Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   FBdownloader lässt sich nicht endgültig entfernen (Reste in Chrome sichtbar) (https://www.trojaner-board.de/137033-fbdownloader-laesst-endgueltig-entfernen-reste-chrome-sichtbar.html)

Sunwalk3r 22.06.2013 18:04
FBdownloader lässt sich nicht endgültig entfernen (Reste in Chrome sichtbar)
 
Hey,

ich habe mit Spybot S&D und Malwarebytes Anti-Malware und dem manuellen Löschen einiger Firefox-AddOns sowie sonstiger unerwünschter Programme auf dem PC eines Bekannten fast alle sichtbaren Spuren von Adware etc. entfernen können. Nur wenn Chrome geöffnet wird, addet sich dort immer wieder die FBdownloader Suche (hxxp://search.fbdownloader.com). In den Erweiterungen bei Chrome erscheint nichts Unerwünschtes mehr.

Nun weiß ich nicht mehr weiter und hoffe, ihr könnt mir helfen, den PC restlos von unerwünschter Software zu befreien.

Vielen Dank dafür schon mal! :)

schrauber 22.06.2013 18:24
hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Sunwalk3r 22.06.2013 22:28
Danke für die schnelle Reaktion. Hier die Logs:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by *** (administrator) on 22-06-2013 23:23:19
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Adobe Systems Incorporated) D:\ProgrammeWin7\Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Adobe Systems Inc.) D:\Programme\Acrobat 8.0\Acrobat\acrotray.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] "D:\ProgrammeWin7\Office14\BCSSync.exe" /DelayServices [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [Protector] wscript.exe "C:\Users\***\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check [289 2012-09-12] ()
HKCU\...\Run: [Steam] "D:\Program Files (x86)\Steam\Steam.exe" -silent [x]
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "D:\Programme\Acrobat 8.0\Acrobat\Acrotray.exe" [x]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-21] (AVG Secure Search)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" [373760 2013-03-14] (shbox.de)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss_din2g&mntrId=44D7001FD0214685
SearchScopes: HKCU - {E7749801-E9C3-407A-A20F-B68C008EF0B5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=DA29CACF-9364-4D1D-803F-A4421B9BB80A&apn_sauid=C328CFF1-6B5A-46DA-A000-C8C3CD447A59
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~4\Office14\GROOVEEX.DLL No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~4\Office14\URLREDIR.DLL No File
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\/Adobe Contribute CS3/contributeieplugin.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: FBDownloader - {553318DA-D010-469E-84B1-496563CAE1BF} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\/Adobe Contribute CS3/contributeieplugin.dll No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~4\Office14\GROOVEEX.DLL No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default\user.js
FF Homepage: hxxp://www.sueddeutsche.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 - C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
CHR RestoreOnStartup: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21"
CHR DefaultSearchURL: (FBDownloader Search) - hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
CHR DefaultSuggestURL: (FBDownloader Search) -      "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (PACE Client Helper Plugin) - C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; D:\ProgrammeWin7\Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 Microsoft SharePoint Workspace Audit Service; D:\ProgrammeWin7\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-21] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-19] (DT Soft Ltd)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [24728 2012-11-17] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 ZOOM_R16MTR; C:\Windows\System32\Drivers\zmr16usbaudio.sys [96768 2012-04-12] (Zoom Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-22 23:23 - 2013-06-22 23:23 - 00000000 ____D C:\FRST
2013-06-22 23:22 - 2013-06-22 23:22 - 01931364 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-06-22 19:06 - 2013-06-22 19:06 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-06-22 13:09 - 2013-06-22 18:03 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-06-22 13:08 - 2013-06-22 13:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-22 13:07 - 2013-06-22 13:08 - 22937227 ____A C:\Users\***\Desktop\vlc-2.0.7-win32.exe
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-21 21:09 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-21 20:25 - 2013-06-22 12:53 - 00001021 ____A C:\Windows\setupact.log
2013-06-20 09:41 - 2001-09-16 17:39 - 00001024 ____A C:\b4
2013-06-20 09:41 - 1997-02-01 18:10 - 00011910 ____A C:\Windows\SysWOW64\Genmidi.dll
2013-06-20 09:41 - 1997-02-01 18:10 - 00011910 ____A C:\Windows\Genmidi.dll
2013-06-20 09:38 - 2003-09-10 18:00 - 00163840 ____A () C:\Windows\SysWOW64\ArtFfct.dll
2013-06-18 03:01 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-18 03:01 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-18 03:01 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-18 03:01 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-18 03:01 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-18 03:01 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-18 03:01 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-18 03:01 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-18 03:01 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-18 03:01 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-18 03:01 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-18 03:01 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-17 18:05 - 2013-06-17 18:05 - 00001731 ____A C:\Users\Public\Desktop\EZmix.lnk
2013-06-17 15:02 - 2013-06-17 15:02 - 00001971 ____A C:\Users\Public\Desktop\EZkeys.lnk
2013-06-17 15:02 - 2013-06-17 15:02 - 00000000 ____D C:\Program Files (x86)\Toontrack
2013-06-17 10:02 - 2013-06-17 10:02 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2013-06-13 03:02 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 03:02 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:02 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:02 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:02 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 03:02 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:23 - 2013-06-12 11:23 - 00000554 ____A C:\Users\Public\Desktop\ElectraX standalone.lnk
2013-06-12 09:34 - 2013-06-12 10:12 - 00000560 ____A C:\Users\Public\Desktop\ElectraX64 standalone.lnk
2013-06-12 09:12 - 2013-06-12 09:12 - 00000000 ____D C:\Users\***\AppData\Roaming\AVG
2013-06-12 09:11 - 2013-06-17 10:09 - 00000000 ____D C:\ProgramData\AVG
2013-06-12 09:11 - 2013-06-12 09:11 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-12 09:02 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:02 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:02 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:02 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:02 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:02 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:02 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:02 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:02 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:02 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:02 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 09:02 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 09:02 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:02 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:02 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 09:02 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 09:02 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 09:02 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 09:02 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 08:59 - 2013-06-12 08:59 - 00000000 ____D C:\Users\***\AppData\Roaming\EZDownloader
2013-06-11 12:49 - 2013-06-21 20:44 - 00000000 ____D C:\ProgramData\cconntinuetioSave
2013-06-11 12:49 - 2013-06-21 20:36 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-06-11 12:49 - 2013-06-17 10:10 - 00000000 ____D C:\Program Files (x86)\EZDownloader
2013-06-11 12:49 - 2013-06-12 10:05 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-11 12:49 - 2013-06-11 12:49 - 00001953 ____A C:\Users\Public\Desktop\EZDownloader.lnk
2013-06-11 12:49 - 2013-06-11 12:49 - 00000000 ____D C:\ProgramData\StarApp
2013-06-11 12:48 - 2013-06-12 10:05 - 00000000 ____D C:\ProgramData\InstallMate
2013-05-30 21:49 - 2013-05-30 21:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-30 21:49 - 2013-05-30 21:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-26 12:10 - 2013-05-26 12:10 - 00000000 ____D C:\Users\****\AppData\Local\Apple
2013-05-23 10:33 - 2013-05-23 10:33 - 00000000 ____D C:\Users\***\AppData\Roaming\Delta
2013-05-23 10:33 - 2013-05-23 10:33 - 00000000 ____D C:\Users\***\AppData\Roaming\BabSolution

==================== One Month Modified Files and Folders =======

2013-06-22 23:23 - 2013-06-22 23:23 - 00000000 ____D C:\FRST
2013-06-22 23:22 - 2013-06-22 23:22 - 01931364 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-06-22 23:21 - 2013-04-02 10:33 - 00001114 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-22 23:21 - 2012-11-19 13:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-22 19:06 - 2013-06-22 19:06 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-06-22 18:59 - 2012-11-18 20:09 - 00000000 ____D C:\ProgramData\MFAData
2013-06-22 18:56 - 2012-11-18 19:12 - 01690508 ____A C:\Windows\WindowsUpdate.log
2013-06-22 18:03 - 2013-06-22 13:09 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-06-22 17:13 - 2012-11-22 10:09 - 00000000 ___RD C:\Users\***\Dropbox
2013-06-22 17:13 - 2012-11-22 10:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-06-22 17:12 - 2013-05-14 18:50 - 00000000 ____D C:\Users\***\AppData\Local\FreePDF_XP
2013-06-22 17:12 - 2013-04-02 10:33 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-22 13:08 - 2013-06-22 13:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-22 13:08 - 2013-06-22 13:07 - 22937227 ____A C:\Users\***\Desktop\vlc-2.0.7-win32.exe
2013-06-22 12:56 - 2009-07-14 19:58 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-22 12:56 - 2009-07-14 19:58 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-22 12:56 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-22 12:53 - 2013-06-21 20:25 - 00001021 ____A C:\Windows\setupact.log
2013-06-22 11:08 - 2012-11-19 14:47 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-06-22 11:05 - 2009-07-14 06:45 - 00020304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 11:05 - 2009-07-14 06:45 - 00020304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 10:58 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-21 21:17 - 2012-11-19 15:29 - 00017066 ____A C:\Windows\PFRO.log
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-21 20:45 - 2012-11-18 20:12 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-21 20:44 - 2013-06-11 12:49 - 00000000 ____D C:\ProgramData\cconntinuetioSave
2013-06-21 20:36 - 2013-06-11 12:49 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-06-21 15:53 - 2012-11-23 16:15 - 00088448 ____A C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 09:57 - 2012-11-18 19:57 - 00088448 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 09:57 - 2009-07-14 06:45 - 06843440 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-20 09:41 - 2009-07-14 04:34 - 00000238 ____A C:\Windows\system.ini
2013-06-19 11:47 - 2012-11-19 10:43 - 00000000 ____D C:\Users\***\Documents\Native Instruments
2013-06-19 11:47 - 2012-11-19 10:43 - 00000000 ____D C:\Users\***\AppData\Local\Native Instruments
2013-06-19 09:04 - 2012-11-22 13:12 - 00000000 ____D C:\Users\***\AppData\Roaming\DataMgr
2013-06-17 18:05 - 2013-06-17 18:05 - 00001731 ____A C:\Users\Public\Desktop\EZmix.lnk
2013-06-17 15:02 - 2013-06-17 15:02 - 00001971 ____A C:\Users\Public\Desktop\EZkeys.lnk
2013-06-17 15:02 - 2013-06-17 15:02 - 00000000 ____D C:\Program Files (x86)\Toontrack
2013-06-17 10:10 - 2013-06-11 12:49 - 00000000 ____D C:\Program Files (x86)\EZDownloader
2013-06-17 10:10 - 2013-02-04 15:45 - 00000000 ____D C:\Program Files\Toontrack
2013-06-17 10:10 - 2012-11-23 16:14 - 00000000 ____D C:\users\****
2013-06-17 10:10 - 2012-11-19 15:17 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-17 10:10 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-06-17 10:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-17 10:09 - 2013-06-12 09:11 - 00000000 ____D C:\ProgramData\AVG
2013-06-17 10:02 - 2013-06-17 10:02 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2013-06-17 09:21 - 2012-11-18 19:22 - 00000000 ____D C:\users\***
2013-06-13 17:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:03 - 2012-11-20 21:05 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 15:43 - 2012-11-19 13:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 15:43 - 2012-11-19 13:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 11:23 - 2013-06-12 11:23 - 00000554 ____A C:\Users\Public\Desktop\ElectraX standalone.lnk
2013-06-12 10:12 - 2013-06-12 09:34 - 00000560 ____A C:\Users\Public\Desktop\ElectraX64 standalone.lnk
2013-06-12 10:05 - 2013-06-11 12:49 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-12 10:05 - 2013-06-11 12:48 - 00000000 ____D C:\ProgramData\InstallMate
2013-06-12 10:04 - 2013-02-17 14:45 - 00000000 ____D C:\Users\***\AppData\Roaming\Amazon
2013-06-12 10:04 - 2013-02-17 14:41 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-06-12 09:12 - 2013-06-12 09:12 - 00000000 ____D C:\Users\***\AppData\Roaming\AVG
2013-06-12 09:11 - 2013-06-12 09:11 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-12 08:59 - 2013-06-12 08:59 - 00000000 ____D C:\Users\***\AppData\Roaming\EZDownloader
2013-06-11 12:49 - 2013-06-11 12:49 - 00001953 ____A C:\Users\Public\Desktop\EZDownloader.lnk
2013-06-11 12:49 - 2013-06-11 12:49 - 00000000 ____D C:\ProgramData\StarApp
2013-06-11 09:58 - 2012-11-19 11:08 - 00000000 ____D C:\Users\***\AppData\Roaming\Adobe
2013-06-11 09:35 - 2013-05-14 12:36 - 00000981 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-08 16:08 - 2013-06-18 03:01 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-18 03:01 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-18 03:01 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-18 03:01 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-18 03:01 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-18 03:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-18 03:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-18 03:01 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-18 03:01 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-18 03:01 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-18 03:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-18 03:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-08 11:09 - 2012-11-22 10:09 - 00001031 ____A C:\Users\***\Desktop\Dropbox.lnk
2013-06-08 10:19 - 2012-11-23 10:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-05 13:02 - 2012-12-18 11:25 - 00000000 ____D C:\Users\***\AppData\Local\Apple Computer
2013-05-30 21:49 - 2013-05-30 21:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-30 21:49 - 2013-05-30 21:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-26 12:10 - 2013-05-26 12:10 - 00000000 ____D C:\Users\****\AppData\Local\Apple
2013-05-23 10:33 - 2013-05-23 10:33 - 00000000 ____D C:\Users\***\AppData\Roaming\Delta
2013-05-23 10:33 - 2013-05-23 10:33 - 00000000 ____D C:\Users\***\AppData\Roaming\BabSolution
2013-05-23 10:33 - 2013-05-21 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 17:45

==================== End Of Log ============================
--- --- ---


Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2013
Ran by *** at 2013-06-22 23:23:58
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.1.0)
Adobe After Effects CS3 (x32 Version: 8)
Adobe After Effects CS3 Presets (x32 Version: 8)
Adobe After Effects CS3 Third Party Content (x32 Version: 3)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Recommended Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Extra Settings (x32 Version: 1.0)
Adobe Contribute CS3 (x32 Version: 4.1)
Adobe Creative Suite 3 Master Collection (x32 Version: 1.0)
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (x32 Version: 1.0)
Adobe Creative Suite 6 Production Premium (x32 Version: 6)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe Dreamweaver CS3 (x32 Version: 9)
Adobe Encore CS3 (x32 Version: 3)
Adobe Encore CS3 Codecs (x32 Version: 3)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Extension Manager CS3 (x32 Version: 1.8)
Adobe Fireworks CS3 (x32 Version: 9.0)
Adobe Flash CS3 (x32 Version: 9.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Flash Player 9 ActiveX (x32 Version: 9.0.45.0)
Adobe Flash Video Encoder (x32 Version: 2.0)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Illustrator CS3 (x32 Version: 13.0)
Adobe InDesign CS3 (x32 Version: 5.0)
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe MotionPicture Color Files (x32 Version: 1.0)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Photoshop Elements 11 (x32 Version: 11.0)
Adobe Premiere Pro CS3 (x32 Version: 3)
Adobe Premiere Pro CS3 Functional Content (x32 Version: 8)
Adobe Premiere Pro CS3 Third Party Content (x32 Version: 3)
Adobe Reader 9.3.4 (x32 Version: 9.3.4)
Adobe Setup (x32 Version: 1.0)
Adobe SING CS3 (x32 Version: 0.1)
Adobe Soundbooth CS3 (x32 Version: 1)
Adobe Soundbooth CS3 Codecs (x32 Version: 3)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe Version Cue CS3 Server (x32 Version: 3.0)
Adobe Video Profiles (x32 Version: 1.0)
Adobe WAS CS3 (x32 Version: 1.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP DVA Panels CS3 (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
aerosoft's - ICE1 (x32 Version: 1.00)
aerosoft's - Koeln-Duesseldorf (x32 Version: 1.01)
AHV content for Acrobat and Flash (x32 Version: 1)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70928.1539)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Arturia.Minimoog.V.v1.5-DAC (x32)
ASIO4ALL (x32 Version: 2.10)
AVG 2013 (Version: 13.0.3199)
AVG 2013 (Version: 13.0.3345)
AVG 2013 (Version: 2013.0.3345)
bl (x32 Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
Camel Audio CamelCrusher64 (x32 Version: 1.01.0)
Canon iP4900 series Printer Driver
Canon My Printer (x32 Version: 3.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0928.1532.26058)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (x32 Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (x32 Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (x32 Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (x32 Version: 2012.0928.1531.26058)
CCC Help Czech (x32 Version: 2012.0928.1531.26058)
CCC Help Danish (x32 Version: 2012.0928.1531.26058)
CCC Help Dutch (x32 Version: 2012.0928.1531.26058)
CCC Help English (x32 Version: 2012.0928.1531.26058)
CCC Help Finnish (x32 Version: 2012.0928.1531.26058)
CCC Help French (x32 Version: 2012.0928.1531.26058)
CCC Help German (x32 Version: 2012.0928.1531.26058)
CCC Help Greek (x32 Version: 2012.0928.1531.26058)
CCC Help Hungarian (x32 Version: 2012.0928.1531.26058)
CCC Help Italian (x32 Version: 2012.0928.1531.26058)
CCC Help Japanese (x32 Version: 2012.0928.1531.26058)
CCC Help Korean (x32 Version: 2012.0928.1531.26058)
CCC Help Norwegian (x32 Version: 2012.0928.1531.26058)
CCC Help Polish (x32 Version: 2012.0928.1531.26058)
CCC Help Portuguese (x32 Version: 2012.0928.1531.26058)
CCC Help Russian (x32 Version: 2012.0928.1531.26058)
CCC Help Spanish (x32 Version: 2012.0928.1531.26058)
CCC Help Swedish (x32 Version: 2012.0928.1531.26058)
CCC Help Thai (x32 Version: 2012.0928.1531.26058)
CCC Help Turkish (x32 Version: 2012.0928.1531.26058)
ccc-utility64 (Version: 2012.0928.1532.26058)
CD-LabelPrint (x32)
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox (HKCU Version: 2.0.22)
East West EWQLSO Gold Edition (x32)
easyFly 4 Starter Edition (HKCU Version: 4.0.1.3)
ElectraX full
ElectraX full (x32)
Elements 11 Organizer (x32 Version: 11.0)
eLicenser Control (x32)
EZDownloader (x32 Version: 1.0)
EZdrummer (x32 Version: 1.3.1)
EZkeys Grand Piano (x32 Version: 1.0.2)
EZkeys Player 32-bit (x32 Version: 1.1.0)
EZkeys Player 64-bit (Version: 1.1.0)
EZmix 32-bit (x32 Version: 2.0.2)
FreePDF (Remove only) (x32)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.145)
GPL Ghostscript (Version: 9.07)
iLok Client Helper (x32 Version: 5.9.7)
Interlok driver setup x64 (Version: 5.9.7)
iTunes (Version: 11.0.1.12)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader 2 (Version: 2)
License Support (Version: 1.3.0.8766)
License Support (x32 Version: 1.3.0.8766)
Live 8.0.1 (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
Mozilla Thunderbird 17.0.2 (x86 de) (x32 Version: 17.0.2)
MusicBrainz Picard (x32 Version: 1.1)
Native Instruments B4 v1.11 (x32)
Native Instruments Guitar Rig v1.2 (x32)
Native Instruments Massive (x32)
NI Service Center (x32)
NVIDIA PhysX (x32 Version: 9.10.0513)
PDF Settings (x32 Version: 1.0)
ph (x32 Version: 1.0.0)
PhoenixRC (x32 Version: 4.0.10)
PSE11 STI Installer (x32 Version: 11.0)
QuickTime (x32 Version: 7.73.80.64)
R16_R24 Driver (Version: 1.14.0000)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)
RedMon - Redirection Port Monitor
reFX JunoX2 VST v1.3 (x32)
Rob Papen Predator V1.01b release (x32)
Spybot - Search & Destroy (x32 Version: 2.0.12)
Steam (x32 Version: 1.0.0.0)
Steinberg Cubase LE AI Elements 6 (x32 Version: 6.0.5)
Steinberg Drum Loop Expansion 01 (x32 Version: 2.0.0.0)
Steinberg Groove Agent ONE Content (x32 Version: 1.0.0.003)
Steinberg Groove Agent ONE Vintage Beatboxes (x32 Version: 1.0.0.000)
Steinberg HALion Sonic SE (x32 Version: 1.5.2)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (x32 Version: 1.5.2.000)
Steinberg Virtual Guitarist (x32)
Steinberg Virtual Guitarist Electric Edition (x32)
Sylenth1 v2.21
Sylenth1 v2.21 (x32)
TerraTec Komplexer VSTi v1.0.2.0 (x32)
Train Simulator 2013 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Visual C++ 64-bit Redistributables (Version: 1.3.0.8766)
Visual C++ 64-bit Redistributables (x32 Version: 1.3.0.8766)
Visual C++ Redistributables (x32 Version: 1.3.0.8766)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows-Treiberpaket - Hewlett-Packard Image  (12/27/2006 8.0.0.0) (Version: 12/27/2006 8.0.0.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Wizoo WizooVerb W2  VST RTAS v1.0 (x32)

==================== Restore Points  =========================

17-06-2013 12:35:13 Installed EZdrummer.
17-06-2013 12:41:18 Removed EZkeys Grand Piano 64.
17-06-2013 12:41:39 Removed EZkeys Player 64-bit.
17-06-2013 12:42:18 Removed Superior Drummer 64 bit.
17-06-2013 12:44:35 Installed EZdrummer.
17-06-2013 13:02:08 Installed EZkeys Grand Piano.
17-06-2013 13:03:18 Installed EZkeys Player 32-bit.
17-06-2013 16:04:55 Installed EZmix 32-bit.
18-06-2013 01:00:42 Windows Update
21-06-2013 18:41:33 AVG PC TuneUp wird entfernt
21-06-2013 18:42:44 AVG PC TuneUp Language Pack (de-DE) wird entfernt
21-06-2013 18:43:24 AVG PC TuneUp wird installiert
21-06-2013 18:45:06 AVG PC TuneUp wird entfernt
21-06-2013 18:45:30 AVG PC TuneUp Language Pack (de-DE) wird entfernt

==================== Hosts content: ==========================
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97    rhino.acme.com          # source server
#      38.25.63.10    x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#        #                                                                                                                                                                                                                                                                        activate.wip4.adobe.com
                                                                                                                                                                                                                                        # Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2010 Safer-Networking Ltd.
# End of entries inserted by Spybot - Search & Destroy

#        127.0.0.1      localhost
#        127.0.0.1        192.150.14.69
        127.0.0.1 192.150.18.101
        127.0.0.1 192.150.18.108
        127.0.0.1 192.150.22.40
        127.0.0.1 192.150.8.100
        127.0.0.1 192.150.8.118
        127.0.0.1 199.7.52.190
        127.0.0.1 199.7.52.190:80
        127.0.0.1 199.7.54.72
        127.0.0.1 199.7.54.72:80
        127.0.0.1 209-34-83-73.ood.opsource.net
        127.0.0.1 209.34.83.67
        127.0.0.1 209.34.83.67:43
        127.0.0.1 209.34.83.67:443
        127.0.0.1 209.34.83.73
        127.0.0.1 209.34.83.73:43
        127.0.0.1 209.34.83.73:443
        127.0.0.1 3dns-1.adobe.com

There are more than 1000 lines starting with "127.0.0.1"


==================== Scheduled Tasks (whitelisted) =============

Task: {046F5D87-85FE-427D-8FE7-A2EEAF024080} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0C47CF49-3867-4F76-B9E9-5A39D2B87A85} - System32\Tasks\EPUpdater => C:\Users\***\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-05-09] ()
Task: {14AC59A7-E224-4B35-9798-7961197CE2B6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {210E6A89-0292-4833-AD99-42812ED2C9D6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File
Task: {2412435A-B89F-4956-AD62-01E99481AD35} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {2AEA589C-783A-41F8-B20E-2699AD32518C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {2DA21561-F300-4EA8-97FC-6794CADEFB2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {48E13529-3B66-4A52-865A-7B6A8EE45738} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09] (Adobe Systems Incorporated)
Task: {6AAAC392-F6B1-446F-BBD5-8F2A7706430E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {829C473F-801B-4CBF-AF21-200C88CAD62C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File
Task: {D5367362-35CB-4CD0-A3E7-470D8AA9473E} - System32\Tasks\AdobeAAMUpdater-1.0-Arbeitszimmer-*** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {EA99DF86-0C75-4FD8-B410-C1B639D7281D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2013 00:35:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9782

Error: (06/22/2013 00:35:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9782

Error: (06/22/2013 00:35:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 01:14:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (06/22/2013 01:14:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (06/22/2013 01:14:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 05:57:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (06/21/2013 05:57:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (06/21/2013 05:57:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 05:57:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021


System errors:
=============
Error: (06/22/2013 11:21:53 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/22/2013 05:12:59 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (06/22/2013 05:12:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (06/22/2013 00:55:50 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (06/22/2013 00:35:09 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (06/22/2013 10:58:19 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/22/2013 01:14:44 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (06/21/2013 09:15:47 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/21/2013 08:53:06 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/21/2013 08:51:27 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5


Microsoft Office Sessions:
=========================
Error: (06/22/2013 00:35:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9782

Error: (06/22/2013 00:35:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9782

Error: (06/22/2013 00:35:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 01:14:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (06/22/2013 01:14:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (06/22/2013 01:14:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 05:57:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (06/21/2013 05:57:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (06/21/2013 05:57:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 05:57:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 8190.3 MB
Available physical RAM: 6589.29 MB
Total Pagefile: 16378.79 MB
Available Pagefile: 13722.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:89.59 GB) (Free:16.58 GB) NTFS (Disk=1 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:506.58 GB) (Free:118.35 GB) NTFS (Disk=1 Partition=2)
Drive e: () (Fixed) (Total:149.04 GB) (Free:60.99 GB) NTFS (Disk=0 Partition=1)
Drive f: (ARCHIV) (Fixed) (Total:680.29 GB) (Free:97.05 GB) NTFS (Disk=2 Partition=1)
Drive i: (HD-HSU2) (Fixed) (Total:465.76 GB) (Free:83.75 GB) NTFS (Disk=3 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: EC42894C)
Partition 2: (Active) - (Size=149 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 2F5F512B)
Partition 1: (Active) - (Size=90 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=507 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 11165510)
Partition 1: (Not Active) - (Size=680 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=251 GB) - (Type=05)

========================================================
Disk: 3 (Size: 466 GB) (Disk ID: 77DAB454)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 23.06.2013 09:01
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sunwalk3r 23.06.2013 11:38
Code:
ComboFix 13-06-22.01 - *** 23.06.2013  12:21:00.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8190.6485 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cconntinuetioSave
c:\programdata\cconntinuetioSave\51b70bbef2b08.tlb
c:\programdata\cconntinuetioSave\settings.ini
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\51b70bd5eea1b.tlb
c:\programdata\SearchNewTab\settings.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-23 bis 2013-06-23  ))))))))))))))))))))))))))))))
.
.
2013-06-23 10:27 . 2013-06-23 10:27        --------        d-----w-        c:\users\****\AppData\Local\temp
2013-06-23 10:27 . 2013-06-23 10:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-22 21:23 . 2013-06-22 21:23        --------        d-----w-        C:\FRST
2013-06-22 11:09 . 2013-06-22 16:03        --------        d-----w-        c:\users\***\AppData\Roaming\vlc
2013-06-22 11:08 . 2013-06-22 11:08        --------        d-----w-        c:\program files (x86)\VideoLAN
2013-06-21 19:09 . 2013-06-21 19:09        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2013-06-21 19:09 . 2013-06-21 19:09        --------        d-----w-        c:\programdata\Malwarebytes
2013-06-21 19:09 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-06-21 19:09 . 2013-06-21 19:09        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-20 07:41 . 1997-02-01 16:10        11910        ----a-w-        c:\windows\SysWow64\Genmidi.dll
2013-06-20 07:41 . 1997-02-01 16:10        11910        ----a-w-        c:\windows\Genmidi.dll
2013-06-20 07:38 . 2003-09-10 16:00        163840        ----a-w-        c:\windows\SysWow64\ArtFfct.dll
2013-06-19 09:42 . 2013-06-19 09:42        --------        d-----w-        c:\program files (x86)\Common Files\Native Instruments
2013-06-17 13:02 . 2013-06-17 13:02        --------        d-----w-        c:\program files (x86)\Common Files\Toontrack
2013-06-17 13:02 . 2013-06-17 13:02        --------        d-----w-        c:\program files (x86)\Toontrack
2013-06-17 12:46 . 2013-06-17 12:46        --------        d-----w-        c:\program files (x86)\Common Files\DigiDesign
2013-06-17 08:02 . 2013-06-17 08:02        --------        d-----w-        c:\program files (x86)\Vstplugins
2013-06-12 07:12 . 2013-06-12 07:12        --------        d-----w-        c:\users\***\AppData\Roaming\AVG
2013-06-12 07:11 . 2013-06-17 08:09        --------        d-----w-        c:\programdata\AVG
2013-06-12 07:11 . 2013-06-12 07:11        --------        d-sh--w-        c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-12 06:59 . 2013-06-12 06:59        --------        d-----w-        c:\users\***\AppData\Roaming\EZDownloader
2013-06-11 10:49 . 2013-06-11 10:49        --------        d-----w-        c:\programdata\StarApp
2013-06-11 10:49 . 2013-06-12 08:05        --------        d-----w-        c:\program files (x86)\Optimizer Pro
2013-06-11 10:49 . 2013-06-17 08:10        --------        d-----w-        c:\program files (x86)\EZDownloader
2013-06-11 10:48 . 2013-06-12 08:05        --------        d-----w-        c:\programdata\InstallMate
2013-05-30 19:49 . 2013-05-30 19:49        --------        d-----w-        c:\windows\SysWow64\Extensions
2013-05-30 19:49 . 2013-05-30 19:49        --------        d-----w-        c:\windows\SysWow64\searchplugins
2013-05-26 10:10 . 2013-05-26 10:10        --------        d-----w-        c:\users\****\AppData\Local\Apple
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 01:03 . 2012-11-20 19:05        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-06-12 13:43 . 2012-11-19 11:40        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 13:43 . 2012-11-19 11:40        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 15:38 . 2012-11-23 08:13        45856        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys
2013-05-13 12:35 . 2013-05-13 12:35        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-13 12:35 . 2012-11-26 08:05        866720        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-05-13 12:35 . 2012-11-26 08:05        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-05-01 08:55 . 2013-05-01 08:55        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 08:22        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 08:22        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 08:22        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 08:22        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 08:22        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 08:22        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 07:05        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-12 09:45 . 2013-04-12 09:45        2892        ----a-w-        c:\windows\SysWow64\audcon.sys
2013-04-10 06:01 . 2013-05-15 08:22        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 08:22        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 08:22        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-03-29 00:53 . 2013-03-29 00:53        246072        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Protector"="wscript.exe" [2009-07-14 141824]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"Acrobat Assistant 8.0"="d:\programme\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-05-21 1226928]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys;c:\windows\SYSNATIVE\DRIVERS\iLokDrvr.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 ZOOM_R16MTR;ZOOM R16 Audio Interface;c:\windows\system32\Drivers\zmr16usbaudio.sys;c:\windows\SYSNATIVE\Drivers\zmr16usbaudio.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;d:\programmewin7\Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;d:\programmewin7\Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 07:07        1165776        ----a-w-        c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-19 13:43]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-02 08:33]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-02 08:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="d:\programmewin7\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - d:\progra~4\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - d:\programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - d:\programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - d:\programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - d:\programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - d:\progra~4\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - d:\programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{553318DA-D010-469E-84B1-496563CAE1BF} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Sylenth1_is1 - d:\vstplugin\VSTPlugins\Sylenth1\unins000.exe
AddRemove-TerraTec Komplexer_is1 - d:\vstplugin\Program Files (x86)\TerraTec Producer\Uninstall\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-23  12:30:31
ComboFix-quarantined-files.txt  2013-06-23 10:30
.
Vor Suchlauf: 8 Verzeichnis(se), 17.621.143.552 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 17.448.435.712 Bytes frei
.
- - End Of File - - F103DEAAD5E1D9D31B2B1F0B0383C0F2
671B81004FDD1588FA9ED1331C9CECA9

schrauber 23.06.2013 16:11
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?:)

Sunwalk3r 24.06.2013 09:02
Code:
# AdwCleaner v2.303 - Datei am 23/06/2013 um 19:09:03 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ARBEITSZIMMER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default\searchplugins\delta.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\Users\***\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\***\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\***\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\***\AppData\Roaming\HMN
Ordner Gelöscht : C:\Users\***\AppData\Roaming\SDIV 2.0
Ordner Gelöscht : C:\Users\****\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\AskToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5f28adee73bea47
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\InstallIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5f28adee73bea47
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{598B7D72-2C44-4351-BBC8-3DACE2A10CB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Protector]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbd[...]
Gelöscht : user_pref("extensions.51b70bbef2a20.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\o17y33x6.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.28] : icon_url = "hxxp://search.fbdownloader.com/favicon.ico",
Gelöscht [l.31] : keyword = "fbdownloader_search",
Gelöscht [l.35] : search_url = "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms[...]
Gelöscht [l.2239] : homepage = "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21",

*************************

AdwCleaner[R1].txt - [8810 octets] - [23/06/2013 19:08:07]
AdwCleaner[S1].txt - [344 octets] - [23/06/2013 19:07:57]
AdwCleaner[S2].txt - [8583 octets] - [23/06/2013 19:09:03]

########## EOF - C:\AdwCleaner[S2].txt - [8643 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by *** on 23.06.2013 at 19:15:57,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E7749801-E9C3-407A-A20F-B68C008EF0B5}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\49hb8co1.default\minidumps [120 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.06.2013 at 19:20:12,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f271daecb1492b4eae35ac84c6206f53
# engine=14135
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-24 12:41:54
# local_time=2013-06-24 02:41:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 46733 59168498 0 0
# compatibility_mode=5893 16776574 100 94 18256164 123664364 0 0
# scanned=1267328
# found=2
# cleaned=0
# scan_time=26244
sh=B5EF372772365F2F02C9F9CFAF0BE4E7027F49C5 ft=1 fh=da5297ae5b2a6ce6 vn="Win32/TrojanDownloader.FakeAlert.ARD trojan" ac=I fn="D:\unzipe\mp3\Mediafire.Newsong.-.the.Christmas.shoes.mp3.52007.exe"
sh=E82C1C38E9CA3080447DE2AA45CA160200D3272D ft=1 fh=65ac5f93de6be24b vn="probably a variant of Win32/Agent.NXGDQBH trojan" ac=I fn="D:\Users\Burkhard\AppData\Local\Temp\loop.exe"
Code:
Results of screen317's Security Check version 0.99.64 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 25 
 Java version out of Date!
 Adobe Flash Player 9 Flash Player out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (21.0)
 Mozilla Thunderbird (17.0.2)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by *** (administrator) on 24-06-2013 09:56:16
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) D:\Programme\Acrobat 8.0\Acrobat\acrotray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) D:\ProgrammeWin7\Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] "D:\ProgrammeWin7\Office14\BCSSync.exe" /DelayServices [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "D:\Programme\Acrobat 8.0\Acrobat\Acrotray.exe" [x]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~4\Office14\GROOVEEX.DLL No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~4\Office14\URLREDIR.DLL No File
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\/Adobe Contribute CS3/contributeieplugin.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\/Adobe Contribute CS3/contributeieplugin.dll No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~4\Office14\GROOVEEX.DLL No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default
FF Homepage: hxxp://www.sueddeutsche.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 - C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\49hb8co1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (FBDownloader Search) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (FBDownloader Search) -      "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (PACE Client Helper Plugin) - C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; D:\ProgrammeWin7\Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 Microsoft SharePoint Workspace Audit Service; D:\ProgrammeWin7\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-21] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-19] (DT Soft Ltd)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [24728 2012-11-17] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 ZOOM_R16MTR; C:\Windows\System32\Drivers\zmr16usbaudio.sys [96768 2012-04-12] (Zoom Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-24 09:56 - 2013-06-24 09:56 - 00000041 ____A C:\Users\***\Desktop\checkup.txt
2013-06-24 09:55 - 2013-06-24 09:55 - 00890839 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-06-23 19:22 - 2013-06-23 19:22 - 02347384 ____A (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-06-23 19:22 - 2013-06-23 19:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-23 19:20 - 2013-06-23 19:21 - 00000901 ____A C:\Users\***\Desktop\JRT.txt
2013-06-23 19:15 - 2013-06-23 19:15 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-06-23 19:15 - 2013-06-23 19:15 - 00000000 ____D C:\Windows\ERUNT
2013-06-23 19:15 - 2013-06-23 19:15 - 00000000 ____D C:\JRT
2013-06-23 19:13 - 2013-06-23 19:13 - 00008609 ____A C:\Users\***\Desktop\AdwCleaner[S2].txt
2013-06-23 19:09 - 2013-06-23 19:09 - 00008700 ____A C:\AdwCleaner[S2].txt
2013-06-23 19:09 - 2013-06-23 19:09 - 00000121 ____A C:\Windows\DeleteOnReboot.bat
2013-06-23 19:08 - 2013-06-23 19:08 - 00008810 ____A C:\AdwCleaner[R1].txt
2013-06-23 19:07 - 2013-06-23 19:07 - 00000344 ____A C:\AdwCleaner[S1].txt
2013-06-23 19:06 - 2013-06-23 19:07 - 00648201 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-06-23 13:38 - 2013-06-23 13:38 - 00448512 ____A (OldTimer Tools) C:\Users\***\Desktop\TFC.exe
2013-06-23 13:28 - 2013-06-23 13:28 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:28 - 2013-06-23 13:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:28 - 2013-06-23 13:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:28 - 2013-06-23 13:28 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:28 - 2013-06-23 13:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 13:15 - 2013-06-23 13:15 - 00000000 ____D C:\Program Files\eLicenser
2013-06-23 13:06 - 2013-06-23 13:06 - 00000000 ____D C:\Users\***\AppData\Local\eLicenser
2013-06-23 12:42 - 2013-06-23 12:27 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20130623-124219.backup
2013-06-23 12:30 - 2013-06-23 12:30 - 00022491 ____A C:\ComboFix.txt
2013-06-23 12:18 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-23 12:18 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-23 12:18 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-23 12:18 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-23 12:18 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-23 12:18 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-23 12:18 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-23 12:18 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-23 12:16 - 2013-06-23 12:30 - 00000000 ____D C:\Qoobox
2013-06-23 12:16 - 2013-06-23 12:28 - 00000000 ____D C:\Windows\erdnt
2013-06-23 12:15 - 2013-06-23 12:15 - 05082201 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-06-22 23:23 - 2013-06-22 23:27 - 00023788 ____A C:\Users\***\Desktop\Addition.txt
2013-06-22 23:23 - 2013-06-22 23:23 - 00000000 ____D C:\FRST
2013-06-22 23:22 - 2013-06-22 23:22 - 01931364 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-06-22 13:09 - 2013-06-22 18:03 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-06-22 13:08 - 2013-06-22 13:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-21 21:09 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-21 20:25 - 2013-06-23 19:11 - 00001301 ____A C:\Windows\setupact.log
2013-06-20 09:41 - 2001-09-16 17:39 - 00001024 ____A C:\b4
2013-06-20 09:41 - 1997-02-01 18:10 - 00011910 ____A C:\Windows\SysWOW64\Genmidi.dll
2013-06-20 09:41 - 1997-02-01 18:10 - 00011910 ____A C:\Windows\Genmidi.dll
2013-06-20 09:38 - 2003-09-10 18:00 - 00163840 ____A () C:\Windows\SysWOW64\ArtFfct.dll
2013-06-18 03:01 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-18 03:01 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-18 03:01 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-18 03:01 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-18 03:01 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-18 03:01 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-18 03:01 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-18 03:01 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-18 03:01 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-18 03:01 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-18 03:01 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-18 03:01 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-17 18:05 - 2013-06-17 18:05 - 00001731 ____A C:\Users\Public\Desktop\EZmix.lnk
2013-06-17 15:02 - 2013-06-17 15:02 - 00001971 ____A C:\Users\Public\Desktop\EZkeys.lnk
2013-06-17 15:02 - 2013-06-17 15:02 - 00000000 ____D C:\Program Files (x86)\Toontrack
2013-06-17 10:02 - 2013-06-17 10:02 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2013-06-13 03:02 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 03:02 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 03:02 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:02 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:02 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:02 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:02 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 03:02 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:23 - 2013-06-12 11:23 - 00000554 ____A C:\Users\Public\Desktop\ElectraX standalone.lnk
2013-06-12 09:34 - 2013-06-12 10:12 - 00000560 ____A C:\Users\Public\Desktop\ElectraX64 standalone.lnk
2013-06-12 09:12 - 2013-06-12 09:12 - 00000000 ____D C:\Users\***\AppData\Roaming\AVG
2013-06-12 09:11 - 2013-06-17 10:09 - 00000000 ____D C:\ProgramData\AVG
2013-06-12 09:11 - 2013-06-12 09:11 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-12 09:02 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:02 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:02 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:02 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:02 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:02 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:02 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:02 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:02 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:02 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:02 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 09:02 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 09:02 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:02 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:02 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 09:02 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 09:02 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 09:02 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 09:02 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 08:59 - 2013-06-12 08:59 - 00000000 ____D C:\Users\***\AppData\Roaming\EZDownloader
2013-06-11 12:49 - 2013-06-17 10:10 - 00000000 ____D C:\Program Files (x86)\EZDownloader
2013-06-11 12:49 - 2013-06-11 12:49 - 00001953 ____A C:\Users\Public\Desktop\EZDownloader.lnk
2013-06-11 12:49 - 2013-06-11 12:49 - 00000000 ____D C:\ProgramData\StarApp
2013-05-30 21:49 - 2013-05-30 21:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-30 21:49 - 2013-05-30 21:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-26 12:10 - 2013-05-26 12:10 - 00000000 ____D C:\Users\****\AppData\Local\Apple

==================== One Month Modified Files and Folders =======

2013-06-24 09:56 - 2013-06-24 09:56 - 00000041 ____A C:\Users\***\Desktop\checkup.txt
2013-06-24 09:55 - 2013-06-24 09:55 - 00890839 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-06-24 09:52 - 2013-04-02 10:33 - 00001114 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-24 09:52 - 2012-11-19 13:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-24 04:27 - 2012-11-18 19:12 - 01821668 ____A C:\Windows\WindowsUpdate.log
2013-06-24 02:00 - 2012-11-19 14:47 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-06-23 19:22 - 2013-06-23 19:22 - 02347384 ____A (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-06-23 19:22 - 2013-06-23 19:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-23 19:21 - 2013-06-23 19:20 - 00000901 ____A C:\Users\***\Desktop\JRT.txt
2013-06-23 19:18 - 2009-07-14 06:45 - 00020304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-23 19:18 - 2009-07-14 06:45 - 00020304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-23 19:15 - 2013-06-23 19:15 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-06-23 19:15 - 2013-06-23 19:15 - 00000000 ____D C:\Windows\ERUNT
2013-06-23 19:15 - 2013-06-23 19:15 - 00000000 ____D C:\JRT
2013-06-23 19:13 - 2013-06-23 19:13 - 00008609 ____A C:\Users\***\Desktop\AdwCleaner[S2].txt
2013-06-23 19:12 - 2012-11-22 10:09 - 00000000 ___RD C:\Users\***\Dropbox
2013-06-23 19:12 - 2012-11-22 10:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-06-23 19:11 - 2013-06-21 20:25 - 00001301 ____A C:\Windows\setupact.log
2013-06-23 19:11 - 2013-05-14 18:50 - 00000000 ____D C:\Users\***\AppData\Local\FreePDF_XP
2013-06-23 19:11 - 2013-04-02 10:33 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-23 19:11 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-23 19:09 - 2013-06-23 19:09 - 00008700 ____A C:\AdwCleaner[S2].txt
2013-06-23 19:09 - 2013-06-23 19:09 - 00000121 ____A C:\Windows\DeleteOnReboot.bat
2013-06-23 19:08 - 2013-06-23 19:08 - 00008810 ____A C:\AdwCleaner[R1].txt
2013-06-23 19:07 - 2013-06-23 19:07 - 00000344 ____A C:\AdwCleaner[S1].txt
2013-06-23 19:07 - 2013-06-23 19:06 - 00648201 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-06-23 14:23 - 2013-04-12 11:51 - 00000000 ____D C:\Users\***\Documents\Cubase LE AI Elements Projects
2013-06-23 13:42 - 2012-11-18 20:09 - 00000000 ____D C:\ProgramData\MFAData
2013-06-23 13:38 - 2013-06-23 13:38 - 00448512 ____A (OldTimer Tools) C:\Users\***\Desktop\TFC.exe
2013-06-23 13:28 - 2013-06-23 13:28 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:28 - 2013-06-23 13:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:28 - 2013-06-23 13:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:28 - 2013-06-23 13:28 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:28 - 2013-06-23 13:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 13:28 - 2012-11-26 10:05 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:28 - 2012-11-26 10:05 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 13:15 - 2013-06-23 13:15 - 00000000 ____D C:\Program Files\eLicenser
2013-06-23 13:15 - 2013-04-12 11:43 - 00000051 ____A C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2013-06-23 13:15 - 2013-04-12 11:43 - 00000000 ____D C:\ProgramData\eLicenser
2013-06-23 13:15 - 2013-04-12 11:43 - 00000000 ____D C:\Program Files (x86)\eLicenser
2013-06-23 13:15 - 2012-11-19 13:21 - 00019532 ____A C:\Windows\DPINST.LOG
2013-06-23 13:06 - 2013-06-23 13:06 - 00000000 ____D C:\Users\***\AppData\Local\eLicenser
2013-06-23 12:35 - 2012-11-19 15:29 - 00017612 ____A C:\Windows\PFRO.log
2013-06-23 12:30 - 2013-06-23 12:30 - 00022491 ____A C:\ComboFix.txt
2013-06-23 12:30 - 2013-06-23 12:16 - 00000000 ____D C:\Qoobox
2013-06-23 12:28 - 2013-06-23 12:16 - 00000000 ____D C:\Windows\erdnt
2013-06-23 12:27 - 2013-06-23 12:42 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20130623-124219.backup
2013-06-23 12:27 - 2009-07-14 04:34 - 00000234 ____A C:\Windows\system.ini
2013-06-23 12:18 - 2012-12-30 15:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-23 12:15 - 2013-06-23 12:15 - 05082201 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-06-22 23:27 - 2013-06-22 23:23 - 00023788 ____A C:\Users\***\Desktop\Addition.txt
2013-06-22 23:23 - 2013-06-22 23:23 - 00000000 ____D C:\FRST
2013-06-22 23:22 - 2013-06-22 23:22 - 01931364 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-06-22 18:03 - 2013-06-22 13:09 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-06-22 13:08 - 2013-06-22 13:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-22 12:56 - 2009-07-14 19:58 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-22 12:56 - 2009-07-14 19:58 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-22 12:56 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-21 21:09 - 2013-06-21 21:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-21 20:45 - 2012-11-18 20:12 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-21 15:53 - 2012-11-23 16:15 - 00088448 ____A C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 09:57 - 2012-11-18 19:57 - 00088448 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 09:57 - 2009-07-14 06:45 - 06843440 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-19 11:47 - 2012-11-19 10:43 - 00000000 ____D C:\Users\***\Documents\Native Instruments
2013-06-19 11:47 - 2012-11-19 10:43 - 00000000 ____D C:\Users\***\AppData\Local\Native Instruments
2013-06-17 18:05 - 2013-06-17 18:05 - 00001731 ____A C:\Users\Public\Desktop\EZmix.lnk
2013-06-17 15:02 - 2013-06-17 15:02 - 00001971 ____A C:\Users\Public\Desktop\EZkeys.lnk
2013-06-17 15:02 - 2013-06-17 15:02 - 00000000 ____D C:\Program Files (x86)\Toontrack
2013-06-17 10:10 - 2013-06-11 12:49 - 00000000 ____D C:\Program Files (x86)\EZDownloader
2013-06-17 10:10 - 2013-02-04 15:45 - 00000000 ____D C:\Program Files\Toontrack
2013-06-17 10:10 - 2012-11-23 16:14 - 00000000 ____D C:\users\****
2013-06-17 10:10 - 2012-11-19 15:17 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-17 10:10 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-06-17 10:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-17 10:09 - 2013-06-12 09:11 - 00000000 ____D C:\ProgramData\AVG
2013-06-17 10:02 - 2013-06-17 10:02 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2013-06-17 09:21 - 2012-11-18 19:22 - 00000000 ____D C:\users\***
2013-06-13 17:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:03 - 2012-11-20 21:05 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 15:43 - 2012-11-19 13:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 15:43 - 2012-11-19 13:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 11:23 - 2013-06-12 11:23 - 00000554 ____A C:\Users\Public\Desktop\ElectraX standalone.lnk
2013-06-12 10:12 - 2013-06-12 09:34 - 00000560 ____A C:\Users\Public\Desktop\ElectraX64 standalone.lnk
2013-06-12 10:04 - 2013-02-17 14:45 - 00000000 ____D C:\Users\***\AppData\Roaming\Amazon
2013-06-12 10:04 - 2013-02-17 14:41 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-06-12 09:12 - 2013-06-12 09:12 - 00000000 ____D C:\Users\***\AppData\Roaming\AVG
2013-06-12 09:11 - 2013-06-12 09:11 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-12 08:59 - 2013-06-12 08:59 - 00000000 ____D C:\Users\***\AppData\Roaming\EZDownloader
2013-06-11 12:49 - 2013-06-11 12:49 - 00001953 ____A C:\Users\Public\Desktop\EZDownloader.lnk
2013-06-11 12:49 - 2013-06-11 12:49 - 00000000 ____D C:\ProgramData\StarApp
2013-06-11 09:58 - 2012-11-19 11:08 - 00000000 ____D C:\Users\***\AppData\Roaming\Adobe
2013-06-08 16:08 - 2013-06-18 03:01 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-18 03:01 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-18 03:01 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-18 03:01 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-18 03:01 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-18 03:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-18 03:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-18 03:01 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-18 03:01 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-18 03:01 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-18 03:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-18 03:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-08 11:09 - 2012-11-22 10:09 - 00001031 ____A C:\Users\***\Desktop\Dropbox.lnk
2013-06-05 13:02 - 2012-12-18 11:25 - 00000000 ____D C:\Users\***\AppData\Local\Apple Computer
2013-05-30 21:49 - 2013-05-30 21:49 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-30 21:49 - 2013-05-30 21:49 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-26 12:10 - 2013-05-26 12:10 - 00000000 ____D C:\Users\****\AppData\Local\Apple

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 03:04

==================== End Of Log ============================
--- --- ---


Keine Probleme mehr! :) Vielen Dank schon mal für die Hilfe.

schrauber 24.06.2013 11:04
Zitat:
D:\unzipe\mp3\Mediafire.Newsong.-.the.Christmas.shoes.mp3.52007.exe
Bitte löschen und Papierkorb leeren.
Jede Software, die im SecurityCheck Log rot ist, muss ein Update haben.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Sunwalk3r 24.06.2013 12:44
Zitat:
Zitat von schrauber (Beitrag 1093446)
Jede Software, die im SecurityCheck Log rot ist, muss ein Update haben.
Adobe Reader habe ich nun von 9 auf die aktuelle 11er geupdatet. Für den Flash Player 9 scheint es keine Updates mehr zu geben, daher habe ich ihn gelöscht (hoffentlich wird er nicht mehr gebraucht; aber es ist ja auch der 11er installiert).
Java ist Update 25 installiert. Eine neuere Version gibt es mWn nicht!?
Spybot soll auf diesem PC nur on demand verwendet werden, daher ist der TeaTimer nicht aktiviert. Sollte in Ordnung sein, oder?

schrauber 24.06.2013 13:47
Jup :)

Sunwalk3r 24.06.2013 17:22
Super. Dann kannst du den Thread aus deinen Abos löschen, falls nicht eh bereits geschehen. Noch mal vielen Dank für die schnelle und passende Hilfe!

schrauber 24.06.2013 18:41
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131