Trojaner-Board - Windows 7 Chrome: Werbung in neuen Tabs

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 7 Chrome: Werbung in neuen Tabs (https://www.trojaner-board.de/157582-windows-7-chrome-werbung-neuen-tabs.html)

Windows 7 Chrome: Werbung in neuen Tabs

Hallo

Seit gestern öffnen sich in Facebook bei zufälligen Aktionen (Klick auf's Logo, Öffnen von weiteren Kommentaren, ...) ein oder mehrere Werbungsfenster in neuen Tabs.

Habe zuerst einen Malwarebytes Scan gemacht:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Scan Date: 13.08.2014

Scan Time: 22:11:41

Logfile: log.txt

Administrator: Yes
 

Version: 2.00.2.1012

Malware Database: v2014.08.13.07

Rootkit Database: v2014.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled
 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: JoHelc
 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 293208

Time Elapsed: 4 min, 12 sec
 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled
 

Processes: 0

(No malicious items detected)
 

Modules: 0

(No malicious items detected)
 

Registry Keys: 11

PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, Quarantined, [110a0fb78eed15215dc93a300ef46d93], 

PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, Quarantined, [b36875510576e74f77afed7db44edc24], 

PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers, Quarantined, [b36875510576e74f77afed7db44edc24], 

PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers.1, Quarantined, [b36875510576e74f77afed7db44edc24], 

PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, Quarantined, [48d36066d1aacc6a02222abd936fcd33], 

PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, Quarantined, [30eb7d49fe7dcf670b19499e946ece32], 

PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [6bb066602a517db957cee10643bf1ae6], 

PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, Quarantined, [be5df5d19ddec175d450d21536ccb64a], 

PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, Quarantined, [b06b5f6708732b0b27fd0dda2fd334cc], 

PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [d64506c09ae122149a8b1acd28dacd33], 

PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [6daea125bbc0fe3882d78e6408fa1ce4], 
 

Registry Values: 0

(No malicious items detected)
 

Registry Data: 0

(No malicious items detected)
 

Folders: 4

PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 

PUP.Optional.Yontoo.A, C:\Users\JoHelc\AppData\Roaming\Yontoo, Quarantined, [93888a3cb3c8fd397f3bf4d19d65758b], 

PUP.Optional.Yontoo.A, C:\Users\JoHelc\AppData\Roaming\Yontoo\dat, Quarantined, [93888a3cb3c8fd397f3bf4d19d65758b], 

PUP.Optional.Yontoo.A, C:\Users\JoHelc\AppData\Roaming\Yontoo\dat\update, Quarantined, [93888a3cb3c8fd397f3bf4d19d65758b], 
 

Files: 5

PUP.Optional.Superfish.A, C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [0219fec80d6ea591cda0eb06847ed828], 

PUP.Optional.Superfish.A, C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [5ebd3e8824578da905680fe2fd0538c8], 

PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\OptChrome.exe, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 

PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\sqlite3.exe, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 

PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 
 

Physical Sectors: 0

(No malicious items detected)
 
 

(end)

defogger

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 22:41 on 13/08/2014 (JoHelc)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014

Ran by JoHelc (administrator) on JOHELC-PC on 13-08-2014 22:42:55

Running from C:\Users\JoHelc\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

() C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe

(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe

(Flux Software LLC) C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

() C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1126528 2012-04-30] (Check Point Software Technologies)

HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-06-21] (Check Point Software Technologies LTD)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-08-13] (AVAST Software)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Google Update] => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-03] (Google Inc.)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify Web Helper] => C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-06] (Spotify Ltd)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify] => C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-06] (Spotify Ltd)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [f.lux] => C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559] => C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [MusicManager] => C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1000M Setup-Assistent.lnk

ShortcutTarget: NETGEAR WNA1000M Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe ()

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll (Montera Technologeis LTD)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll (Montera Technologeis LTD)

Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker

FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-07-03]

FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012-07-03]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-13]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.at/

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File

CHR Plugin: (Google Update) - C:\Users\JoHelc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Extension: (Easy Auto Refresh) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2012-07-03]

CHR Extension: (Magic Actions for YouTube™) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-03]

CHR Extension: (Xmarks Bookmark Sync) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-07-03]

CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-02-13]

CHR Extension: (Media Hint) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-05-21]

CHR Extension: (Google Drive) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-15]

CHR Extension: (YouTube) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]

CHR Extension: (Google+ Benachrichtigungen) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2012-07-03]

CHR Extension: (Random Bookmark) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfemjamlkkagdfdekjhggnlbdcpbdpc [2012-07-03]

CHR Extension: (Adblock Plus) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-03]

CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-12-05]

CHR Extension: (Gif Delayer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2014-06-03]

CHR Extension: (Google-Suche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]

CHR Extension: (GExtend) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkjhlnnlabicokdgaecdeihkdlkdhjm [2012-07-03]

CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-01-03]

CHR Extension: (Google Kalender) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-07-03]

CHR Extension: (Google Play Music) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-10]

CHR Extension: (Chain Reaction) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2012-12-11]

CHR Extension: (AdBlock) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-03]

CHR Extension: (avast! Online Security) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-13]

CHR Extension: (Spotify Chrome Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2012-07-03]

CHR Extension: (SoundCloud Downloader) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbhfpgkfmfpjbdofhelpjdmeilbeopp [2012-11-09]

CHR Extension: (Google +1-Schaltfläche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2012-07-03]

CHR Extension: (StumbleUpon) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2012-07-03]

CHR Extension: (Any.do Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-07-06]

CHR Extension: (Metric Conversions) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kninfdohcboilpapkmbbdmcfanlgflld [2014-05-03]

CHR Extension: (Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-07-17]

CHR Extension: (Evernote Web) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-07-03]

CHR Extension: (NextExt) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikijnjpcmngdnahmjihclokafpnniap [2012-11-14]

CHR Extension: (Ghostery) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-16]

CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-04-21]

CHR Extension: (Google Wallet) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]

CHR Extension: (Hover Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-03]

CHR Extension: (Google Chrome to Phone Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-07-03]

CHR Extension: (Select All) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcnbnhefnmjancehemliplicihbcjjb [2012-07-03]

CHR Extension: (https://www.google.at/publicdata/directory?hl) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbmpjekfjbabbfkiifjnokhniifopch [2013-12-09]

CHR Extension: (Click&Clean App) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-03]

CHR Extension: (Page Monitor) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-21]

CHR Extension: (Google Mail) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-13]

CHR StartMenuInternet: Google Chrome - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-13] (AVAST Software)

R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2012-04-30] (Check Point Software Technologies)

R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445880 2012-06-21] (Check Point Software Technologies LTD)

R2 WlanWpsSvc; C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-13] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-13] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-13] (AVAST Software)

S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-13] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-13] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-13] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-13] ()

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-10-22] () [File not signed]

R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2012-04-30] (Check Point Software Technologies)

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)

R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)

S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-10-22] () [File not signed]

U0 mmiwhc; C:\Windows\System32\drivers\shsccsu.sys [79064 2014-08-13] (Malwarebytes Corporation)

S3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                           )

R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-13 22:42 - 2014-08-13 22:43 - 00025529 _____ () C:\Users\JoHelc\Desktop\FRST.txt

2014-08-13 22:42 - 2014-08-13 22:42 - 02100224 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe

2014-08-13 22:42 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST

2014-08-13 22:40 - 2014-08-13 22:41 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log

2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable

2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe

2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster

2014-08-13 22:34 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox

2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-08-13 22:23 - 2014-08-13 22:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-13 22:22 - 2014-08-13 22:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407961442224

2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software

2014-08-13 22:19 - 2014-08-13 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-08-13 22:18 - 2014-08-13 22:19 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe

2014-08-13 22:16 - 2014-08-13 22:16 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\shsccsu.sys

2014-08-13 22:07 - 2014-08-13 22:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-13 22:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-13 22:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-13 22:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-13 22:06 - 2014-08-13 22:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-03 13:09 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-03 13:09 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-03 13:09 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-03 13:09 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-03 13:09 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-03 13:09 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-03 13:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-03 13:09 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-03 13:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-07-16 15:00 - 2014-07-16 15:00 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-16 15:00 - 2014-07-16 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-13 22:43 - 2014-08-13 22:42 - 00025529 _____ () C:\Users\JoHelc\Desktop\FRST.txt

2014-08-13 22:42 - 2014-08-13 22:42 - 02100224 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe

2014-08-13 22:42 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST

2014-08-13 22:41 - 2014-08-13 22:40 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log

2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable

2014-08-13 22:40 - 2012-07-03 00:08 - 00000000 ____D () C:\Users\JoHelc

2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe

2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster

2014-08-13 22:35 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox

2014-08-13 22:35 - 2012-07-03 00:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job

2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-08-13 22:24 - 2014-08-13 22:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-13 22:24 - 2014-08-13 22:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407961442224

2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software

2014-08-13 22:20 - 2014-08-13 22:19 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-08-13 22:19 - 2014-08-13 22:18 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe

2014-08-13 22:16 - 2014-08-13 22:16 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\shsccsu.sys

2014-08-13 22:08 - 2014-08-13 22:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-13 22:07 - 2014-08-13 22:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-13 21:27 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Spotify

2014-08-13 18:13 - 2012-07-03 00:08 - 02056780 _____ () C:\Windows\WindowsUpdate.log

2014-08-13 17:27 - 2009-07-14 06:51 - 00296021 _____ () C:\Windows\setupact.log

2014-08-13 13:29 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-13 13:29 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-13 13:27 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat

2014-08-13 13:27 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat

2014-08-13 13:27 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-13 13:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-12 23:53 - 2012-07-03 00:22 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job

2014-08-04 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-04 15:58 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Local\Spotify

2014-07-16 15:01 - 2014-02-17 14:53 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-16 15:00 - 2014-07-16 15:00 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-16 15:00 - 2014-07-16 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-16 15:00 - 2014-02-17 14:52 - 00000000 ____D () C:\Program Files (x86)\Java
 

Some content of TEMP:

====================

C:\Users\JoHelc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjztbg.dll

C:\Users\JoHelc\AppData\Local\Temp\DropDownDeals_Setup-C4_2013_03_14.exe

C:\Users\JoHelc\AppData\Local\Temp\FileSystemView.dll

C:\Users\JoHelc\AppData\Local\Temp\install_reader10_de_mssd_aih.exe

C:\Users\JoHelc\AppData\Local\Temp\JavaIC.dll

C:\Users\JoHelc\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\JoHelc\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\JoHelc\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\JoHelc\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\JoHelc\AppData\Local\Temp\msscct32.dll

C:\Users\JoHelc\AppData\Local\Temp\SpotifyUpgrader.exe

C:\Users\JoHelc\AppData\Local\Temp\tmp6C68.exe

C:\Users\JoHelc\AppData\Local\Temp\tmpF99A.exe

C:\Users\JoHelc\AppData\Local\Temp\vlc-2.0.7-win32.exe

C:\Users\JoHelc\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-08-07 00:28
 

==================== End Of Log ============================

GMER hat leider nicht funktioniert, es erschien eine Fehlermeldung dass es nicht ausgeführt werden kann.

Vielen Dank!

Jo

HI,

Addition.txt von FRST fehlt.

Ah, sorry.

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014

Ran by JoHelc at 2014-08-13 22:43:17

Running from C:\Users\JoHelc\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{53A19094-2C04-A9B9-7309-3E92152D4845}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden

AMD Steady Video Plug-In  (Version: 2.04.0000 - AMD) Hidden

Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ashampoo Burning Studio 6 FREE v.6.81 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.1 - Ashampoo GmbH & Co. KG)

avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)

Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)

f.lux (HKCU\...\Flux) (Version:  - )

Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden

KaloMa 4.94 (HKLM-x32\...\KaloMa_is1) (Version:  - Frank Böpple)

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)

NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM-x32\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR)

NETGEAR WNA1000M Wireless USB 2.0 Adapter (x32 Version: 1.01.10 - NETGEAR) Hidden

Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)

QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)

SketchUp 2013 (HKLM-x32\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)

Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)

TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)

UPC Install Master (HKLM-x32\...\UPC Install Master) (Version: 1.1.0.22 - UPC Telekabel GmbH)

UPC Install Master (x32 Version: 1.1.0.22 - UPC Telekabel GmbH) Hidden

VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

XnView 1.99.6 (HKLM-x32\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)

Yontoo 2.052 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.052 - Yontoo LLC) <==== ATTENTION

ZoneAlarm Antivirus (x32 Version: 10.2.064.000 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Firewall (x32 Version: 10.2.064.000 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 10.2.064.000 - Check Point)

ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)

ZoneAlarm Security (x32 Version: 10.2.064.000 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Security Toolbar  (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version:  - Check Point Software Technologies LTD)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 

==================== Restore Points  =========================
 

29-07-2014 13:50:44 Windows Update

03-08-2014 11:08:47 Windows Update

05-08-2014 08:34:50 Windows Update

08-08-2014 09:47:42 Windows Update

12-08-2014 11:44:10 Windows Update

13-08-2014 20:19:54 avast! antivirus system restore point
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {061C191A-B360-4BA6-81F8-E8B6AF70883A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)

Task: {5E3FEEF7-0328-4670-82BE-D5295049E6E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)

Task: {65C50BF2-F9F2-4542-82DF-0DA7BA5B598C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-13] (AVAST Software)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-06-30 23:23 - 2011-06-30 23:23 - 00167936 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe

2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-01-04 19:32 - 2012-01-04 19:32 - 00504064 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe

2013-09-25 18:13 - 2014-07-06 21:35 - 00601144 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

2012-07-03 19:32 - 2014-07-06 21:35 - 36966968 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\libcef.dll

2013-12-10 23:06 - 2013-12-10 23:06 - 10683392 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll

2013-12-10 23:06 - 2013-12-10 23:06 - 07741952 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\QtGui4.dll

2013-12-10 23:06 - 2013-12-10 23:06 - 02248192 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\QtCore4.dll

2013-12-10 23:06 - 2013-12-10 23:06 - 01681408 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll

2014-05-15 23:20 - 2014-05-15 23:20 - 00117248 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\libaacdec.dll

2014-05-15 23:20 - 2014-05-15 23:20 - 00231936 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll

2014-05-15 23:21 - 2014-05-15 23:21 - 00253440 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\libid3tag.dll

2014-05-15 23:24 - 2014-05-15 23:24 - 00344064 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll

2013-12-10 23:06 - 2013-12-10 23:06 - 00026624 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll

2011-12-26 14:48 - 2011-12-26 14:48 - 00237568 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WTmpl.dll

2011-12-26 14:43 - 2011-12-26 14:43 - 00327680 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\XParser.dll

2011-12-26 14:47 - 2011-12-26 14:47 - 00290816 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WDialog.dll

2011-12-26 14:44 - 2011-12-26 14:44 - 00512000 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WCtrls.dll

2011-12-13 11:18 - 2011-12-13 11:18 - 00286720 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WCommObj.dll

2011-12-26 14:45 - 2011-12-26 14:45 - 00319488 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WDraw.dll

2011-12-26 14:54 - 2011-12-26 14:54 - 00262144 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\GDIpProc.dll

2011-12-26 14:46 - 2011-12-26 14:46 - 00393216 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WWnd.dll

2011-12-13 12:10 - 2011-12-13 12:10 - 00413696 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanDll.dll

2011-12-13 11:18 - 2011-12-13 11:18 - 00307200 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WConn.dll

2014-07-02 14:55 - 2014-07-06 21:35 - 00867896 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\ffmpegsumo.dll

2013-09-25 18:13 - 2014-07-06 21:35 - 00886840 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\libglesv2.dll

2013-09-25 18:13 - 2014-07-06 21:35 - 00108600 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\libegl.dll

2014-08-13 22:22 - 2014-08-13 22:22 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2014-08-13 22:22 - 2014-08-13 22:22 - 02797056 _____ () C:\Program Files\AVAST Software\Avast\defs\14081301\algo.dll

2014-08-13 22:22 - 2014-08-13 22:22 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-08-13 22:36 - 2014-08-07 05:20 - 00718152 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll

2014-08-13 22:36 - 2014-08-07 05:20 - 00126280 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll

2014-08-13 22:36 - 2014-08-07 05:20 - 08537928 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll

2014-08-13 22:36 - 2014-08-07 05:20 - 00353096 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-13 22:36 - 2014-08-07 05:20 - 01732936 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

2014-08-13 22:36 - 2014-08-07 05:20 - 14669128 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

==================== Faulty Device Manager Devices =============
 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: Ethernet-Controller

Description: Ethernet-Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: SM-Bus-Controller

Description: SM-Bus-Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: USB (Universal Serial Bus)-Controller

Description: USB (Universal Serial Bus)-Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/13/2014 01:23:55 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/13/2014 01:09:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 90080108
 

Error: (08/12/2014 01:40:09 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/11/2014 11:49:34 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/10/2014 04:21:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 90080108
 

Error: (08/10/2014 01:32:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/09/2014 09:12:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 90080108
 

Error: (08/09/2014 10:02:06 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/08/2014 11:07:57 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/07/2014 06:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (08/13/2014 01:22:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/13/2014 01:22:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/12/2014 01:38:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/12/2014 01:38:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/11/2014 11:47:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/11/2014 11:47:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/10/2014 01:30:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/10/2014 01:30:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/09/2014 10:00:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/09/2014 10:00:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 
 

Microsoft Office Sessions:

=========================

Error: (08/13/2014 01:23:55 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/13/2014 01:09:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 90080108
 

Error: (08/12/2014 01:40:09 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/11/2014 11:49:34 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/10/2014 04:21:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 90080108
 

Error: (08/10/2014 01:32:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/09/2014 09:12:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 90080108
 

Error: (08/09/2014 10:02:06 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/08/2014 11:07:57 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/07/2014 06:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-08-13 22:34:42.881

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-08-13 22:24:20.488

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-08-13 22:16:53.438

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-08-13 22:00:14.516

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-08-13 20:35:00.098

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-08-13 19:48:45.592

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-08-13 18:48:23.597

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-08-13 17:39:23.223

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-08-13 16:20:07.407

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-08-13 15:26:01.039

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz

Percentage of memory in use: 52%

Total physical RAM: 8087.03 MB

Available physical RAM: 3801.99 MB

Total Pagefile: 16172.24 MB

Available Pagefile: 10160 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:238.37 GB) (Free:150.28 GB) NTFS

Drive e: (Volume) (Fixed) (Total:931.39 GB) (Free:675.54 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 82B18B96)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Zone Alarm AV und Firewall komplett deinstallieren.

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ich finde bei Revo Uninstaller keine Programme mit einem solchem Zusatz, soll ich mit dem nächsten weitermachen?

edit:

So, ich hab jetzt mal mit Combofix weitergemacht.

Code:

ComboFix 14-08-15.01 - JoHelc 15.08.2014  20:50:17.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.8087.6628 [GMT 2:00]

ausgeführt von:: c:\users\JoHelc\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\JoHelc\4.0

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-07-15 bis 2014-08-15  ))))))))))))))))))))))))))))))

.

.

2014-08-15 18:54 . 2014-08-15 18:54        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-08-15 14:32 . 2014-08-15 14:32        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE63D763-A706-4650-B7F1-C863929557E0}\offreg.dll

2014-08-15 11:56 . 2014-08-15 11:56        --------        d-----w-        c:\program files (x86)\VS Revo Group

2014-08-15 11:45 . 2014-07-02 03:09        10924376        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE63D763-A706-4650-B7F1-C863929557E0}\mpengine.dll

2014-08-13 21:53 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll

2014-08-13 21:53 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe

2014-08-13 21:53 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll

2014-08-13 21:53 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe

2014-08-13 21:53 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll

2014-08-13 21:53 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll

2014-08-13 21:53 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe

2014-08-13 21:53 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe

2014-08-13 20:42 . 2014-08-13 20:43        --------        d-----w-        C:\FRST

2014-08-13 20:34 . 2014-08-13 20:35        --------        d-----w-        c:\users\JoHelc\AppData\Roaming\Dropbox

2014-08-13 20:24 . 2014-08-13 20:24        --------        d-----w-        c:\users\JoHelc\AppData\Roaming\AVAST Software

2014-08-13 20:22 . 2014-08-13 20:24        427360        ----a-w-        c:\windows\system32\drivers\aswsp.sys

2014-08-13 20:22 . 2014-08-13 20:22        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys

2014-08-13 20:22 . 2014-08-13 20:22        92008        ----a-w-        c:\windows\system32\drivers\aswStm.sys

2014-08-13 20:22 . 2014-08-13 20:22        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2014-08-13 20:22 . 2014-08-13 20:22        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys

2014-08-13 20:22 . 2014-08-13 20:22        307344        ----a-w-        c:\windows\system32\aswBoot.exe

2014-08-13 20:22 . 2014-08-13 20:22        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys

2014-08-13 20:22 . 2014-08-13 20:22        224896        ----a-w-        c:\windows\system32\drivers\aswVmm.sys

2014-08-13 20:22 . 2014-08-13 20:22        1041168        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2014-08-13 20:22 . 2014-08-13 20:22        43152        ----a-w-        c:\windows\avastSS.scr

2014-08-13 20:20 . 2014-08-13 20:20        --------        d-----w-        c:\program files\AVAST Software

2014-08-13 20:19 . 2014-08-13 20:20        --------        d-----w-        c:\programdata\AVAST Software

2014-08-13 20:07 . 2014-08-13 20:08        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-08-13 20:07 . 2014-08-13 20:07        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-08-13 20:07 . 2014-08-13 20:07        --------        d-----w-        c:\programdata\Malwarebytes

2014-08-13 20:07 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-08-13 20:07 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-08-13 20:07 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-08-13 11:33 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll

2014-08-13 11:33 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll

2014-08-13 11:33 . 2014-08-07 02:06        529920        ----a-w-        c:\windows\system32\aepdu.dll

2014-08-13 11:33 . 2014-08-07 02:01        424448        ----a-w-        c:\windows\system32\aeinv.dll

2014-07-18 15:40 . 2014-08-14 13:11        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-08-13 21:55 . 2012-07-03 21:53        99218768        ----a-w-        c:\windows\system32\MRT.exe

2014-07-11 01:02 . 2014-02-17 12:52        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-06-18 02:18 . 2014-07-10 10:57        692736        ----a-w-        c:\windows\system32\osk.exe

2014-06-18 01:51 . 2014-07-10 10:57        646144        ----a-w-        c:\windows\SysWow64\osk.exe

2014-06-06 10:10 . 2014-07-10 10:57        624128        ----a-w-        c:\windows\system32\qedit.dll

2014-06-06 09:44 . 2014-07-10 10:57        509440        ----a-w-        c:\windows\SysWow64\qedit.dll

2014-06-05 14:45 . 2014-07-10 10:53        1460736        ----a-w-        c:\windows\system32\lsasrv.dll

2014-06-05 14:26 . 2014-07-10 10:53        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2014-06-05 14:25 . 2014-07-10 10:53        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2014-05-30 08:08 . 2014-07-10 10:57        210944        ----a-w-        c:\windows\system32\wdigest.dll

2014-05-30 08:08 . 2014-07-10 10:57        86528        ----a-w-        c:\windows\system32\TSpkg.dll

2014-05-30 08:08 . 2014-07-10 10:57        340992        ----a-w-        c:\windows\system32\schannel.dll

2014-05-30 08:08 . 2014-07-10 10:57        314880        ----a-w-        c:\windows\system32\msv1_0.dll

2014-05-30 08:08 . 2014-07-10 10:57        307200        ----a-w-        c:\windows\system32\ncrypt.dll

2014-05-30 08:08 . 2014-07-10 10:57        728064        ----a-w-        c:\windows\system32\kerberos.dll

2014-05-30 08:08 . 2014-07-10 10:57        22016        ----a-w-        c:\windows\system32\credssp.dll

2014-05-30 07:52 . 2014-07-10 10:57        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll

2014-05-30 07:52 . 2014-07-10 10:57        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll

2014-05-30 07:52 . 2014-07-10 10:57        247808        ----a-w-        c:\windows\SysWow64\schannel.dll

2014-05-30 07:52 . 2014-07-10 10:57        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll

2014-05-30 07:52 . 2014-07-10 10:57        259584        ----a-w-        c:\windows\SysWow64\msv1_0.dll

2014-05-30 07:52 . 2014-07-10 10:57        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll

2014-05-30 07:52 . 2014-07-10 10:57        17408        ----a-w-        c:\windows\SysWow64\credssp.dll

2014-05-30 06:45 . 2014-07-10 10:57        497152        ----a-w-        c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        131248        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        131248        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        131248        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-06 1178168]

"Spotify"="c:\users\JoHelc\AppData\Roaming\Spotify\spotify.exe" [2014-07-06 6162488]

"f.lux"="c:\users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]

"GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559"="c:\users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-08-07 860488]

"MusicManager"="c:\users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2014-05-15 7631872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-13 4085896]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNA1000M Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA1000M\WNA1000M.exe -Hide [2012-1-4 504064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\DRIVERS\WNA1000M.sys;c:\windows\SYSNATIVE\DRIVERS\WNA1000M.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]

S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe;c:\program files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2014-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job

- c:\users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 22:22]

.

2014-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job

- c:\users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 22:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-08-13 20:22        634872        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        164016        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        164016        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        164016        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        164016        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.42.129

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-08-15  20:59:11

ComboFix-quarantined-files.txt  2014-08-15 18:59

.

Vor Suchlauf: 9 Verzeichnis(se), 164.391.079.936 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 166.893.301.760 Bytes frei

.

- - End Of File - - 15A7ECF355FA153693E01583AB46AC89

A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

MBAM

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 16.08.2014

Suchlauf-Zeit: 15:11:49

Logdatei: 

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.08.16.05

Rootkit Datenbank: v2014.08.15.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: JoHelc
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 299962

Verstrichene Zeit: 3 Min, 22 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 0

(No malicious items detected)
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

ADwCleaner

Code:

# AdwCleaner v3.306 - Bericht erstellt am 16/08/2014 um 15:23:07

# Aktualisiert 15/08/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : JoHelc - JOHELC-PC

# Gestartet von : C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Ordner Gelöscht : C:\Users\JoHelc\AppData\Local\PackageAware

Ordner Gelöscht : C:\Users\JoHelc\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

Datei Gelöscht : C:\Windows\System32\roboot64.exe

Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deutsch.babylon.com_0.localstorage

Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deutsch.babylon.com_0.localstorage-journal

Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage

Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal

Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage

Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17239
 
 

-\\ Google Chrome v
 

[ Datei : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={6D962002-4AEF-4ED8-9459-AC0C19AD4A26}&mid=738fced7e90147d0bf81d33c0ed5a9c4-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=AVG&pr=fr&d=2012-06-15 18:00:41&v=11.1.0.12&sap=dsp&q={searchTerms}

Gelöscht [Search Provider] : hxxp://thesweetestnoise.com/?s={searchTerms}

Gelöscht [Search Provider] : hxxp://anisearch.de/?page=suche&mode=auswahl&qsearch={searchTerms}

Gelöscht [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

Gelöscht [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 

*************************
 

AdwCleaner[R0].txt - [3945 octets] - [16/08/2014 15:21:24]

AdwCleaner[S0].txt - [4430 octets] - [16/08/2014 15:23:07]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4490 octets] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by JoHelc on 16.08.2014 at 15:27:37,46

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1ABC_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1ABC_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1ABC_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1ABC_RASMANCS
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 16.08.2014 at 15:32:03,64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 02

Ran by JoHelc (administrator) on JOHELC-PC on 16-08-2014 15:35:18

Running from C:\Users\JoHelc\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

() C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Flux Software LLC) C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

() C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-13] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify Web Helper] => C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-06] (Spotify Ltd)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify] => C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-06] (Spotify Ltd)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [f.lux] => C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559] => C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [MusicManager] => C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1000M Setup-Assistent.lnk

ShortcutTarget: NETGEAR WNA1000M Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe ()

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-13]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.at/

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File

CHR Plugin: (Google Update) - C:\Users\JoHelc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Extension: (Easy Auto Refresh) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2012-07-03]

CHR Extension: (Magic Actions for YouTube™) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-03]

CHR Extension: (Xmarks Bookmark Sync) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-07-03]

CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-02-13]

CHR Extension: (Media Hint) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-05-21]

CHR Extension: (Google Drive) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-15]

CHR Extension: (YouTube) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]

CHR Extension: (Google+ Benachrichtigungen) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2012-07-03]

CHR Extension: (Random Bookmark) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfemjamlkkagdfdekjhggnlbdcpbdpc [2012-07-03]

CHR Extension: (Adblock Plus) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-03]

CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-12-05]

CHR Extension: (Gif Delayer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2014-06-03]

CHR Extension: (Google-Suche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]

CHR Extension: (GExtend) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkjhlnnlabicokdgaecdeihkdlkdhjm [2012-07-03]

CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-01-03]

CHR Extension: (Google Kalender) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-07-03]

CHR Extension: (Google Play Music) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-10]

CHR Extension: (Chain Reaction) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2012-12-11]

CHR Extension: (AdBlock) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-03]

CHR Extension: (avast! Online Security) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-13]

CHR Extension: (Spotify Chrome Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2012-07-03]

CHR Extension: (SoundCloud Downloader) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbhfpgkfmfpjbdofhelpjdmeilbeopp [2012-11-09]

CHR Extension: (Google +1-Schaltfläche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2012-07-03]

CHR Extension: (StumbleUpon) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2012-07-03]

CHR Extension: (Any.do Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-07-06]

CHR Extension: (Metric Conversions) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kninfdohcboilpapkmbbdmcfanlgflld [2014-05-03]

CHR Extension: (Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-07-17]

CHR Extension: (Evernote Web) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-07-03]

CHR Extension: (NextExt) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikijnjpcmngdnahmjihclokafpnniap [2012-11-14]

CHR Extension: (Ghostery) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-16]

CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-04-21]

CHR Extension: (Google Wallet) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]

CHR Extension: (Hover Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-03]

CHR Extension: (Google Chrome to Phone Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-07-03]

CHR Extension: (Select All) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcnbnhefnmjancehemliplicihbcjjb [2012-07-03]

CHR Extension: (https://www.google.at/publicdata/directory?hl) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbmpjekfjbabbfkiifjnokhniifopch [2013-12-09]

CHR Extension: (Click&Clean App) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-03]

CHR Extension: (Page Monitor) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-21]

CHR Extension: (Google Mail) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-13]

CHR StartMenuInternet: Google Chrome - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-13] (AVAST Software)

R2 WlanWpsSvc; C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-13] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-13] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-13] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-13] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-13] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-13] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-13] ()

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-10-22] () [File not signed]

S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-10-22] () [File not signed]

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-16] (Malwarebytes Corporation)

S3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                           )

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Users\JoHelc\Desktop\FRST-OlderVersion

2014-08-16 15:32 - 2014-08-16 15:32 - 00001281 _____ () C:\Users\JoHelc\Desktop\JRT.txt

2014-08-16 15:27 - 2014-08-16 15:27 - 01016261 _____ (Thisisu) C:\Users\JoHelc\Desktop\JRT.exe

2014-08-16 15:27 - 2014-08-16 15:27 - 00000000 ____D () C:\Windows\ERUNT

2014-08-16 15:21 - 2014-08-16 15:23 - 00000000 ____D () C:\AdwCleaner

2014-08-16 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-08-16 15:20 - 2014-08-16 15:20 - 01361203 _____ () C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe

2014-08-15 20:59 - 2014-08-15 20:59 - 00014569 _____ () C:\ComboFix.txt

2014-08-15 20:49 - 2014-08-15 20:59 - 00000000 ____D () C:\Qoobox

2014-08-15 20:49 - 2014-08-15 20:57 - 00000000 ____D () C:\Windows\erdnt

2014-08-15 20:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-08-15 20:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-08-15 20:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-08-15 20:44 - 2014-08-15 20:45 - 05571320 ____R (Swearware) C:\Users\JoHelc\Desktop\ComboFix.exe

2014-08-15 13:56 - 2014-08-15 13:56 - 00001268 _____ () C:\Users\JoHelc\Desktop\Revo Uninstaller.lnk

2014-08-15 13:56 - 2014-08-15 13:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-08-15 13:55 - 2014-08-15 13:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JoHelc\Downloads\revosetup95.exe

2014-08-14 19:38 - 2014-08-16 01:51 - 00000000 ____D () C:\Users\JoHelc\Desktop\waldviertel

2014-08-13 23:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-13 23:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-13 23:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-13 23:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-13 23:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-13 23:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-13 23:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-13 23:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-13 23:52 - 2014-08-13 23:52 - 00001304 _____ () C:\Users\JoHelc\Desktop\ert.txt

2014-08-13 22:44 - 2014-08-13 22:44 - 00380416 _____ () C:\Users\JoHelc\Desktop\Gmer-19357.exe

2014-08-13 22:43 - 2014-08-13 22:43 - 00029229 _____ () C:\Users\JoHelc\Desktop\Addition.txt

2014-08-13 22:42 - 2014-08-16 15:35 - 02101248 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe

2014-08-13 22:42 - 2014-08-16 15:35 - 00019676 _____ () C:\Users\JoHelc\Desktop\FRST.txt

2014-08-13 22:42 - 2014-08-16 15:35 - 00000000 ____D () C:\FRST

2014-08-13 22:40 - 2014-08-13 22:41 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log

2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable

2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe

2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster

2014-08-13 22:34 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox

2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-08-13 22:23 - 2014-08-15 13:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-13 22:22 - 2014-08-13 22:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software

2014-08-13 22:19 - 2014-08-13 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-08-13 22:18 - 2014-08-13 22:19 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe

2014-08-13 22:07 - 2014-08-16 15:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-13 22:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-13 22:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-13 22:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-13 22:06 - 2014-08-13 22:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-13 13:35 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-13 13:35 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-13 13:35 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-13 13:35 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-13 13:35 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-13 13:35 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-13 13:35 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-13 13:35 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-13 13:35 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-13 13:35 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-13 13:35 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-13 13:35 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-13 13:35 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-13 13:35 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-13 13:35 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-13 13:35 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-13 13:35 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-13 13:35 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-13 13:35 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-13 13:35 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-13 13:35 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-13 13:35 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-13 13:35 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-13 13:35 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-13 13:35 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-13 13:35 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-13 13:35 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-13 13:35 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-13 13:35 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-13 13:35 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-13 13:35 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-13 13:35 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-13 13:35 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-13 13:35 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-13 13:35 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-13 13:35 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-13 13:35 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-13 13:35 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-13 13:35 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-13 13:35 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-13 13:35 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-13 13:35 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-13 13:35 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-13 13:35 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-13 13:35 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-13 13:35 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-13 13:35 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-13 13:35 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-13 13:35 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-13 13:35 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-13 13:35 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-13 13:35 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-13 13:35 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-13 13:35 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-13 13:35 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-13 13:35 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-13 13:35 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-13 13:35 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-13 13:35 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-13 13:35 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-13 13:35 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-13 13:35 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-13 13:35 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-13 13:35 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-13 13:35 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-13 13:35 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-13 13:35 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-13 13:35 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-13 13:35 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-13 13:35 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-13 13:35 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-13 13:35 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-13 13:35 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-13 13:35 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-13 13:33 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-13 13:33 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-13 13:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-13 13:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-03 13:09 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-03 13:09 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-03 13:09 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-03 13:09 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-03 13:09 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-03 13:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-03 13:09 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-03 13:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Users\JoHelc\Desktop\FRST-OlderVersion

2014-08-16 15:35 - 2014-08-13 22:42 - 02101248 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe

2014-08-16 15:35 - 2014-08-13 22:42 - 00019676 _____ () C:\Users\JoHelc\Desktop\FRST.txt

2014-08-16 15:35 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST

2014-08-16 15:35 - 2012-07-03 00:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job

2014-08-16 15:32 - 2014-08-16 15:32 - 00001281 _____ () C:\Users\JoHelc\Desktop\JRT.txt

2014-08-16 15:31 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-16 15:31 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-16 15:29 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat

2014-08-16 15:29 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat

2014-08-16 15:29 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-16 15:27 - 2014-08-16 15:27 - 01016261 _____ (Thisisu) C:\Users\JoHelc\Desktop\JRT.exe

2014-08-16 15:27 - 2014-08-16 15:27 - 00000000 ____D () C:\Windows\ERUNT

2014-08-16 15:27 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Spotify

2014-08-16 15:24 - 2010-11-21 05:47 - 00173646 _____ () C:\Windows\PFRO.log

2014-08-16 15:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-16 15:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-16 15:24 - 2009-07-14 06:51 - 00297365 _____ () C:\Windows\setupact.log

2014-08-16 15:23 - 2014-08-16 15:21 - 00000000 ____D () C:\AdwCleaner

2014-08-16 15:23 - 2012-07-03 00:08 - 01230891 _____ () C:\Windows\WindowsUpdate.log

2014-08-16 15:20 - 2014-08-16 15:20 - 01361203 _____ () C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe

2014-08-16 15:11 - 2014-08-13 22:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-16 14:22 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-16 01:51 - 2014-08-14 19:38 - 00000000 ____D () C:\Users\JoHelc\Desktop\waldviertel

2014-08-16 01:20 - 2012-07-03 00:22 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job

2014-08-15 20:59 - 2014-08-15 20:59 - 00014569 _____ () C:\ComboFix.txt

2014-08-15 20:59 - 2014-08-15 20:49 - 00000000 ____D () C:\Qoobox

2014-08-15 20:57 - 2014-08-15 20:49 - 00000000 ____D () C:\Windows\erdnt

2014-08-15 20:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-08-15 20:53 - 2012-07-03 00:08 - 00000000 ____D () C:\Users\JoHelc

2014-08-15 20:45 - 2014-08-15 20:44 - 05571320 ____R (Swearware) C:\Users\JoHelc\Desktop\ComboFix.exe

2014-08-15 16:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-15 13:56 - 2014-08-15 13:56 - 00001268 _____ () C:\Users\JoHelc\Desktop\Revo Uninstaller.lnk

2014-08-15 13:56 - 2014-08-15 13:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-08-15 13:55 - 2014-08-15 13:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JoHelc\Downloads\revosetup95.exe

2014-08-15 13:40 - 2014-08-13 22:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-14 16:29 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Local\Spotify

2014-08-14 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-13 23:56 - 2013-08-14 01:30 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-13 23:55 - 2012-07-03 23:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-13 23:53 - 2014-05-07 23:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-13 23:52 - 2014-08-13 23:52 - 00001304 _____ () C:\Users\JoHelc\Desktop\ert.txt

2014-08-13 22:44 - 2014-08-13 22:44 - 00380416 _____ () C:\Users\JoHelc\Desktop\Gmer-19357.exe

2014-08-13 22:43 - 2014-08-13 22:43 - 00029229 _____ () C:\Users\JoHelc\Desktop\Addition.txt

2014-08-13 22:41 - 2014-08-13 22:40 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log

2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable

2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe

2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster

2014-08-13 22:35 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox

2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-08-13 22:24 - 2014-08-13 22:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software

2014-08-13 22:20 - 2014-08-13 22:19 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-08-13 22:19 - 2014-08-13 22:18 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-13 22:07 - 2014-08-13 22:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-07 04:06 - 2014-08-13 13:33 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-07 04:01 - 2014-08-13 13:33 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-01 01:41 - 2014-08-13 13:35 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-01 01:16 - 2014-08-13 13:35 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-25 16:52 - 2014-08-13 13:35 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-25 16:02 - 2014-08-13 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-25 16:01 - 2014-08-13 13:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-25 15:51 - 2014-08-13 13:35 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-25 15:30 - 2014-08-13 13:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-25 15:28 - 2014-08-13 13:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-25 15:28 - 2014-08-13 13:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-25 15:25 - 2014-08-13 13:35 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-25 15:25 - 2014-08-13 13:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-25 15:11 - 2014-08-13 13:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-25 15:10 - 2014-08-13 13:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-25 15:04 - 2014-08-13 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-25 15:03 - 2014-08-13 13:35 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-25 15:00 - 2014-08-13 13:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-25 15:00 - 2014-08-13 13:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-25 14:59 - 2014-08-13 13:35 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-25 14:47 - 2014-08-13 13:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-25 14:40 - 2014-08-13 13:35 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-25 14:34 - 2014-08-13 13:35 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-25 14:34 - 2014-08-13 13:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-25 14:33 - 2014-08-13 13:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-25 14:30 - 2014-08-13 13:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-25 14:28 - 2014-08-13 13:35 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-25 14:28 - 2014-08-13 13:35 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-25 14:21 - 2014-08-13 13:35 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-25 14:19 - 2014-08-13 13:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-25 14:18 - 2014-08-13 13:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-25 14:17 - 2014-08-13 13:35 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-25 14:17 - 2014-08-13 13:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-25 14:12 - 2014-08-13 13:35 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-25 14:10 - 2014-08-13 13:35 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-25 14:10 - 2014-08-13 13:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-25 14:08 - 2014-08-13 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-25 14:06 - 2014-08-13 13:35 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-25 13:52 - 2014-08-13 13:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-25 13:47 - 2014-08-13 13:35 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-25 13:43 - 2014-08-13 13:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-25 13:42 - 2014-08-13 13:35 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-25 13:39 - 2014-08-13 13:35 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-25 13:39 - 2014-08-13 13:35 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-25 13:36 - 2014-08-13 13:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-25 13:34 - 2014-08-13 13:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-25 13:29 - 2014-08-13 13:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-25 13:23 - 2014-08-13 13:35 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-25 13:13 - 2014-08-13 13:35 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-25 13:07 - 2014-08-13 13:35 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-25 13:07 - 2014-08-13 13:35 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-25 13:03 - 2014-08-13 13:35 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-25 12:52 - 2014-08-13 13:35 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-25 12:26 - 2014-08-13 13:35 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-25 12:17 - 2014-08-13 13:35 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-25 12:09 - 2014-08-13 13:35 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-25 12:05 - 2014-08-13 13:35 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-25 12:00 - 2014-08-13 13:35 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 

Some content of TEMP:

====================

C:\Users\JoHelc\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-08-07 00:28
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition-log wurde jetzt nicht gemacht glaub ich, brauch ich den auch wieder?

nö :)

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

ESET

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=afa10c2d140fd34a9ed2aec360911fd5

# engine=19700

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-08-17 01:28:28

# local_time=2014-08-17 03:28:28 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='avast! Antivirus'

# compatibility_mode=783 16777213 100 95 267199 4480393 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 35072 159911958 0 0

# scanned=186676

# found=7

# cleaned=0

# scan_time=1563

sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"

sh=A030238BBFC91AC6A9AC08659C65FBB4ACAECDFA ft=1 fh=1040e9e6e3d18f2b vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"

sh=DF03019EA4962809E1AE99549D8A650DDE8DE9B6 ft=1 fh=f4bae2cd41aaec6e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JoHelc\Downloads\ashampoo_burning_studio_6_free_6.81_3639.exe"

sh=6F56C86DEB8AB15508139328DE292590F0476C71 ft=1 fh=9ad6d6796d8a2386 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JoHelc\Downloads\double_driver_4.1.0_portable.exe"

sh=ECD492B55F874927393FF84813821572A9FA1120 ft=1 fh=813680ec73ebc64b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JoHelc\Downloads\zaSetupWeb_102_078_000.exe"

sh=6A51C4AF084FC213AB1408D8ABEAABAB6B196785 ft=1 fh=dac66e915f718cfc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\usb\Downloads\zaSetupWeb_102_057_000.exe"

sh=88AEBF6AA80D04BD15ABECFD1A76F0EECA6ADB85 ft=1 fh=210f94f9550f967c vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\usb\Downloads\zaSetupWeb_102_064_000.exe"

SecurityCheck

Code:

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! Antivirus   

 Antivirus out of date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 65  

 Java version out of Date! 

 Adobe Reader 10.1.11 Adobe Reader out of Date!  

 Google Chrome 36.0.1985.125  

 Google Chrome 36.0.1985.143  
 ````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast avastui.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04

Ran by JoHelc (administrator) on JOHELC-PC on 17-08-2014 15:35:26

Running from C:\Users\JoHelc\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

() C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Flux Software LLC) C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

() C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-13] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify Web Helper] => C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-06] (Spotify Ltd)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify] => C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-06] (Spotify Ltd)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [f.lux] => C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559] => C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)

HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [MusicManager] => C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1000M Setup-Assistent.lnk

ShortcutTarget: NETGEAR WNA1000M Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe ()

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-13]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.at/

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File

CHR Plugin: (Google Update) - C:\Users\JoHelc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Extension: (Easy Auto Refresh) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2012-07-03]

CHR Extension: (Magic Actions for YouTube™) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-03]

CHR Extension: (Xmarks Bookmark Sync) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-07-03]

CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-02-13]

CHR Extension: (Media Hint) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-05-21]

CHR Extension: (Google Drive) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-15]

CHR Extension: (YouTube) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]

CHR Extension: (Google+ Benachrichtigungen) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2012-07-03]

CHR Extension: (Random Bookmark) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfemjamlkkagdfdekjhggnlbdcpbdpc [2012-07-03]

CHR Extension: (Adblock Plus) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-03]

CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-12-05]

CHR Extension: (Gif Delayer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2014-06-03]

CHR Extension: (Google-Suche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]

CHR Extension: (GExtend) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkjhlnnlabicokdgaecdeihkdlkdhjm [2012-07-03]

CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-01-03]

CHR Extension: (Google Kalender) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-07-03]

CHR Extension: (Google Play Music) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-10]

CHR Extension: (Chain Reaction) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2012-12-11]

CHR Extension: (AdBlock) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-03]

CHR Extension: (avast! Online Security) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-13]

CHR Extension: (Spotify Chrome Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2012-07-03]

CHR Extension: (SoundCloud Downloader) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbhfpgkfmfpjbdofhelpjdmeilbeopp [2012-11-09]

CHR Extension: (Google +1-Schaltfläche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2012-07-03]

CHR Extension: (StumbleUpon) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2012-07-03]

CHR Extension: (Any.do Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-07-06]

CHR Extension: (Metric Conversions) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kninfdohcboilpapkmbbdmcfanlgflld [2014-05-03]

CHR Extension: (Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-07-17]

CHR Extension: (Evernote Web) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-07-03]

CHR Extension: (NextExt) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikijnjpcmngdnahmjihclokafpnniap [2012-11-14]

CHR Extension: (Ghostery) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-16]

CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-04-21]

CHR Extension: (Google Wallet) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]

CHR Extension: (Hover Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-03]

CHR Extension: (Google Chrome to Phone Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-07-03]

CHR Extension: (Select All) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcnbnhefnmjancehemliplicihbcjjb [2012-07-03]

CHR Extension: (https://www.google.at/publicdata/directory?hl) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbmpjekfjbabbfkiifjnokhniifopch [2013-12-09]

CHR Extension: (Click&Clean App) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-03]

CHR Extension: (Page Monitor) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-21]

CHR Extension: (Google Mail) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-13]

CHR StartMenuInternet: Google Chrome - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-13] (AVAST Software)

R2 WlanWpsSvc; C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-13] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-13] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-13] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-13] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-13] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-13] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-13] ()

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-10-22] () [File not signed]

S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-10-22] () [File not signed]

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-16] (Malwarebytes Corporation)

S3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                           )

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-17 15:31 - 2014-08-17 15:31 - 00854417 _____ () C:\Users\JoHelc\Desktop\SecurityCheck.exe

2014-08-17 14:56 - 2014-08-17 14:56 - 02347384 _____ (ESET) C:\Users\JoHelc\Desktop\esetsmartinstaller_deu.exe

2014-08-16 15:35 - 2014-08-17 15:35 - 00000000 ____D () C:\Users\JoHelc\Desktop\FRST-OlderVersion

2014-08-16 15:32 - 2014-08-16 15:32 - 00001281 _____ () C:\Users\JoHelc\Desktop\JRT.txt

2014-08-16 15:27 - 2014-08-16 15:27 - 01016261 _____ (Thisisu) C:\Users\JoHelc\Desktop\JRT.exe

2014-08-16 15:27 - 2014-08-16 15:27 - 00000000 ____D () C:\Windows\ERUNT

2014-08-16 15:21 - 2014-08-16 15:23 - 00000000 ____D () C:\AdwCleaner

2014-08-16 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-08-16 15:20 - 2014-08-16 15:20 - 01361203 _____ () C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe

2014-08-15 20:59 - 2014-08-15 20:59 - 00014569 _____ () C:\ComboFix.txt

2014-08-15 20:49 - 2014-08-15 20:59 - 00000000 ____D () C:\Qoobox

2014-08-15 20:49 - 2014-08-15 20:57 - 00000000 ____D () C:\Windows\erdnt

2014-08-15 20:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-08-15 20:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-08-15 20:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-08-15 20:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-08-15 20:44 - 2014-08-15 20:45 - 05571320 ____R (Swearware) C:\Users\JoHelc\Desktop\ComboFix.exe

2014-08-15 13:56 - 2014-08-15 13:56 - 00001268 _____ () C:\Users\JoHelc\Desktop\Revo Uninstaller.lnk

2014-08-15 13:56 - 2014-08-15 13:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-08-15 13:55 - 2014-08-15 13:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JoHelc\Downloads\revosetup95.exe

2014-08-14 19:38 - 2014-08-16 01:51 - 00000000 ____D () C:\Users\JoHelc\Desktop\waldviertel

2014-08-13 23:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-13 23:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-13 23:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-13 23:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-13 23:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-13 23:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-13 23:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-13 23:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-13 23:52 - 2014-08-13 23:52 - 00001304 _____ () C:\Users\JoHelc\Desktop\ert.txt

2014-08-13 22:44 - 2014-08-13 22:44 - 00380416 _____ () C:\Users\JoHelc\Desktop\Gmer-19357.exe

2014-08-13 22:43 - 2014-08-13 22:43 - 00029229 _____ () C:\Users\JoHelc\Desktop\Addition.txt

2014-08-13 22:42 - 2014-08-17 15:35 - 02101760 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe

2014-08-13 22:42 - 2014-08-17 15:35 - 00021570 _____ () C:\Users\JoHelc\Desktop\FRST.txt

2014-08-13 22:42 - 2014-08-17 15:35 - 00000000 ____D () C:\FRST

2014-08-13 22:40 - 2014-08-13 22:41 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log

2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable

2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe

2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster

2014-08-13 22:34 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox

2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-08-13 22:23 - 2014-08-15 13:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-13 22:22 - 2014-08-13 22:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software

2014-08-13 22:19 - 2014-08-13 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-08-13 22:18 - 2014-08-13 22:19 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe

2014-08-13 22:07 - 2014-08-16 15:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-13 22:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-13 22:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-13 22:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-13 22:06 - 2014-08-13 22:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-13 13:35 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-13 13:35 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-13 13:35 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-13 13:35 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-13 13:35 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-13 13:35 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-13 13:35 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-13 13:35 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-13 13:35 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-13 13:35 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-13 13:35 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-13 13:35 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-13 13:35 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-13 13:35 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-13 13:35 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-13 13:35 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-13 13:35 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-13 13:35 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-13 13:35 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-13 13:35 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-13 13:35 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-13 13:35 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-13 13:35 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-13 13:35 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-13 13:35 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-13 13:35 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-13 13:35 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-13 13:35 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-13 13:35 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-13 13:35 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-13 13:35 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-13 13:35 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-13 13:35 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-13 13:35 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-13 13:35 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-13 13:35 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-13 13:35 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-13 13:35 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-13 13:35 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-13 13:35 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-13 13:35 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-13 13:35 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-13 13:35 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-13 13:35 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-13 13:35 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-13 13:35 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-13 13:35 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-13 13:35 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-13 13:35 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-13 13:35 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-13 13:35 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-13 13:35 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-13 13:35 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-13 13:35 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-13 13:35 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-13 13:35 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-13 13:35 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-13 13:35 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-13 13:35 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-13 13:35 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-13 13:35 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-13 13:35 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-13 13:35 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-13 13:35 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-13 13:35 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-13 13:35 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-13 13:35 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-13 13:35 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-13 13:35 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-13 13:35 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-13 13:35 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-13 13:35 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-13 13:35 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-13 13:35 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-13 13:33 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-13 13:33 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-13 13:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-13 13:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-03 13:09 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-03 13:09 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-03 13:09 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-03 13:09 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-03 13:09 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-03 13:09 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-03 13:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-03 13:09 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-03 13:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-17 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Users\JoHelc\Desktop\FRST-OlderVersion

2014-08-17 15:35 - 2014-08-13 22:42 - 02101760 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe

2014-08-17 15:35 - 2014-08-13 22:42 - 00021570 _____ () C:\Users\JoHelc\Desktop\FRST.txt

2014-08-17 15:35 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST

2014-08-17 15:35 - 2012-07-03 00:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job

2014-08-17 15:31 - 2014-08-17 15:31 - 00854417 _____ () C:\Users\JoHelc\Desktop\SecurityCheck.exe

2014-08-17 14:58 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Spotify

2014-08-17 14:56 - 2014-08-17 14:56 - 02347384 _____ (ESET) C:\Users\JoHelc\Desktop\esetsmartinstaller_deu.exe

2014-08-17 14:42 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-17 14:42 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-17 14:41 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat

2014-08-17 14:41 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat

2014-08-17 14:41 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-17 14:38 - 2012-07-03 00:08 - 01253602 _____ () C:\Windows\WindowsUpdate.log

2014-08-17 14:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-17 14:35 - 2009-07-14 06:51 - 00297869 _____ () C:\Windows\setupact.log

2014-08-17 14:35 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-16 23:35 - 2012-07-03 00:22 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job

2014-08-16 15:32 - 2014-08-16 15:32 - 00001281 _____ () C:\Users\JoHelc\Desktop\JRT.txt

2014-08-16 15:27 - 2014-08-16 15:27 - 01016261 _____ (Thisisu) C:\Users\JoHelc\Desktop\JRT.exe

2014-08-16 15:27 - 2014-08-16 15:27 - 00000000 ____D () C:\Windows\ERUNT

2014-08-16 15:24 - 2010-11-21 05:47 - 00173646 _____ () C:\Windows\PFRO.log

2014-08-16 15:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-16 15:23 - 2014-08-16 15:21 - 00000000 ____D () C:\AdwCleaner

2014-08-16 15:23 - 2012-07-03 00:27 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\CheckPoint

2014-08-16 15:20 - 2014-08-16 15:20 - 01361203 _____ () C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe

2014-08-16 15:11 - 2014-08-13 22:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-16 01:51 - 2014-08-14 19:38 - 00000000 ____D () C:\Users\JoHelc\Desktop\waldviertel

2014-08-15 20:59 - 2014-08-15 20:59 - 00014569 _____ () C:\ComboFix.txt

2014-08-15 20:59 - 2014-08-15 20:49 - 00000000 ____D () C:\Qoobox

2014-08-15 20:57 - 2014-08-15 20:49 - 00000000 ____D () C:\Windows\erdnt

2014-08-15 20:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-08-15 20:53 - 2012-07-03 00:08 - 00000000 ____D () C:\Users\JoHelc

2014-08-15 20:45 - 2014-08-15 20:44 - 05571320 ____R (Swearware) C:\Users\JoHelc\Desktop\ComboFix.exe

2014-08-15 16:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-15 13:56 - 2014-08-15 13:56 - 00001268 _____ () C:\Users\JoHelc\Desktop\Revo Uninstaller.lnk

2014-08-15 13:56 - 2014-08-15 13:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-08-15 13:55 - 2014-08-15 13:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JoHelc\Downloads\revosetup95.exe

2014-08-15 13:40 - 2014-08-13 22:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-14 16:29 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Local\Spotify

2014-08-14 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-13 23:56 - 2013-08-14 01:30 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-13 23:55 - 2012-07-03 23:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-13 23:53 - 2014-05-07 23:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-13 23:52 - 2014-08-13 23:52 - 00001304 _____ () C:\Users\JoHelc\Desktop\ert.txt

2014-08-13 22:44 - 2014-08-13 22:44 - 00380416 _____ () C:\Users\JoHelc\Desktop\Gmer-19357.exe

2014-08-13 22:43 - 2014-08-13 22:43 - 00029229 _____ () C:\Users\JoHelc\Desktop\Addition.txt

2014-08-13 22:41 - 2014-08-13 22:40 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log

2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable

2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe

2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster

2014-08-13 22:35 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox

2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software

2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-08-13 22:24 - 2014-08-13 22:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software

2014-08-13 22:20 - 2014-08-13 22:19 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-08-13 22:19 - 2014-08-13 22:18 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-13 22:07 - 2014-08-13 22:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-07 04:06 - 2014-08-13 13:33 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-07 04:01 - 2014-08-13 13:33 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-01 01:41 - 2014-08-13 13:35 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-01 01:16 - 2014-08-13 13:35 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-25 16:52 - 2014-08-13 13:35 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-25 16:02 - 2014-08-13 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-25 16:01 - 2014-08-13 13:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-25 15:51 - 2014-08-13 13:35 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-25 15:30 - 2014-08-13 13:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-25 15:28 - 2014-08-13 13:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-25 15:28 - 2014-08-13 13:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-25 15:25 - 2014-08-13 13:35 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-25 15:25 - 2014-08-13 13:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-25 15:11 - 2014-08-13 13:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-25 15:10 - 2014-08-13 13:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-25 15:04 - 2014-08-13 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-25 15:03 - 2014-08-13 13:35 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-25 15:00 - 2014-08-13 13:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-25 15:00 - 2014-08-13 13:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-25 14:59 - 2014-08-13 13:35 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-25 14:47 - 2014-08-13 13:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-25 14:40 - 2014-08-13 13:35 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-25 14:34 - 2014-08-13 13:35 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-25 14:34 - 2014-08-13 13:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-25 14:33 - 2014-08-13 13:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-25 14:30 - 2014-08-13 13:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-25 14:28 - 2014-08-13 13:35 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-25 14:28 - 2014-08-13 13:35 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-25 14:21 - 2014-08-13 13:35 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-25 14:19 - 2014-08-13 13:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-25 14:18 - 2014-08-13 13:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-25 14:17 - 2014-08-13 13:35 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-25 14:17 - 2014-08-13 13:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-25 14:12 - 2014-08-13 13:35 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-25 14:10 - 2014-08-13 13:35 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-25 14:10 - 2014-08-13 13:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-25 14:08 - 2014-08-13 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-25 14:06 - 2014-08-13 13:35 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-25 13:52 - 2014-08-13 13:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-25 13:47 - 2014-08-13 13:35 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-25 13:43 - 2014-08-13 13:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-25 13:42 - 2014-08-13 13:35 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-25 13:39 - 2014-08-13 13:35 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-25 13:39 - 2014-08-13 13:35 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-25 13:36 - 2014-08-13 13:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-25 13:34 - 2014-08-13 13:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-25 13:29 - 2014-08-13 13:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-25 13:23 - 2014-08-13 13:35 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-25 13:13 - 2014-08-13 13:35 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-25 13:07 - 2014-08-13 13:35 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-25 13:07 - 2014-08-13 13:35 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-25 13:03 - 2014-08-13 13:35 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-25 12:52 - 2014-08-13 13:35 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-25 12:26 - 2014-08-13 13:35 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-25 12:17 - 2014-08-13 13:35 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-25 12:09 - 2014-08-13 13:35 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-25 12:05 - 2014-08-13 13:35 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-25 12:00 - 2014-08-13 13:35 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 

Some content of TEMP:

====================

C:\Users\JoHelc\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-08-17 00:02
 

==================== End Of Log ============================

--- --- ---

Ja, leider immer noch dasselbe Problem, wenn auch die Tabs direkt gleich wieder geschlossen werden.

Java und Adobe updaten.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Es ist vollbracht! Riesigen Dank! :)

Gibt's noch irgendwas zu beachten? Zonealarm kann ich vergessen bzw. ist Avast und Windows Firewall genug?

Ja sollte reichen.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Verdammt, zu früh gefreut. Ich hab's tatsächlich geschafft die Deinstallation von Combofix zu vermasseln.

Hab's zuerst mit der Umbennenungsvariante versucht, war in der Annahme dass es nicht funktioniert hätte und habe noch zusätzlich über Start -> Ausführen Variante gestartet. Anscheinend ist Combofix dann noch einmal durchgelaufen, wobei zwischen den Stufen immer die Fehlermeldung kam, dass "NIRKMD" nicht gefunden werden konnte.

Nach dem Neustart ist die Fehlermeldung wieder erschienen (und der Bildschirmhintergrund ist nun schwarz).

Hier der Log

Code:

ComboFix 14-08-15.01 - JoHelc 19.08.2014  15:30:56.2.4 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.8087.4250 [GMT 2:00]

ausgeführt von:: c:\users\JoHelc\Desktop\uninstall.exe.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

.

c:\windows\SysWow64\sfcfiles.dll . . . fehlt!!

.

c:\windows\system32\drivers\null.sys . . . fehlt!!

.

c:\windows\system32\drivers\afd.sys . . . fehlt!!

.

c:\windows\system32\drivers\ndis.sys . . . fehlt!!

.

c:\windows\system32\drivers\ndisuio.sys . . . fehlt!!

.

c:\windows\system32\drivers\netbios.sys . . . fehlt!!

.

c:\windows\system32\drivers\usbehci.sys . . . fehlt!!

.

c:\windows\system32\drivers\intelppm.sys . . . fehlt!!

.

c:\windows\system32\drivers\tcpip.sys . . . fehlt!!

.

c:\windows\system32\drivers\netbt.sys . . . fehlt!!

.

c:\windows\system32\drivers\asyncmac.sys . . . fehlt!!

.

c:\windows\system32\drivers\cdrom.sys . . . fehlt!!

.

c:\windows\system32\drivers\Serial.sys . . . fehlt!!

.

c:\windows\system32\drivers\ndproxy.sys . . . fehlt!!

.

c:\windows\system32\drivers\ws2ifsl.sys . . . fehlt!!

.

c:\windows\system32\drivers\i8042prt.sys . . . fehlt!!

.

c:\windows\system32\drivers\ipsec.sys . . . fehlt!!

.

c:\windows\system32\drivers\psched.sys . . . fehlt!!

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_MSiSCSI

-------\Service_SessionEnv

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-07-19 bis 2014-08-19  ))))))))))))))))))))))))))))))

.

.

2014-08-19 13:39 . 2014-08-19 13:39        --------        d-----w-        C:\Device

2014-08-19 13:37 . 2014-08-19 13:37        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-08-19 12:52 . 2014-08-07 08:59        11319200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A96ED077-C613-480E-A038-D22BA8EF6C95}\mpengine.dll

2014-08-18 19:10 . 2014-08-18 19:19        --------        d-----w-        c:\program files (x86)\Google

2014-08-18 11:56 . 2014-08-18 11:56        --------        d-----w-        c:\program files (x86)\Common Files\Java

2014-08-18 11:56 . 2014-08-18 11:56        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-08-18 11:56 . 2014-08-18 11:56        --------        d-----w-        c:\program files (x86)\Java

2014-08-16 13:27 . 2014-08-16 13:27        --------        d-----w-        c:\windows\ERUNT

2014-08-16 13:21 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll

2014-08-16 13:21 . 2014-08-16 13:23        --------        d-----w-        C:\AdwCleaner

2014-08-15 18:59 . 2014-08-15 18:59        --------        d-----w-        c:\users\Public\AppData

2014-08-15 11:56 . 2014-08-15 11:56        --------        d-----w-        c:\program files (x86)\VS Revo Group

2014-08-13 21:53 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll

2014-08-13 21:53 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe

2014-08-13 21:53 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll

2014-08-13 21:53 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe

2014-08-13 20:42 . 2014-08-17 13:35        --------        d-----w-        C:\FRST

2014-08-13 20:34 . 2014-08-13 20:35        --------        d-----w-        c:\users\JoHelc\AppData\Roaming\Dropbox

2014-08-13 20:24 . 2014-08-13 20:24        --------        d-----w-        c:\users\JoHelc\AppData\Roaming\AVAST Software

2014-08-13 20:22 . 2014-08-13 20:22        43152        ----a-w-        c:\windows\avastSS.scr

2014-08-13 20:19 . 2014-08-13 20:20        --------        d-----w-        c:\programdata\AVAST Software

2014-08-13 20:07 . 2014-08-13 20:07        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-08-13 20:07 . 2014-08-13 20:07        --------        d-----w-        c:\programdata\Malwarebytes

2014-08-13 11:33 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll

2014-08-03 11:09 . 2014-05-14 16:23        36320        ----a-w-        c:\windows\SysWow64\wups.dll

2014-08-03 11:09 . 2014-05-14 16:23        581600        ----a-w-        c:\windows\SysWow64\wuapi.dll

2014-08-03 11:09 . 2014-05-14 16:17        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll

2014-08-03 11:09 . 2014-05-14 07:23        179656        ----a-w-        c:\windows\SysWow64\wuwebv.dll

2014-08-03 11:09 . 2014-05-14 07:17        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-08-19 13:03 . 2014-07-18 15:40        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin

2014-07-02 03:09 . 2012-07-03 17:23        10924376        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2014-06-18 01:51 . 2014-07-10 10:57        646144        ----a-w-        c:\windows\SysWow64\osk.exe

2014-06-06 09:44 . 2014-07-10 10:57        509440        ----a-w-        c:\windows\SysWow64\qedit.dll

2014-06-05 14:26 . 2014-07-10 10:53        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2014-06-05 14:25 . 2014-07-10 10:53        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2014-05-30 07:52 . 2014-07-10 10:57        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll

2014-05-30 07:52 . 2014-07-10 10:57        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll

2014-05-30 07:52 . 2014-07-10 10:57        247808        ----a-w-        c:\windows\SysWow64\schannel.dll

2014-05-30 07:52 . 2014-07-10 10:57        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll

2014-05-30 07:52 . 2014-07-10 10:57        259584        ----a-w-        c:\windows\SysWow64\msv1_0.dll

2014-05-30 07:52 . 2014-07-10 10:57        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll

2014-05-30 07:52 . 2014-07-10 10:57        17408        ----a-w-        c:\windows\SysWow64\credssp.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

.

.

.

.

[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\erdnt\cache86\mfc40u.dll

[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . c:\windows\SysWOW64\mfc40u.dll

[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll

.

[7] 2014-03-04 . FB18FE03DEC1297107946C4D597797C3 . 3974080 . . [6.1.7601.22616] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntkrnlpa.exe

[7] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] . . c:\windows\erdnt\cache86\ntkrnlpa.exe

[7] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] . . c:\windows\SysWOW64\ntkrnlpa.exe

[7] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntkrnlpa.exe

[7] 2013-08-29 . EB6B2FB5EE07337C8B4F3A16CBC18BE3 . 3973568 . . [6.1.7601.22436] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe

[7] 2013-08-29 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe

[7] 2013-08-02 . 0F3ACFF7F3D87C319F7894EF7155609B . 3973056 . . [6.1.7601.22411] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntkrnlpa.exe

[7] 2013-08-02 . 1A9E4EE88B31750E5CA207424143F99C . 3968960 . . [6.1.7601.18229] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntkrnlpa.exe

[7] 2013-07-09 . DD5F17D44E9966E7EA447AE8C4D12D6C . 3968960 . . [6.1.7601.18205] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_6e437f48125c4b05\ntkrnlpa.exe

[7] 2013-07-08 . 16A6C242C9B4DCA5A0B0FB7A95A75D70 . 3973056 . . [6.1.7601.22379] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_6e856dc72baf13c2\ntkrnlpa.exe

[7] 2013-03-19 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe

[7] 2013-03-19 . 3DFCBEEE97DF8BBAA749CAACFC9C43E1 . 3972440 . . [6.1.7601.22280] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe

[7] 2013-01-05 . 660100CB90F344040EF57F52FC0681C3 . 3967848 . . [6.1.7601.18044] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe

[7] 2013-01-05 . 8E43161944CE6E3A1F2B2618B992A8CE . 3971928 . . [6.1.7601.22210] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe

[7] 2012-08-30 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe

[7] 2012-08-30 . 770FEEA2823E463D68E170D7EA6FAEBA . 3972464 . . [6.1.7601.22103] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe

[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe

[7] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe

[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe

[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe

[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe

[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe

[7] 2010-11-21 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe

.

[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\erdnt\cache86\olepro32.dll

[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\SysWOW64\olepro32.dll

[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll

.

c:\windows\System32\drivers\atapi.sys ... Fehlt !!

c:\windows\System32\drivers\asyncmac.sys ... Fehlt !!

c:\windows\System32\drivers\beep.sys ... Fehlt !!

c:\windows\System32\drivers\kbdclass.sys ... Fehlt !!

c:\windows\System32\drivers\ndis.sys ... Fehlt !!

c:\windows\System32\drivers\ntfs.sys ... Fehlt !!

c:\windows\System32\drivers\null.sys ... Fehlt !!

c:\windows\System32\drivers\tcpip.sys ... Fehlt !!

c:\windows\System32\browser.dll ... Fehlt !!

c:\windows\System32\lsass.exe ... Fehlt !!

c:\windows\System32\netman.dll ... Fehlt !!

c:\windows\System32\qmgr.dll ... Fehlt !!

c:\windows\System32\rpcss.dll ... Fehlt !!

c:\windows\System32\services.exe ... Fehlt !!

c:\windows\System32\spoolsv.exe ... Fehlt !!

c:\windows\System32\winlogon.exe ... Fehlt !!

c:\windows\System32\wuauclt.exe ... Fehlt !!

c:\windows\System32\drivers\ipsec.sys ... Fehlt !!

c:\windows\System32\eventlog.dll ... Fehlt !!

c:\windows\System32\sfcfiles.dll ... Fehlt !!

c:\windows\System32\drivers\ipsec.sys ... Fehlt !!

c:\windows\System32\regsvc.dll ... Fehlt !!

c:\windows\System32\schedsvc.dll ... Fehlt !!

c:\windows\System32\ssdpsrv.dll ... Fehlt !!

c:\windows\System32\termsrv.dll ... Fehlt !!

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        131248        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        131248        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        131248        ----a-w-        c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]

@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"

[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]

2012-01-04 08:58        442880        ----a-w-        c:\windows\System32\ntshrui.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-06 1178168]

"Spotify"="c:\users\JoHelc\AppData\Roaming\Spotify\spotify.exe" [2014-07-06 6162488]

"f.lux"="c:\users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]

"MusicManager"="c:\users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2014-05-15 7631872]

"GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-08-07 860488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-13 4085896]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNA1000M Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA1000M\WNA1000M.exe -Hide [2012-1-4 504064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

.

R0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys --> c:\windows\system32\drivers\amdxata.sys [?]

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys --> c:\windows\system32\drivers\aswRvrt.sys [?]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys --> c:\windows\system32\drivers\aswVmm.sys [?]

R0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\system32\CLFS.sys --> c:\windows\system32\CLFS.sys [?]

R0 CNG;CNG;c:\windows\system32\Drivers\cng.sys --> c:\windows\system32\Drivers\cng.sys [?]

R0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys --> c:\windows\system32\drivers\fileinfo.sys [?]

R0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\system32\DRIVERS\fvevol.sys --> c:\windows\system32\DRIVERS\fvevol.sys [?]

R0 hwpolicy;Hardware Policy Driver;c:\windows\system32\drivers\hwpolicy.sys --> c:\windows\system32\drivers\hwpolicy.sys [?]

R0 KSecPkg;KSecPkg;c:\windows\system32\Drivers\ksecpkg.sys --> c:\windows\system32\Drivers\ksecpkg.sys [?]

R0 msahci;msahci;c:\windows\system32\drivers\msahci.sys --> c:\windows\system32\drivers\msahci.sys [?]

R0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys --> c:\windows\system32\drivers\msisadrv.sys [?]

R0 pcw;Performance Counters for Windows Driver;c:\windows\system32\drivers\pcw.sys --> c:\windows\system32\drivers\pcw.sys [?]

R0 rdyboost;ReadyBoost;c:\windows\system32\drivers\rdyboost.sys --> c:\windows\system32\drivers\rdyboost.sys [?]

R0 spldr;Security Processor Loader Driver;c:\windows\system32\drivers\spldr.sys --> c:\windows\system32\drivers\spldr.sys [?]

R0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\drivers\vdrvroot.sys --> c:\windows\system32\drivers\vdrvroot.sys [?]

R0 volmgr;Treiber für Volume-Manager;c:\windows\system32\drivers\volmgr.sys --> c:\windows\system32\drivers\volmgr.sys [?]

R0 volmgrx;Dynamischer Volume-Manager;c:\windows\system32\drivers\volmgrx.sys --> c:\windows\system32\drivers\volmgrx.sys [?]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys --> c:\windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys --> c:\windows\system32\drivers\aswSP.sys [?]

R1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys --> c:\windows\system32\DRIVERS\blbdrive.sys [?]

R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys --> c:\windows\system32\Drivers\dfsc.sys [?]

R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys --> c:\windows\system32\drivers\discache.sys [?]

R1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys --> c:\windows\system32\drivers\nsiproxy.sys [?]

R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys --> c:\windows\system32\drivers\rdpencdd.sys [?]

R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys --> c:\windows\system32\drivers\rdprefmp.sys [?]

R1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]

R1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys --> c:\windows\system32\DRIVERS\wanarp.sys [?]

R1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys --> c:\windows\system32\DRIVERS\wfplwf.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]

R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys --> c:\windows\system32\drivers\aswHwid.sys [?]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys --> c:\windows\system32\drivers\aswMonFlt.sys [?]

R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys --> c:\windows\system32\drivers\aswStm.sys [?]

R2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

R2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]

R2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]

R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]

R2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]

R2 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]

R2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe -k NetSvcs [14.07.2009 01:19 20992]

R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys --> c:\windows\system32\DRIVERS\lltdio.sys [?]

R2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys --> c:\windows\system32\drivers\luafv.sys [?]

R2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]

R2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]

R2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe -k NetworkService [14.07.2009 01:19 20992]

R2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]

R2 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys --> c:\windows\system32\drivers\peauth.sys [?]

R2 Power;Stromversorgung;c:\windows\system32\svchost.exe -k DcomLaunch [14.07.2009 01:19 20992]

R2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]

R2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe -k RPCSS [14.07.2009 01:19 20992]

R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys --> c:\windows\system32\drivers\tcpipreg.sys [?]

R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [27.08.2012 10:44 2673064]

R2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [14.07.2009 01:19 20992]

R2 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

R2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [30.06.2011 23:23 167936]

R3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys --> c:\windows\system32\drivers\AtihdW76.sys [?]

R3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys --> c:\windows\system32\DRIVERS\bowser.sys [?]

R3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\DRIVERS\CompositeBus.sys --> c:\windows\system32\DRIVERS\CompositeBus.sys [?]

R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\system32\drivers\dxgkrnl.sys --> c:\windows\system32\drivers\dxgkrnl.sys [?]

R3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]

R3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys --> c:\windows\system32\DRIVERS\monitor.sys [?]

R3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys --> c:\windows\system32\drivers\mpsdrv.sys [?]

R3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys --> c:\windows\system32\DRIVERS\mrxsmb10.sys [?]

R3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys --> c:\windows\system32\DRIVERS\mrxsmb20.sys [?]

R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys --> c:\windows\system32\DRIVERS\nwifi.sys [?]

R3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe -k LocalService [14.07.2009 01:19 20992]

R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys --> c:\windows\system32\DRIVERS\AgileVpn.sys [?]

R3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys --> c:\windows\system32\DRIVERS\srv2.sys [?]

R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys --> c:\windows\system32\DRIVERS\srvnet.sys [?]

R3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys --> c:\windows\system32\DRIVERS\tunnel.sys [?]

R3 umbus;UMBusenumerator-Treiber;c:\windows\system32\DRIVERS\umbus.sys --> c:\windows\system32\DRIVERS\umbus.sys [?]

R3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe -k LocalService [14.07.2009 01:19 20992]

R3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

R3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [11.09.2013 20:39 124088]

S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe --> c:\windows\system32\sppsvc.exe [?]

S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys --> c:\windows\system32\drivers\1394ohci.sys [?]

S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys --> c:\windows\system32\drivers\acpipmi.sys [?]

S3 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys --> c:\windows\system32\drivers\adp94xx.sys [?]

S3 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys --> c:\windows\system32\drivers\adpahci.sys [?]

S3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys --> c:\windows\system32\drivers\amdsata.sys [?]

S3 amdsbs;amdsbs;c:\windows\system32\drivers\amdsbs.sys --> c:\windows\system32\drivers\amdsbs.sys [?]

S3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys --> c:\windows\system32\drivers\appid.sys [?]

S3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]

S3 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys --> c:\windows\system32\drivers\arcsas.sys [?]

S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbda.sys --> c:\windows\system32\drivers\bxvbda.sys [?]

S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys --> c:\windows\system32\DRIVERS\b57nd60a.sys [?]

S3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]

S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys --> c:\windows\system32\drivers\BrFiltLo.sys [?]

S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys --> c:\windows\system32\drivers\BrFiltUp.sys [?]

S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\Drivers\Brserid.sys --> c:\windows\system32\Drivers\Brserid.sys [?]

S3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys --> c:\windows\system32\Drivers\BrSerWdm.sys [?]

S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys --> c:\windows\system32\Drivers\BrUsbMdm.sys [?]

S3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]

S3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys --> c:\windows\system32\drivers\circlass.sys [?]

S3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe -k defragsvc [14.07.2009 01:19 20992]

S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\drivers\evbda.sys --> c:\windows\system32\drivers\evbda.sys [?]

S3 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys --> c:\windows\system32\drivers\elxstor.sys [?]

S3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]

S3 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]

S3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys --> c:\windows\system32\drivers\filetrace.sys [?]

S3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys --> c:\windows\system32\drivers\FsDepends.sys [?]

S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys --> c:\windows\system32\drivers\hcw85cir.sys [?]

S3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

S3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [14.07.2009 01:19 20992]

S3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys --> c:\windows\system32\drivers\HpSAMD.sys [?]

S3 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys --> c:\windows\system32\drivers\iaStorV.sys [?]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe /V --> c:\windows\system32\IEEtwCollector.exe  [?]

S3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

S3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys --> c:\windows\system32\drivers\IPMIDrv.sys [?]

S3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys --> c:\windows\system32\drivers\msiscsi.sys [?]

S3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [14.07.2009 01:19 20992]

S3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe -k LocalService [14.07.2009 01:19 20992]

S3 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys --> c:\windows\system32\drivers\lsi_fc.sys [?]

S3 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys --> c:\windows\system32\drivers\lsi_sas.sys [?]

S3 LSI_SAS2;LSI_SAS2;c:\windows\system32\drivers\lsi_sas2.sys --> c:\windows\system32\drivers\lsi_sas2.sys [?]

S3 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys --> c:\windows\system32\drivers\lsi_scsi.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\MBAMSwissArmy.sys --> c:\windows\system32\drivers\MBAMSwissArmy.sys [?]

S3 megasas;megasas;c:\windows\system32\drivers\megasas.sys --> c:\windows\system32\drivers\megasas.sys [?]

S3 mpio;mpio;c:\windows\system32\drivers\mpio.sys --> c:\windows\system32\drivers\mpio.sys [?]

S3 msdsm;msdsm;c:\windows\system32\drivers\msdsm.sys --> c:\windows\system32\drivers\msdsm.sys [?]

S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\system32\drivers\mshidkmdf.sys --> c:\windows\system32\drivers\mshidkmdf.sys [?]

S3 MsRPC;MsRPC;c:\windows\system32\drivers\MsRPC.sys --> c:\windows\system32\drivers\MsRPC.sys [?]

S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\drivers\MTConfig.sys --> c:\windows\system32\drivers\MTConfig.sys [?]

S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys --> c:\windows\system32\DRIVERS\ndiscap.sys [?]

S3 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys --> c:\windows\system32\drivers\nfrd960.sys [?]

S3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys --> c:\windows\system32\drivers\nvstor.sys [?]

S3 PerfHost;Leistungsindikator-DLL-Host;c:\windows\SysWOW64\perfhost.exe [14.07.2009 01:11 20992]

S3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]

S3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe -k LocalServicePeerNet [14.07.2009 01:19 20992]

S3 ql2300;ql2300;c:\windows\system32\drivers\ql2300.sys --> c:\windows\system32\drivers\ql2300.sys [?]

S3 ql40xx;ql40xx;c:\windows\system32\drivers\ql40xx.sys --> c:\windows\system32\drivers\ql40xx.sys [?]

S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\drivers\rdpbus.sys --> c:\windows\system32\drivers\rdpbus.sys [?]

S3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\DRIVERS\WNA1000M.sys --> c:\windows\system32\DRIVERS\WNA1000M.sys [?]

S3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys --> c:\windows\system32\DRIVERS\scfilter.sys [?]

S3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]

S3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe -k SDRSVC [14.07.2009 01:19 20992]

S3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]

S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys --> c:\windows\system32\drivers\sffp_mmc.sys [?]

S3 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys --> c:\windows\system32\drivers\sisraid4.sys [?]

S3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys --> c:\windows\system32\DRIVERS\smb.sys [?]

S3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]

S3 stexstor;stexstor;c:\windows\system32\drivers\stexstor.sys --> c:\windows\system32\drivers\stexstor.sys [?]

S3 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

S3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]

S3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]

S3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]

S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [21.11.2010 05:24 194048]

S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys --> c:\windows\system32\DRIVERS\tssecsrv.sys [?]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys --> c:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys --> c:\windows\system32\drivers\TsUsbGD.sys [?]

S3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe --> c:\windows\system32\UI0Detect.exe [?]

S3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys --> c:\windows\system32\drivers\uliagpkx.sys [?]

S3 usbcir;eHome-Infrarotempfänger (USBCIR);c:\windows\system32\drivers\usbcir.sys --> c:\windows\system32\drivers\usbcir.sys [?]

S3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]

S3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys --> c:\windows\system32\drivers\vhdmp.sys [?]

S3 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys --> c:\windows\system32\drivers\vsmraid.sys [?]

S3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\system32\DRIVERS\vwifibus.sys --> c:\windows\system32\DRIVERS\vwifibus.sys [?]

S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys --> c:\windows\system32\drivers\wacompen.sys [?]

S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe --> c:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 wbengine;Blockebenen-Sicherungsmodul;"c:\windows\system32\wbengine.exe" --> c:\windows\system32\wbengine.exe [?]

S3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe -k WbioSvcGroup [14.07.2009 01:19 20992]

S3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]

S3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe -k wcssvc [14.07.2009 01:19 20992]

S3 Wd;Wd;c:\windows\system32\drivers\wd.sys --> c:\windows\system32\drivers\wd.sys [?]

S3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe -k NetworkService [14.07.2009 01:19 20992]

S3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]

S3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe -k WerSvcGroup [14.07.2009 01:19 20992]

S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [14.07.2009 01:17 19008]

S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [14.07.2009 01:19 20992]

S3 WwanSvc;WWAN - automatische Konfiguration;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [13.08.2014 23:56 90776]

S4 Mcx2Svc;Media Center Extender-Dienst;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc

DcomLaunch        REG_MULTI_SZ           Power PlugPlay DcomLaunch

wcssvc        REG_MULTI_SZ           WcsPlugInService

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:

AeLookupSvc

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

FastUserSwitchingCompatibility

Ias

Irmon

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

Remoteaccess

SENS

Sharedaccess

SRService

Tapisrv

Wmi

WmdmPmSp

TermService

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

.

Rebuilding ... You need to reboot your machine for this to take effect.

.

eventsystem

iprip

netman

wzcsvc

ip6fwhlp

WmdmPmSN

UxTuneUp

Appinfo

BDESVC

Browser

EapHost

hkmsvc

IKEEXT

MMCSS

ProfSvc

Schedule

seclogon

Themes

wercplsupport

Winmgmt

wuauserv

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

2009-07-14 01:14        278528        ----a-w-        c:\windows\System32\unregmp2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-08-18 19:19        1104200        ----a-w-        c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18 19:10]

.

2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18 19:10]

.

2014-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job

- c:\users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 22:22]

.

2014-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job

- c:\users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 22:22]

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

TCP: DhcpNameServer = 192.168.42.129

.

.

------- Dateityp-Verknüpfung -------

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

SafeBoot-sacsvr

SafeBoot-vmms

HKLM_ActiveSetup-{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - c:\program files (x86)\Windows Mail\WinMail.exe OCInstallUserConfigOE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-19 15:40

Windows 6.1.7601 Service Pack 1 WOW64 NTFS

.

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 

.

**************************************************************************

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\NETGEAR\WNA1000M\WNA1000M.exe

c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-08-19  15:42:39 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-08-19 13:42

ComboFix2.txt  2014-08-15 18:59

.

Vor Suchlauf: 12 Verzeichnis(se), 167.251.238.912 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 166.766.317.568 Bytes frei

.

- - End Of File - - 1B016617D5ED8E9DE642DFF4F4F873C3

A36C5E4F47E84449FF07ED3517B43A31

Ich hoffe ich hab's jetzt nicht komplett zerlegt :/

Was ist genau aktueller Stand wenn Du den PC normal startest?

Funktioniert eigentlich alles ganz normal, der einzige Unterschied ist dass wie erwähnt der Bildschirmhintergrund weg bzw. schwarz ist.

edit: Was mir gerade noch aufgefallen ist, ich sehe im Explorer die Kleinansicht/Vorschau von Bildern oder Albencovers nicht.