSON XP-402 403 405 406 Series Printer Uninstall
EpsonNet Print (x32 Version: 2.5.00)
ESET Online Scanner v3 (x32)
FileZilla Client 3.7.1 (x32 Version: 3.7.1)
Free Studio version 2013 (x32 Version: 6.1.10.812)
Free YouTube to MP3 Converter version 3.12.13.925 (x32 Version: 3.12.13.925)
GeForce Experience NvStream Client Components (Version: 1.6.28)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Guard.ICQ (x32)
ICQ7.7 (x32 Version: 7.7)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Messenger Plus! for Skype (x32 Version: 2.0.0.150)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Netzwerkhandbuch EPSON XP-402 403 405 406 Series (x32)
NVIDIA 3D Vision Controller-Treiber 331.65 (Version: 331.65)
NVIDIA 3D Vision Treiber 331.65 (Version: 331.65)
NVIDIA GeForce Experience 1.7 (Version: 1.7)
NVIDIA Grafiktreiber 331.65 (Version: 331.65)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165)
NVIDIA Systemsteuerung 331.65 (Version: 331.65)
NVIDIA Update 9.3.16 (Version: 9.3.16)
NVIDIA Update Components (Version: 9.3.16)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Origin (x32 Version: 8.6.0.357)
PDF Settings CS5 (x32 Version: 10.0)
Pharao (x32)
PreReq (x32 Version: 6.2.4.0)
PxMergeModule (x32 Version: 1.00.0000)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
SHIELD Streaming (Version: 1.6.34)
Skype™ 6.7 (x32 Version: 6.7.102)
Tomb Raider: Anniversary 1.0 (x32)
Torchlight (x32 Version: 1.0.0)
Torchlight German Patch (x32 Version: 1.0.0)
Trillian (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000)
WebTablet FB Plugin (x32 Version: 2.0.0.1)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
WinRAR 5.00 (32-bit) (x32 Version: 5.00.0)

==================== Restore Points  =========================

19-10-2013 07:08:07 Installed Java 7 Update 45
21-10-2013 10:23:45 avast! antivirus system restore point
22-10-2013 17:52:39 Windows Update
29-10-2013 15:01:05 Windows Update
01-11-2013 18:48:23 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-25 16:31 - 00000087 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {13FC3A88-7DB7-4368-B97C-59876077766E} - System32\Tasks\{DA334DD2-F63B-4BFF-98BC-652B20E08EAE} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {1FE9BC8A-B82E-4C9A-977C-15CEAE7A4379} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {2870937E-9F74-4FB6-A960-9F1774955BE4} - System32\Tasks\{94DC0BFC-3DDF-4485-8A41-928717CB26B5} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {2AF75043-1A8F-4E9C-890B-F86CCC262A72} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {2F6FB4DD-89C4-488E-862F-FC1E3E8629A5} - System32\Tasks\{9ADDDA80-C99D-4140-8EF6-C2300E814D65} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {2F912C6B-2D26-4C28-BC90-960140EC2F38} - System32\Tasks\{A8B94B43-3AB6-482A-80A3-EF19837CBFC1} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {4DAF3558-3F38-4835-AEF6-EF5D4CD10783} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {59453F9F-DF7C-47AD-BB46-AD56D4939C8B} - System32\Tasks\{90EA3B56-34E7-41DA-8643-B1930CB603BF} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {66A342F1-7522-45FF-A6BF-8DEC2C1EC580} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {7CDC7AAA-F4DC-45D6-BFB9-80ACDF39F403} - System32\Tasks\{5C6BEA30-BB2C-424D-815F-F56FF02E2B15} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {7D979323-F5CB-4071-A776-EF5FB2A9F2C6} - System32\Tasks\{73BC9927-174E-4BC5-89F5-56691C32E054} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {8A756D2A-D6A6-4B50-A5F3-46B086270BA5} - System32\Tasks\{FCA1AD46-06F7-4EFB-829F-1BC8CEDADD2C} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {AFAFE870-B53A-49C9-B77A-54064D7FC68D} - System32\Tasks\{EA7371E2-7B04-48A6-B738-A4B39C9BD90C} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {B314C6F0-CB1D-4128-878D-4BF75D1AD8B2} - System32\Tasks\{000B787D-91A3-4DEA-82FA-7349F8A14AEC} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {B854BDDB-0E12-4413-A68E-CE9E674F1D60} - System32\Tasks\{EEB23FCA-527B-4134-ADB3-0ADA9FDE56B9} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {B9ACFBF8-209B-4268-9F38-D1222C763C65} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation)
Task: {C3C30507-A05A-455A-83F0-92C6C765CBEE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-21] (AVAST Software)
Task: {C8735AE6-6299-4B85-8889-F24410DA4E7F} - System32\Tasks\{AB3ACEF7-9979-42DF-9738-86F85AFEBADA} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {C970EC5F-B82D-4E6D-98F8-66F76C7D1067} - System32\Tasks\{927108AD-90E8-4CB0-A338-5237650BF34F} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {D156A29F-F835-459E-AA35-2EF899C5312D} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {E4450A27-FBA1-4B1D-B454-72228607C10A} - System32\Tasks\{62377DDD-9C63-42A7-9F2D-CB05CEF89C44} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {EA0C451A-4DB4-4967-B5FF-E37CBE1E44AB} - System32\Tasks\{140B5FA2-D27D-480E-992D-C53FE5F93BB7} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: {ED2D3459-AD4C-4CF5-9B00-F1695EE29476} - System32\Tasks\{0456133A-8D2D-49DD-952A-9735284B27FA} => C:\Program Files (x86)\Electronic Arts\Die Sims 3 Showtime\Game\Bin\Sims3Launcher.exe [2012-02-02] (Electronic Arts, Inc.)
Task: {FF064ADE-20FF-42BF-AD35-0E543037AE6F} - System32\Tasks\{8C92DE5D-2545-46AF-BD0D-F1ECE35C18A9} => C:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe [2007-11-14] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-25 17:19 - 2011-09-08 16:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-11-01 19:45 - 2013-11-01 13:14 - 02137088 _____ () C:\Program Files\AVAST Software\Avast\defs\13110100\algo.dll
2013-10-20 23:00 - 2013-10-20 23:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll
2013-10-20 23:00 - 2013-10-20 23:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll
2013-10-20 23:00 - 2013-10-20 23:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll
2012-11-28 09:21 - 2012-11-28 09:21 - 00002048 _____ () C:\Users\Mnemosyne\AppData\Roaming\Trillian\languages\de\toolkit.dll
2012-11-28 09:21 - 2012-11-28 09:21 - 00007168 _____ () C:\Users\Mnemosyne\AppData\Roaming\Trillian\languages\de\events.dll
2012-11-28 09:21 - 2012-11-28 09:21 - 00009728 _____ () C:\Users\Mnemosyne\AppData\Roaming\Trillian\languages\de\buddy.dll
2012-11-28 09:21 - 2012-11-28 09:21 - 00006144 _____ () C:\Users\Mnemosyne\AppData\Roaming\Trillian\languages\de\talk.dll
2012-05-02 10:40 - 2012-05-02 10:40 - 00005120 _____ () C:\Users\Mnemosyne\AppData\Roaming\Trillian\languages\de\trillian.dll
2013-09-19 19:42 - 2013-09-19 19:42 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-21 11:26 - 2013-10-21 11:26 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-11 14:12 - 2013-10-11 22:17 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Mnemosyne\Lokale Einstellungen:0zUuo0srd22m21Q64bs
AlternateDataStreams: C:\Users\Mnemosyne\Lokale Einstellungen:Uwg7v3jj8k1VEsDMfweUhnHGP27
AlternateDataStreams: C:\Users\Mnemosyne\AppData\Local:0zUuo0srd22m21Q64bs
AlternateDataStreams: C:\Users\Mnemosyne\AppData\Local:Uwg7v3jj8k1VEsDMfweUhnHGP27
AlternateDataStreams: C:\Users\Mnemosyne\AppData\Local\Anwendungsdaten:0zUuo0srd22m21Q64bs
AlternateDataStreams: C:\Users\Mnemosyne\AppData\Local\Anwendungsdaten:Uwg7v3jj8k1VEsDMfweUhnHGP27
AlternateDataStreams: C:\Users\Mnemosyne\AppData\Local\R7lzU9Yx11:GRVHpujCk2u38rAe8
AlternateDataStreams: C:\Users\Mnemosyne\AppData\Local\Temp:1Th6C9jBklNwTNamyZdBQfE6VLab0g

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2013 08:28:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/01/2013 08:06:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/01/2013 07:45:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 05:25:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2013 06:38:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2013 05:18:03 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/31/2013 04:53:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2013 09:04:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2013 06:22:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/30/2013 04:16:02 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (10/26/2013 01:37:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TouchServicePen erreicht.

Error: (10/21/2013 11:33:16 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Guard.Mail.ru" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/21/2013 11:26:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! Antivirus" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/17/2013 06:11:59 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioEndpointBuilder erreicht.

Error: (10/12/2013 09:10:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.

Error: (10/07/2013 11:34:50 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/04/2013 02:36:39 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/13/2013 02:34:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/13/2013 02:34:17 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (09/13/2013 02:34:17 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (11/01/2013 08:28:30 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (11/01/2013 08:06:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (11/01/2013 07:45:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 05:25:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2013 06:38:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2013 05:18:03 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/31/2013 04:53:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2013 09:04:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2013 06:22:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/30/2013 04:16:02 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


CodeIntegrity Errors:
===================================
  Date: 2013-09-03 22:13:15.359
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-03 22:13:15.281
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-01 00:51:56.227
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:56.080
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:55.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:55.749
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:55.614
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:51:55.479
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:39:25.591
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-01 00:39:25.456
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8154.44 MB
Available physical RAM: 5840.34 MB
Total Pagefile: 16307.06 MB
Available Pagefile: 13807.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:525.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E87C0DFF)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 02.11.2013 11:42
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

CoffinCutie 03.11.2013 10:45
Hier der/die/das Combo fix log

Code:
ComboFix 13-11-03.02 - Mnemosyne 03.11.2013  10:34:19.1.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8154.5706 [GMT 1:00]
ausgeführt von:: c:\users\Mnemosyne\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-10-03 bis 2013-11-03  ))))))))))))))))))))))))))))))
.
.
2013-11-01 19:52 . 2013-11-01 19:52        --------        d-----w-        C:\FRST
2013-11-01 18:49 . 2013-10-14 07:12        10280728        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BAC1E2F-D6DB-43C5-AA67-588221300580}\mpengine.dll
2013-10-28 20:37 . 2013-10-28 20:37        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2013-10-28 20:27 . 2013-10-18 01:36        1063200        ----a-w-        c:\windows\system32\nvspcap64.dll
2013-10-28 20:27 . 2013-10-18 01:36        955168        ----a-w-        c:\windows\SysWow64\nvspcap.dll
2013-10-28 20:26 . 2013-09-27 23:01        39200        ----a-w-        c:\windows\system32\drivers\nvvad64v.sys
2013-10-28 20:26 . 2013-09-27 23:01        28960        ----a-w-        c:\windows\SysWow64\nvaudcap32v.dll
2013-10-23 02:02 . 2013-10-23 02:02        589600        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2013-10-21 15:06 . 2013-10-21 15:06        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-21 10:29 . 2013-10-21 10:29        --------        d-----w-        c:\users\Mnemosyne\AppData\Roaming\AVAST Software
2013-10-19 07:09 . 2013-10-08 05:50        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-11 13:19 . 2013-07-04 12:50        633856        ----a-w-        c:\windows\system32\comctl32.dll
2013-10-11 13:18 . 2013-08-29 02:13        878080        ----a-w-        c:\windows\system32\advapi32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-23 10:30 . 2013-05-23 16:18        15212336        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2013-10-23 10:30 . 2012-07-07 15:43        3067560        ----a-w-        c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2012-07-07 15:43        2695200        ----a-w-        c:\windows\SysWow64\nvapi.dll
2013-10-23 10:30 . 2012-07-07 15:43        18286416        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2013-10-23 10:30 . 2012-07-07 15:43        15855568        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2013-10-23 10:30 . 2012-07-07 15:43        1435504        ----a-w-        c:\windows\system32\nvumdshimx.dll
2013-10-23 08:20 . 2012-07-07 15:44        6669600        ----a-w-        c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2012-07-07 15:44        3489568        ----a-w-        c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2012-07-07 15:44        922912        ----a-w-        c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2012-07-07 15:44        63776        ----a-w-        c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2012-07-07 15:44        2559776        ----a-w-        c:\windows\system32\nvsvcr.dll
2013-10-23 08:20 . 2012-07-07 15:44        219424        ----a-w-        c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2012-07-07 15:44        3426956        ----a-w-        c:\windows\system32\nvcoproc.bin
2013-10-21 10:26 . 2013-09-02 20:48        38984        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-10-21 10:26 . 2013-09-02 20:48        409832        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-10-21 10:26 . 2013-09-02 20:48        92544        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-10-21 10:26 . 2013-09-02 20:48        65264        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-10-21 10:26 . 2013-09-02 20:48        1032416        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-10-21 10:26 . 2013-09-02 20:48        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 10:26 . 2013-09-02 20:48        205320        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-10-21 10:26 . 2013-09-02 20:48        84328        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-10-21 10:26 . 2013-09-02 20:48        334648        ----a-w-        c:\windows\system32\aswBoot.exe
2013-10-21 10:26 . 2013-09-02 20:47        43152        ----a-w-        c:\windows\avastSS.scr
2013-10-11 23:35 . 2012-01-27 11:55        80541720        ----a-w-        c:\windows\system32\MRT.exe
2013-10-11 21:22 . 2012-04-14 09:30        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-11 21:22 . 2012-01-16 19:56        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-27 23:01 . 2013-07-30 17:33        29984        ----a-w-        c:\windows\system32\nvaudcap64v.dll
2013-09-03 12:35 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-11 13:18        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-01-16 1564368]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2013-06-27 128000]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-21 3567800]
.
c:\users\Mnemosyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2013-10-20 2622832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MsgPlusDriver;Messenger Plus! Virtual Camera;c:\windows\system32\DRIVERS\MsgPlusDriver.sys;c:\windows\SYSNATIVE\DRIVERS\MsgPlusDriver.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [x]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 00:22        1185744        ----a-w-        c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 18:11]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 18:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-21 10:26        326944        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-09-06 20:21; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-09-06 20:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-06 20:22; elemhidehelper@adblockplus.org; c:\users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\extensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2013-09-06 20:23; adblockpopups@jessehakanen.net; c:\users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-09-09 15:56; lazarus@interclue.com; c:\users\Mnemosyne\AppData\Roaming\Mozilla\Firefox\Profiles\cs4xmjm7.default\extensions\lazarus@interclue.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Pharao - c:\windows\IsUn0407.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-465954070-3353046984-2009270894-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-465954070-3353046984-2009270894-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2b,71,67,88,8e,f1,e0,4b,cd,a3,bf,25,b3,ab,f0,0f,f8,69,9d,da,d0,1a,e6,
  af,1c,17,7a,5b,10,d5,fe,ad,16,a6,53,fe,b3,46,97,81,a4,9a,1b,8f,30,fb,c0,d9,\
"??"=hex:cb,d1,2f,38,60,0f,c0,e0,9a,0c,03,aa,c1,47,8a,b1
.
[HKEY_USERS\S-1-5-21-465954070-3353046984-2009270894-1000\Software\SecuROM\License information*]
"datasecu"=hex:88,ee,68,d7,07,1d,af,28,d2,55,2a,2b,45,9c,65,0b,34,46,3f,e4,2f,
  8f,cf,ab,0c,4f,ae,dd,e9,ee,33,af,1f,b3,5f,fd,7b,59,12,a0,86,09,f9,b1,84,72,\
"rkeysecu"=hex:65,60,28,19,1c,7e,44,9d,45,28,1d,d5,95,8c,32,12
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-03  10:42:56
ComboFix-quarantined-files.txt  2013-11-03 09:42
.
Vor Suchlauf: 22 Verzeichnis(se), 563.366.719.488 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 563.237.044.224 Bytes frei
.
- - End Of File - - 586D81FDE3ECA877CA3B7878DDB2548E
A36C5E4F47E84449FF07ED3517B43A31


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:38 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132