Trojaner-Board - Ich bin mir unsicher, ob der Qvo6-Virus noch in meinem System ist.

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Ich bin mir unsicher, ob der Qvo6-Virus noch in meinem System ist. (https://www.trojaner-board.de/138632-mir-unsicher-ob-qvo6-virus-noch-meinem-system.html)

Ich bin mir unsicher, ob der Qvo6-Virus noch in meinem System ist.

hallo erstmal :)
also ich will gleich zu anfang sagen, dass ich eig so gut wie keine ahnung von computern habe, also bitte seht es mir nach wenn ich etwas nicht verstehe oder nicht sofort umsetzen kann.

jetzt zu meinem problem: vor ca. 2 Stunden hatte ich mir offensichtlich den Qvo6-Virus eingefangen. aus schreck habe ich online nach einer schnellen lösung gesucht und auf chip.de wurde adwCleaner empfohlen, was ich mir dann direkt runtergeladen habe. das programm hat meinen pc analysiert; als ich jedoch die gefundenen "fehler" löschen wollte, kam vom adwCleaner keine rückmeldung mehr bzw es wurde nicht ausgeführt.

also habe ich nach einer alternative gesucht. da offensichtlich in den letzten monaten viele ein problem mit diesem virus hatten, fand ich auch schnell viele antworten. eine person empfahl, die eigenschaften von firefox zu öffnen, und von diesem dateipfad (??) das anhängsel vom virus zu entfernen. das hat auch geklappt und ich war endlich von dieser lästigen startseite befreit. zur sicherheit habe ich internet explorer und google chrome deinstalliert, da ich sowieso nur firefox verwende. zum schluss habe ich mit AVG nochmal einen scan durchlaufen lassen und es wurde nichts gefunden; AVG PC tune-up hat ein paar junk-iwas gefunden, aber auch sofort bereinigt.

dann kamen aber meine zweifel. weil selbst ich weiß, dass selbst wenn nichts mehr da zu sein scheint, häufig doch noch was da ist was eig nicht da sein sollte.
also habe ich ein weiteres mal adwCleaner geöffnet und eine analyse gestartet. das protokoll habe ich dann auf iwas "abnormales" abgesucht, aber nichts gefunden. auch habe ich nach ungewollten programmen gesucht; fand aber nichts. mein pc scheint auch normal zu laufen (schnell, ohne ungewollte werbung, normale startseite bei ff), jedoch verschwinden unten rechts neben der uhrzeit,etc. nach einer zeit einfach ein paar dieser kleinen symbole (oder ist das normal..? ich habs nie beobachtet).

ok tut mir leid dass das so lang ist, aber ich wollte eine möglichst ausführliche beschreibung abgeben.
meine fragen sind jetzt: 1. ist der virus wirklich weg? wie kann ich sicher sein, wenn mein virenscanner nichts mehr findet und eig alles normal läuft?
2. ist der Qvo6-Virus überhaupt wirklich "gefährlich"? pfuscht er an mehr als an deiner startseite rum (und das mit den werbungen)? ich habe wirklich große angst vor identitätsklau, dass iwelche informationen oder daten von mir gesammelt werden oder dass ich heimlich über meine webcam beobachtet werde, weil sich wer reingehackt hat.

bitte helft mir!
LaLeLou

Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

hey danke für die schnelle antwort (trotz der uhrzeit) :D

nein ich habe leider keine anderen logs..

soll ich welche machen und wenn ja mit welchem programm?

L.

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ok alles gemacht wie du gesagt hast.

1. Part:
FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01

Ran by Dell (administrator) on 23-07-2013 02:51:38

Running from C:\Users\Dell\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [4365984 2012-03-12] (Dell Inc.)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)

HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [x]

HKLM-x32\...\Runonce: [Del1682829] - cmd.exe /Q /D /c del "C:\Users\Dell\AppData\Local\Temp\0.del" [x]

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1167360 2009-08-03] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260416 2012-01-30] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214848 2012-01-30] (NVIDIA Corporation)

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\w0w4f2p4.default

FF SelectedSearchEngine: qvo6

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11

FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605
 

==================== Services (Whitelisted) =================
 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)

R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-03] (AVG Secure Search)
 

==================== Drivers (Whitelisted) ====================
 

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )

R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)

R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-03] (AVG Technologies)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-07-23 02:51 - 2013-07-23 02:51 - 01779447 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe

2013-07-23 02:51 - 2013-07-23 02:51 - 00000000 ____D C:\FRST

2013-07-23 01:27 - 2013-07-23 01:27 - 00000005 _____ C:\Users\Dell\AppData\Roaming\WBPU-TTL.DAT

2013-07-23 00:44 - 2013-07-23 00:44 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm

2013-07-23 00:42 - 2013-07-23 00:43 - 00000000 ____D C:\ProgramData\AVG

2013-07-23 00:42 - 2013-07-23 00:42 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-07-23 00:42 - 2013-07-23 00:42 - 00000000 ____D C:\Users\Dell\AppData\Roaming\AVG

2013-07-23 00:35 - 2013-07-23 00:35 - 00000368 _____ C:\AdwCleaner[S4].txt

2013-07-23 00:34 - 2013-07-23 00:34 - 00008723 _____ C:\AdwCleaner[R3].txt

2013-07-23 00:27 - 2013-07-23 02:27 - 00000282 _____ C:\Windows\Tasks\DSite.job

2013-07-23 00:27 - 2013-07-23 00:27 - 00003218 _____ C:\Windows\System32\Tasks\DSite

2013-07-23 00:27 - 2013-07-23 00:27 - 00000000 ____D C:\Users\Dell\AppData\Roaming\DSite

2013-07-23 00:02 - 2013-07-23 00:02 - 00000337 _____ C:\AdwCleaner[S3].txt

2013-07-22 22:56 - 2013-07-22 22:56 - 00010638 _____ C:\AdwCleaner[R2].txt

2013-07-22 22:56 - 2013-07-22 22:56 - 00000373 _____ C:\AdwCleaner[S2].txt

2013-07-22 22:48 - 2013-07-22 22:48 - 00000412 _____ C:\AdwCleaner[S1].txt

2013-07-22 22:47 - 2013-07-22 22:47 - 00010664 _____ C:\AdwCleaner[R1].txt

2013-07-22 22:24 - 2013-07-22 22:43 - 00004130 _____ C:\Windows\System32\Tasks\Software Updater

2013-07-22 22:24 - 2013-07-22 22:43 - 00004068 _____ C:\Windows\System32\Tasks\Software Updater Ui

2013-07-22 22:23 - 2013-07-22 22:23 - 00000000 ____D C:\Users\Dell\AppData\Roaming\eIntaller

2013-07-20 20:20 - 2013-07-20 21:37 - 00000000 ____D C:\Users\Dell\Desktop\Bewerbung

2013-07-19 21:14 - 2013-07-19 21:58 - 00000000 ____D C:\Users\Dell\Desktop\Tattoo

2013-07-15 09:26 - 2013-07-23 01:47 - 00334268 ____N C:\Windows\WindowsUpdate.log

2013-07-11 18:27 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-11 18:27 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-11 18:27 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-11 18:27 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-11 18:27 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-11 18:27 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-11 18:27 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-11 18:27 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-11 18:27 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-11 13:36 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-07-11 13:36 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-07-11 13:36 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2013-07-11 13:36 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-11 13:36 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-11 13:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-07-11 13:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-07-03 16:23 - 2013-07-03 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-03 15:32 - 2013-07-03 15:32 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
 

==================== One Month Modified Files and Folders =======
 

2013-07-23 02:51 - 2013-07-23 02:51 - 01779447 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe

2013-07-23 02:51 - 2013-07-23 02:51 - 00000000 ____D C:\FRST

2013-07-23 02:45 - 2012-09-21 09:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-07-23 02:27 - 2013-07-23 00:27 - 00000282 _____ C:\Windows\Tasks\DSite.job

2013-07-23 01:53 - 2013-04-21 13:03 - 00000000 ____D C:\Program Files (x86)\AVG

2013-07-23 01:47 - 2013-07-15 09:26 - 00334268 ____N C:\Windows\WindowsUpdate.log

2013-07-23 01:27 - 2013-07-23 01:27 - 00000005 _____ C:\Users\Dell\AppData\Roaming\WBPU-TTL.DAT

2013-07-23 00:44 - 2013-07-23 00:44 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm

2013-07-23 00:43 - 2013-07-23 00:42 - 00000000 ____D C:\ProgramData\AVG

2013-07-23 00:42 - 2013-07-23 00:42 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-07-23 00:42 - 2013-07-23 00:42 - 00000000 ____D C:\Users\Dell\AppData\Roaming\AVG

2013-07-23 00:35 - 2013-07-23 00:35 - 00000368 _____ C:\AdwCleaner[S4].txt

2013-07-23 00:34 - 2013-07-23 00:34 - 00008723 _____ C:\AdwCleaner[R3].txt

2013-07-23 00:27 - 2013-07-23 00:27 - 00003218 _____ C:\Windows\System32\Tasks\DSite

2013-07-23 00:27 - 2013-07-23 00:27 - 00000000 ____D C:\Users\Dell\AppData\Roaming\DSite

2013-07-23 00:18 - 2012-09-21 09:04 - 00000000 ____D C:\Users\Dell\AppData\Local\Google

2013-07-23 00:15 - 2012-09-20 19:49 - 00000000 ____D C:\Windows\Panther

2013-07-23 00:12 - 2013-04-16 23:18 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-07-23 00:07 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-23 00:07 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-23 00:02 - 2013-07-23 00:02 - 00000337 _____ C:\AdwCleaner[S3].txt

2013-07-23 00:00 - 2012-09-20 09:57 - 00001653 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-07-23 00:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-22 22:56 - 2013-07-22 22:56 - 00010638 _____ C:\AdwCleaner[R2].txt

2013-07-22 22:56 - 2013-07-22 22:56 - 00000373 _____ C:\AdwCleaner[S2].txt

2013-07-22 22:48 - 2013-07-22 22:48 - 00000412 _____ C:\AdwCleaner[S1].txt

2013-07-22 22:47 - 2013-07-22 22:47 - 00010664 _____ C:\AdwCleaner[R1].txt

2013-07-22 22:43 - 2013-07-22 22:24 - 00004130 _____ C:\Windows\System32\Tasks\Software Updater

2013-07-22 22:43 - 2013-07-22 22:24 - 00004068 _____ C:\Windows\System32\Tasks\Software Updater Ui

2013-07-22 22:23 - 2013-07-22 22:23 - 00000000 ____D C:\Users\Dell\AppData\Roaming\eIntaller

2013-07-22 17:20 - 2013-04-21 13:05 - 00000000 ____D C:\Windows\system32\Drivers\AVG

2013-07-20 21:37 - 2013-07-20 20:20 - 00000000 ____D C:\Users\Dell\Desktop\Bewerbung

2013-07-19 21:58 - 2013-07-19 21:14 - 00000000 ____D C:\Users\Dell\Desktop\Tattoo

2013-07-17 15:23 - 2012-09-20 19:48 - 00711662 _____ C:\Windows\system32\perfh007.dat

2013-07-17 15:23 - 2012-09-20 19:48 - 00152870 _____ C:\Windows\system32\perfc007.dat

2013-07-17 15:23 - 2009-07-14 07:13 - 01641464 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-11 18:46 - 2009-07-14 06:45 - 00353016 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-11 18:45 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-11 18:45 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-11 18:45 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-07-11 18:28 - 2013-04-16 21:42 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-07-11 18:23 - 2013-05-17 21:29 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-07-03 23:04 - 2013-04-16 23:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-07-03 16:24 - 2013-07-03 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-03 15:32 - 2013-07-03 15:32 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

2013-07-03 15:32 - 2013-04-21 13:06 - 00000000 ____D C:\Users\Dell\AppData\Local\AVG Secure Search

2013-07-03 15:32 - 2013-04-21 13:05 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-06-24 18:50 - 2013-05-17 21:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-06-24 18:50 - 2012-09-20 15:46 - 01619358 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-07-19 17:47
 

==================== End Of Log ============================

--- --- ---

--- --- ---

"Addition":FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-07-2013 01

Ran by Dell at 2013-07-23 02:52:20

Running from C:\Users\Dell\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

   

 2012 (Version: 2012.1.2242)

Adobe AIR (x32 Version: 2.6.0.19120)

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)

Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)

Adobe Reader XI (11.0.02) - Deutsch (x32 Version: 11.0.02)

Advanced Audio FX Engine (x32 Version: 1.12.05)

AVG 2012 (Version: 12.0.3204)

AVG 2012 (Version: 12.1.2242)

Brother MFL-Pro Suite MFC-5895CW (x32 Version: 1.0.2.0)

Dell Digital Delivery (x32 Version: 2.5.1400.0)

Dell Touchpad (Version: 7.1209.101.215)

Dell Webcam Central (x32 Version: 1.40.05)

IDT Audio (x32 Version: 1.0.6388.0)

Intel(R) Control Center (x32 Version: 1.2.1.1007)

Intel(R) Management Engine Components (x32 Version: 8.0.1.1399)

Intel(R) OpenCL CPU Runtime (x32)

Intel(R) Processor Graphics (x32 Version: 8.15.10.2598)

Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006)

Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)

Intel® Trusted Connect Service Client (Version: 1.23.219.2)

LibreOffice 3.6 (x32 Version: 3.6.0.4)

Live! Cam Avatar Creator (x32 Version: 4.6.3009.1)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)

Mozilla Maintenance Service (x32 Version: 22.0)

NVIDIA Grafiktreiber 290.70 (Version: 290.70)

NVIDIA HD-Audiotreiber 1.3.12.0 (Version: 1.3.12.0)

NVIDIA Install Application (Version: 2.1002.48.259)

NVIDIA Optimus 1.6.24 (Version: 1.6.24)

NVIDIA Systemsteuerung 290.70 (Version: 290.70)

NVIDIA Update 1.6.24 (Version: 1.6.24)

NVIDIA Update Components (Version: 1.6.24)

PDFCreator (x32 Version: 1.7.0)

Picasa 3 (x32 Version: 3.9)

Quickset64 (Version: 11.1.17)

Realtek Ethernet Controller Driver (x32 Version: 7.54.309.2012)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)

Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7601.39013)

Tinypic 3.18 (x32 Version: Tinypic 3.18)

Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update for Zip Opener (HKCU)

Update für Microsoft Office Excel 2007 Help (KB963678) (x32)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update für Microsoft Office Word 2007 Help (KB963665) (x32)

Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)

WIDCOMM Bluetooth Software (Version: 6.5.1.2300)
 

==================== Restore Points  =========================
 

25-06-2013 14:48:01 Windows Update

03-07-2013 23:26:11 Geplanter Prüfpunkt

11-07-2013 16:22:18 Windows Update

14-07-2013 15:45:37 Windows Update

21-07-2013 17:15:00 Geplanter Prüfpunkt

22-07-2013 20:23:27 TubeBox

22-07-2013 20:33:47 TubeBox

22-07-2013 21:51:29 Windows Modules Installer

22-07-2013 21:55:06 Windows Modules Installer

22-07-2013 22:42:24 AVG PC TuneUp wird installiert

22-07-2013 23:52:56 AVG PC TuneUp wird entfernt

22-07-2013 23:53:53 AVG PC TuneUp Language Pack (de-DE) wird entfernt
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {3B590360-88B0-4AEC-ADD9-260623EF45B3} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

Task: {52BB02DB-4385-4469-8D75-5523C72568AC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-18] (Adobe Systems Incorporated)

Task: {7DD4C7A3-2BF1-4790-8807-EE3263533874} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe No File

Task: {A7D518DF-16BE-44EE-A8CD-374CDF324523} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe No File

Task: {C13EBB6A-757C-41D3-8ECC-2C6B57FB81B5} - System32\Tasks\DSite => C:\Users\Dell\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-07-23] ()

Task: {CF11DE36-92A1-43AE-832A-E6F7DC993337} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)

Task: {CFDD3E77-C985-4AB3-9822-11E7AB61FAA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DSite.job => ?
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (07/23/2013 01:53:46 AM) (Source: Microsoft-Windows-RestartManager) (User: Dell-PC)

Description: Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden.
 

Error: (07/23/2013 00:36:23 AM) (Source: ESENT) (User: )

Description: DllHost (5280) WebCacheLocal: Fehler -1811 beim Öffnen von Protokolldatei C:\Users\Dell\AppData\Local\Microsoft\Windows\WebCache\V010000E.log.
 

Error: (07/23/2013 00:00:51 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/22/2013 11:58:44 PM) (Source: Windows Search Service) (User: )

Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-286064607-2742977032-1704626467-1000}/">.
 

Error: (07/22/2013 11:53:42 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/22/2013 11:03:51 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/22/2013 10:58:02 PM) (Source: Application Hang) (User: )

Description: Programm adwcleaner06(1).exe, Version 2.3.0.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1758
 

Startzeit: 01ce871de6a67d76
 

Endzeit: 10
 

Anwendungspfad: C:\Users\Dell\Downloads\adwcleaner06(1).exe
 

Berichts-ID: 5486511f-f311-11e2-8a8f-c01885e46b0c
 

Error: (07/22/2013 10:55:52 PM) (Source: ESENT) (User: )

Description: DllHost (4184) WebCacheLocal: Fehler -1811 beim Öffnen von Protokolldatei C:\Users\Dell\AppData\Local\Microsoft\Windows\WebCache\V010001E.log.
 

Error: (07/22/2013 10:51:03 PM) (Source: Application Hang) (User: )

Description: Programm adwcleaner06.exe, Version 2.3.0.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 110c
 

Startzeit: 01ce871c8dc820b7
 

Endzeit: 16
 

Anwendungspfad: C:\Users\Dell\Downloads\adwcleaner06.exe
 

Berichts-ID: 5edd1e99-f310-11e2-8a8f-c01885e46b0c
 

Error: (07/22/2013 10:40:04 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (07/22/2013 05:17:17 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (07/22/2013 05:17:17 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
 

Error: (07/22/2013 08:41:52 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (07/22/2013 08:41:48 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
 

Error: (07/21/2013 03:54:50 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (07/21/2013 03:54:46 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
 

Error: (07/19/2013 11:31:25 AM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎19.‎07.‎2013 um 11:29:49 unerwartet heruntergefahren.
 

Error: (07/19/2013 11:13:25 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (07/19/2013 11:13:25 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
 

Error: (07/18/2013 02:44:11 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Percentage of memory in use: 47%

Total physical RAM: 3960.64 MB

Available physical RAM: 2074.46 MB

Total Pagefile: 7919.47 MB

Available Pagefile: 6073.41 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:465.66 GB) (Free:408.6 GB) NTFS (Disk=0 Partition=2)
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6F2242A5)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

tut mir leid da war ich wohl etwas zu schnell :D

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01

Ran by Dell (administrator) on 23-07-2013 02:51:38

Running from C:\Users\Dell\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [4365984 2012-03-12] (Dell Inc.)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)

HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [x]

HKLM-x32\...\Runonce: [Del1682829] - cmd.exe /Q /D /c del "C:\Users\Dell\AppData\Local\Temp\0.del" [x]

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1167360 2009-08-03] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260416 2012-01-30] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214848 2012-01-30] (NVIDIA Corporation)

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\w0w4f2p4.default

FF SelectedSearchEngine: qvo6

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11

FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605
 

==================== Services (Whitelisted) =================
 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)

R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-03] (AVG Secure Search)
 

==================== Drivers (Whitelisted) ====================
 

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )

R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)

R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-03] (AVG Technologies)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-07-23 02:51 - 2013-07-23 02:51 - 01779447 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe

2013-07-23 02:51 - 2013-07-23 02:51 - 00000000 ____D C:\FRST

2013-07-23 01:27 - 2013-07-23 01:27 - 00000005 _____ C:\Users\Dell\AppData\Roaming\WBPU-TTL.DAT

2013-07-23 00:44 - 2013-07-23 00:44 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm

2013-07-23 00:42 - 2013-07-23 00:43 - 00000000 ____D C:\ProgramData\AVG

2013-07-23 00:42 - 2013-07-23 00:42 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-07-23 00:42 - 2013-07-23 00:42 - 00000000 ____D C:\Users\Dell\AppData\Roaming\AVG

2013-07-23 00:35 - 2013-07-23 00:35 - 00000368 _____ C:\AdwCleaner[S4].txt

2013-07-23 00:34 - 2013-07-23 00:34 - 00008723 _____ C:\AdwCleaner[R3].txt

2013-07-23 00:27 - 2013-07-23 02:27 - 00000282 _____ C:\Windows\Tasks\DSite.job

2013-07-23 00:27 - 2013-07-23 00:27 - 00003218 _____ C:\Windows\System32\Tasks\DSite

2013-07-23 00:27 - 2013-07-23 00:27 - 00000000 ____D C:\Users\Dell\AppData\Roaming\DSite

2013-07-23 00:02 - 2013-07-23 00:02 - 00000337 _____ C:\AdwCleaner[S3].txt

2013-07-22 22:56 - 2013-07-22 22:56 - 00010638 _____ C:\AdwCleaner[R2].txt

2013-07-22 22:56 - 2013-07-22 22:56 - 00000373 _____ C:\AdwCleaner[S2].txt

2013-07-22 22:48 - 2013-07-22 22:48 - 00000412 _____ C:\AdwCleaner[S1].txt

2013-07-22 22:47 - 2013-07-22 22:47 - 00010664 _____ C:\AdwCleaner[R1].txt

2013-07-22 22:24 - 2013-07-22 22:43 - 00004130 _____ C:\Windows\System32\Tasks\Software Updater

2013-07-22 22:24 - 2013-07-22 22:43 - 00004068 _____ C:\Windows\System32\Tasks\Software Updater Ui

2013-07-22 22:23 - 2013-07-22 22:23 - 00000000 ____D C:\Users\Dell\AppData\Roaming\eIntaller

2013-07-20 20:20 - 2013-07-20 21:37 - 00000000 ____D C:\Users\Dell\Desktop\Bewerbung

2013-07-19 21:14 - 2013-07-19 21:58 - 00000000 ____D C:\Users\Dell\Desktop\Tattoo

2013-07-15 09:26 - 2013-07-23 01:47 - 00334268 ____N C:\Windows\WindowsUpdate.log

2013-07-11 18:27 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-11 18:27 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-11 18:27 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-11 18:27 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-11 18:27 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-11 18:27 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-11 18:27 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-11 18:27 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-11 18:27 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-11 18:27 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-11 18:27 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-11 18:27 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-11 13:36 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-07-11 13:36 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-07-11 13:36 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2013-07-11 13:36 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-11 13:36 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-11 13:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-07-11 13:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-07-03 16:23 - 2013-07-03 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-03 15:32 - 2013-07-03 15:32 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
 

==================== One Month Modified Files and Folders =======
 

2013-07-23 02:51 - 2013-07-23 02:51 - 01779447 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe

2013-07-23 02:51 - 2013-07-23 02:51 - 00000000 ____D C:\FRST

2013-07-23 02:45 - 2012-09-21 09:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-07-23 02:27 - 2013-07-23 00:27 - 00000282 _____ C:\Windows\Tasks\DSite.job

2013-07-23 01:53 - 2013-04-21 13:03 - 00000000 ____D C:\Program Files (x86)\AVG

2013-07-23 01:47 - 2013-07-15 09:26 - 00334268 ____N C:\Windows\WindowsUpdate.log

2013-07-23 01:27 - 2013-07-23 01:27 - 00000005 _____ C:\Users\Dell\AppData\Roaming\WBPU-TTL.DAT

2013-07-23 00:44 - 2013-07-23 00:44 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm

2013-07-23 00:43 - 2013-07-23 00:42 - 00000000 ____D C:\ProgramData\AVG

2013-07-23 00:42 - 2013-07-23 00:42 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-07-23 00:42 - 2013-07-23 00:42 - 00000000 ____D C:\Users\Dell\AppData\Roaming\AVG

2013-07-23 00:35 - 2013-07-23 00:35 - 00000368 _____ C:\AdwCleaner[S4].txt

2013-07-23 00:34 - 2013-07-23 00:34 - 00008723 _____ C:\AdwCleaner[R3].txt

2013-07-23 00:27 - 2013-07-23 00:27 - 00003218 _____ C:\Windows\System32\Tasks\DSite

2013-07-23 00:27 - 2013-07-23 00:27 - 00000000 ____D C:\Users\Dell\AppData\Roaming\DSite

2013-07-23 00:18 - 2012-09-21 09:04 - 00000000 ____D C:\Users\Dell\AppData\Local\Google

2013-07-23 00:15 - 2012-09-20 19:49 - 00000000 ____D C:\Windows\Panther

2013-07-23 00:12 - 2013-04-16 23:18 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-07-23 00:07 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-23 00:07 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-23 00:02 - 2013-07-23 00:02 - 00000337 _____ C:\AdwCleaner[S3].txt

2013-07-23 00:00 - 2012-09-20 09:57 - 00001653 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-07-23 00:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-22 22:56 - 2013-07-22 22:56 - 00010638 _____ C:\AdwCleaner[R2].txt

2013-07-22 22:56 - 2013-07-22 22:56 - 00000373 _____ C:\AdwCleaner[S2].txt

2013-07-22 22:48 - 2013-07-22 22:48 - 00000412 _____ C:\AdwCleaner[S1].txt

2013-07-22 22:47 - 2013-07-22 22:47 - 00010664 _____ C:\AdwCleaner[R1].txt

2013-07-22 22:43 - 2013-07-22 22:24 - 00004130 _____ C:\Windows\System32\Tasks\Software Updater

2013-07-22 22:43 - 2013-07-22 22:24 - 00004068 _____ C:\Windows\System32\Tasks\Software Updater Ui

2013-07-22 22:23 - 2013-07-22 22:23 - 00000000 ____D C:\Users\Dell\AppData\Roaming\eIntaller

2013-07-22 17:20 - 2013-04-21 13:05 - 00000000 ____D C:\Windows\system32\Drivers\AVG

2013-07-20 21:37 - 2013-07-20 20:20 - 00000000 ____D C:\Users\Dell\Desktop\Bewerbung

2013-07-19 21:58 - 2013-07-19 21:14 - 00000000 ____D C:\Users\Dell\Desktop\Tattoo

2013-07-17 15:23 - 2012-09-20 19:48 - 00711662 _____ C:\Windows\system32\perfh007.dat

2013-07-17 15:23 - 2012-09-20 19:48 - 00152870 _____ C:\Windows\system32\perfc007.dat

2013-07-17 15:23 - 2009-07-14 07:13 - 01641464 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-11 18:46 - 2009-07-14 06:45 - 00353016 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-11 18:45 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-11 18:45 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-11 18:45 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-07-11 18:28 - 2013-04-16 21:42 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-07-11 18:23 - 2013-05-17 21:29 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-07-03 23:04 - 2013-04-16 23:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-07-03 16:24 - 2013-07-03 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-03 15:32 - 2013-07-03 15:32 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

2013-07-03 15:32 - 2013-04-21 13:06 - 00000000 ____D C:\Users\Dell\AppData\Local\AVG Secure Search

2013-07-03 15:32 - 2013-04-21 13:05 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-06-24 18:50 - 2013-05-17 21:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-06-24 18:50 - 2012-09-20 15:46 - 01619358 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-07-19 17:47
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

dumme frage: soll ich nur aus dem internet raus oder soll ich GANZ die verbindung kappen?

oh und für dieses malware rootkit soll ich da weiterhin alles aushaben oder kann ich da wieder ins (wieder geschützte) internet?

Du sollst nur diesen zu untersuchenden Rechner vom inet trennen
Und bei MBAR brauchst du eine Verbindung sonst kann es nicht aktualisiert werden

hi also der scan ist jetzt fertig..

bei diesem gmer kam das raus:

GMER Logfile:

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-07-23 03:21:50

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GS00 465,76GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\Dell\AppData\Local\Temp\pxldapod.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076291465 2 bytes [29, 76]

.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000762914bb 2 bytes [29, 76]

.text    ...                                                                                                                                      * 2

---- Processes - GMER 2.1 ----
 

Library  C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2120]                          000007fefb590000
 

---- Registry - GMER 2.1 ----
 

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885be2120                                                              

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885e46b0c                                                              

Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885be2120 (not active ControlSet)                                          

Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885e46b0c (not active ControlSet)                                          
 

---- EOF - GMER 2.1 ----

--- --- ---

bei dem mbar scan wurde auch beim zweiten durchgang nichts gefunden.. ist das gut?

Die Logs von Malwarebytes sind IMMER zu posten

nein nein das verstehst du falsch. ich habe wirklich ALLES so gemacht wie dus gesagt hast (ich habs beim zweiten durchgang nochmal kontrolliert) und es hat mich auch gewundert aber da stand dann nur sowas von wegen dass nichts gefunden wurde und alles was ich dann drücken konnte war EXIT. neugestartet hat er auch nicht... ich dachte halt das würde so abweichen weil er nichts gefunden hat. soll ichs nochmal durchlaufen lassen?

oh mann sorry ich bin so ein hirni ich hab gerade in der datei nachgeschaut haha. tut mir leid hier sind sie :)

Code:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org
 

Database version: v2013.07.23.01
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

Dell :: DELL-PC [administrator]
 

23.07.2013 03:33:14

mbar-log-2013-07-23 (03-33-14).txt
 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: PUP

Objects scanned: 248985

Time elapsed: 10 minute(s), 51 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

Physical Sectors Detected: 0

(No malicious items detected)
 

(end)

und vom 2.durchgang:

Code:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org
 

Database version: v2013.07.23.01
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

Dell :: DELL-PC [administrator]
 

23.07.2013 03:45:39

mbar-log-2013-07-23 (03-45-39).txt
 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: PUP

Objects scanned: 248991

Time elapsed: 10 minute(s), 6 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

Physical Sectors Detected: 0

(No malicious items detected)
 

(end)

Sry ich muss die Logs sehen um zu überprüfen ob die Scans auch richtig ausgeführt wurden, sonst ist das ganze fürn Ar*** ;)

Ist aber soweit ok bei dir alles bislang :)

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Guten Morgen! :)

hier sind erstmal der JRT log:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.2 (07.22.2013:2)

OS: Windows 7 Home Premium x64

Ran by Dell on 23.07.2013 at 12:07:16,79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-286064607-2742977032-1704626467-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\scripthelper.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\viprotocol.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{1fdff5a2-7bb1-48e1-8081-7236812b12b2}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{bb711cb0-c70b-482e-9852-ec05ebd71dbb}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{933b95e2-e7b7-4ad9-b952-7ac336682ae3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{b658800c-f66e-4ef3-ab85-6c0c227862a9}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f25af245-4a81-40dc-92f9-e9021f207706}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{03e2a1f3-4402-4121-8b35-733216d61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{4e92db5f-aad9-49d3-8eab-b40cbe5b1ff7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e3b11f6-4179-4603-a71b-a55f4bcb0bec}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{c401d2ce-dc27-45c7-bc0c-8e6ea7f085d6}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{c6fdd0c3-266a-4dc3-b459-28c697c44cdc}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{f25af245-4a81-40dc-92f9-e9021f207706}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\Windows\tasks\dsite.job"

Successfully disinfected: [Shortcut] C:\Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Successfully disinfected: [Shortcut] C:\Users\Dell\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk

Successfully disinfected: [Shortcut] C:\Users\Dell\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Users\Dell\AppData\Roaming\dsite"

Successfully deleted: [Folder] "C:\Users\Dell\AppData\Roaming\pdfforge"
 
 
 

~~~ FireFox
 

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml"

Successfully deleted the following from C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\w0w4f2p4.default\prefs.js
 

user_pref("browser.search.defaultenginename", "qvo6");

user_pref("browser.search.order.1", "qvo6");

user_pref("browser.search.selectedEngine", "qvo6");

Emptied folder: C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\w0w4f2p4.default\minidumps [103 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23.07.2013 at 12:11:57,56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

so und hier sind die ergebnisse des adwCleaner (der komischerweise diesmal ohne probleme lief). übrigens wurde nur einmal neu gestartet nach ausführung des programms.

das war die erste log file nachdem adwCleaner nur gescannt hatte:

Code:

# AdwCleaner v2.306 - Datei am 23/07/2013 um 12:25:30 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Dell - DELL-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Dell\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search

Ordner Gefunden : C:\Users\Dell\AppData\Local\AVG Secure Search

Ordner Gefunden : C:\Users\Dell\AppData\LocalLow\AVG Secure Search

Ordner Gefunden : C:\Users\Dell\AppData\Roaming\eIntaller
 

***** [Registrierungsdatenbank] *****
 

Daten Gefunden : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

Schlüssel Gefunden : HKCU\Software\AVG Secure Search

Schlüssel Gefunden : HKLM\Software\AVG Secure Search

Schlüssel Gefunden : HKLM\Software\AVG Security Toolbar

Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16635
 

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605
 

-\\ Mozilla Firefox v22.0 (de)
 

Datei : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\w0w4f2p4.default\prefs.js
 

Gefunden : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.3.0.11")[...]
 

*************************
 

AdwCleaner[R1].txt - [10664 octets] - [22/07/2013 22:47:18]

AdwCleaner[R2].txt - [10638 octets] - [22/07/2013 22:56:16]

AdwCleaner[R3].txt - [8723 octets] - [23/07/2013 00:34:48]

AdwCleaner[R4].txt - [3584 octets] - [23/07/2013 12:19:00]

AdwCleaner[R5].txt - [3293 octets] - [23/07/2013 12:25:30]

AdwCleaner[S1].txt - [412 octets] - [22/07/2013 22:48:27]

AdwCleaner[S2].txt - [373 octets] - [22/07/2013 22:56:28]

AdwCleaner[S3].txt - [337 octets] - [23/07/2013 00:02:47]

AdwCleaner[S4].txt - [368 octets] - [23/07/2013 00:35:54]

AdwCleaner[S5].txt - [366 octets] - [23/07/2013 12:19:28]
 

########## EOF - C:\AdwCleaner[R5].txt - [3648 octets] ##########

und das die log file nachdem neu gestartet wurde:

Code:

# AdwCleaner v2.306 - Datei am 23/07/2013 um 12:26:38 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Dell - DELL-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Dell\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search

Ordner Gelöscht : C:\Users\Dell\AppData\Local\AVG Secure Search

Ordner Gelöscht : C:\Users\Dell\AppData\LocalLow\AVG Secure Search

Ordner Gelöscht : C:\Users\Dell\AppData\Roaming\eIntaller
 

***** [Registrierungsdatenbank] *****
 

Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search

Schlüssel Gelöscht : HKLM\Software\AVG Secure Search

Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16635
 

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK5076GSX_23IBY3WMFXX23IBY3WMF&ts=1374524605 --> hxxp://www.google.com
 

-\\ Mozilla Firefox v22.0 (de)
 

Datei : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\w0w4f2p4.default\prefs.js
 

Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.3.0.11")[...]
 

*************************
 

AdwCleaner[R1].txt - [10664 octets] - [22/07/2013 22:47:18]

AdwCleaner[R2].txt - [10638 octets] - [22/07/2013 22:56:16]

AdwCleaner[R3].txt - [8723 octets] - [23/07/2013 00:34:48]

AdwCleaner[R4].txt - [3584 octets] - [23/07/2013 12:19:00]

AdwCleaner[R5].txt - [3703 octets] - [23/07/2013 12:25:30]

AdwCleaner[R6].txt - [3763 octets] - [23/07/2013 12:26:16]

AdwCleaner[S1].txt - [412 octets] - [22/07/2013 22:48:27]

AdwCleaner[S2].txt - [373 octets] - [22/07/2013 22:56:28]

AdwCleaner[S3].txt - [337 octets] - [23/07/2013 00:02:47]

AdwCleaner[S4].txt - [368 octets] - [23/07/2013 00:35:54]

AdwCleaner[S5].txt - [366 octets] - [23/07/2013 12:19:28]

AdwCleaner[S6].txt - [3752 octets] - [23/07/2013 12:26:38]
 

########## EOF - C:\AdwCleaner[S6].txt - [3812 octets] ##########

uuuund jetzt hier noch die logs von OTL:

Code:

OTL logfile created on: 23.07.2013 12:41:41 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,87 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,99% Memory free

7,73 Gb Paging File | 5,92 Gb Available in Paging File | 76,49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 408,01 Gb Free Space | 87,62% Space Free | Partition Type: NTFS

 

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Dell\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (AVG Secure Search)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58a8f7274b2f5cf46bfc459034b9b279\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()

MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (vToolbarUpdater15.3.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (AVG Secure Search)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)

SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)

SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)

DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)

DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)

DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{233001D5-29D8-4EA3-A2BF-4E6ED863B9B6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: "false"

FF - prefs.js..browser.startup.homepage: "https://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

[2013.04.16 23:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions

[2013.07.03 16:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013.07.03 16:24:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF3C98B5-06C5-4F54-9C56-AC643FDDAD38}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.07.23 12:07:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013.07.23 03:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013.07.23 03:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.07.23 03:30:04 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\mbar-1.06.0.1004(1)

[2013.07.23 02:51:22 | 000,000,000 | ---D | C] -- C:\FRST

[2013.07.23 01:53:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013.07.23 00:42:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\AVG

[2013.07.23 00:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG

[2013.07.23 00:42:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

[2013.07.20 20:20:06 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Bewerbung

[2013.07.19 21:14:10 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Tattoo

[2013.07.11 18:27:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.07.11 18:27:44 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.07.11 18:27:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013.07.11 18:27:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013.07.11 18:27:42 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013.07.11 18:27:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013.07.11 18:27:42 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013.07.11 18:27:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013.07.11 18:27:42 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013.07.11 18:27:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013.07.11 18:27:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013.07.11 18:27:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.07.11 18:27:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.07.11 18:27:41 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.07.11 18:27:40 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.07.11 13:36:33 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013.07.11 13:36:33 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013.07.11 13:36:33 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll

[2013.07.11 13:36:33 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll

[2013.07.11 13:36:11 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013.07.03 16:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.06.24 18:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2013.06.24 18:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.07.23 12:35:35 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.07.23 12:35:35 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.07.23 12:27:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.07.23 12:27:53 | 3114,774,528 | -HS- | M] () -- C:\hiberfil.sys

[2013.07.23 12:26:48 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013.07.23 12:06:29 | 128,229,990 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2013.07.23 04:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.07.23 03:27:28 | 013,399,154 | ---- | M] () -- C:\Users\Dell\Desktop\mbar-1.06.0.1004(1).zip

[2013.07.23 01:27:06 | 000,000,005 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\WBPU-TTL.DAT

[2013.07.23 00:12:41 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013.07.21 17:06:06 | 000,312,996 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2013.07.17 15:23:50 | 001,641,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.07.17 15:23:50 | 000,711,662 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.07.17 15:23:50 | 000,656,610 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.07.17 15:23:50 | 000,152,870 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.07.17 15:23:50 | 000,125,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.07.11 18:46:28 | 000,353,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.07.03 15:32:24 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

[2013.07.03 15:32:16 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2013.06.24 18:50:19 | 001,619,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

 
 ========== Files Created - No Company Name ==========

 

[2013.07.23 12:26:43 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013.07.23 03:27:28 | 013,399,154 | ---- | C] () -- C:\Users\Dell\Desktop\mbar-1.06.0.1004(1).zip

[2013.07.23 01:27:06 | 000,000,005 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\WBPU-TTL.DAT

[2013.07.03 15:32:12 | 000,003,716 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

[2013.04.21 12:46:08 | 000,000,335 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2013.04.21 12:46:08 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini

[2013.04.21 12:44:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2013.04.21 12:44:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2013.04.21 12:43:44 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2013.04.21 12:43:42 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2013.04.21 12:43:42 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2012.09.21 09:13:58 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012.09.21 09:13:58 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin

[2012.09.21 09:13:57 | 000,479,528 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin

[2012.09.21 09:13:57 | 000,261,196 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012.09.21 09:13:56 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012.09.21 09:13:55 | 012,985,344 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll

[2012.09.21 09:13:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2012.09.21 09:13:54 | 013,168,640 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012.09.21 09:06:47 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2012.09.20 15:46:34 | 001,619,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.01.10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

und die "extra" file

Code:

OTL Extras logfile created on: 23.07.2013 12:41:41 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,87 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,99% Memory free

7,73 Gb Paging File | 5,92 Gb Available in Paging File | 76,49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 408,01 Gb Free Space | 87,62% Space Free | Partition Type: NTFS

 

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0EEEBD5E-C6C0-472B-9C94-E14DE2E5EC36}" = rport=137 | protocol=17 | dir=out | app=system | 

"{177DC1B2-9042-4068-ABF5-8F926A59A48E}" = rport=139 | protocol=6 | dir=out | app=system | 

"{19C293E8-CE4C-4719-95F7-9AEF2BDCE734}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 

"{1FD61751-9A1C-4EAF-B3C9-BE4D184FC4A9}" = rport=138 | protocol=17 | dir=out | app=system | 

"{31642E48-77CA-4CAF-85E6-D41EF8ED7DD7}" = lport=137 | protocol=17 | dir=in | app=system | 

"{40CCA132-9049-4DE5-B49B-E411AA4926CA}" = lport=445 | protocol=6 | dir=in | app=system | 

"{4CCBBEEA-630F-4445-BCED-1AC541428C87}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{59E8586E-EADE-46DE-A561-0523CC24A0E5}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{5F73E74E-2264-42C4-86D9-E140C08B125E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{88CBE902-102E-4EA0-B286-80352CE9FE95}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8F338525-2E44-41EE-9DCB-E336B44B2162}" = rport=445 | protocol=6 | dir=out | app=system | 

"{A1FB5282-E1EE-4274-AE5C-C050D2656D9F}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{AA45CB85-2BBD-4A37-B99C-BD3D1AF3DEE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B81FFB12-B137-43B2-BEC8-9EE3B4150009}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{C027FA50-3CE3-4339-9D18-2D446B0219E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C2D2988B-2060-4C34-8DCF-3F3348757469}" = lport=138 | protocol=17 | dir=in | app=system | 

"{D02E70A9-BA57-4EB0-8A6A-89B2ED51C4B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D32B9877-9ABF-41CC-8CCC-F1355C128E0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D376C58E-9B84-4DE7-AD39-E924A168FBC2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{DFD5AC50-A0AD-4E69-9F78-F33D3D193EE7}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{E17AFDD2-9653-42B4-857A-1753BE5ABC57}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{FE4B0E48-328C-4A63-8EBE-3F8A8A544D74}" = lport=139 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{057F957F-912E-4E2B-8EAF-745D3DC98FF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{11A5FF3F-2FA6-4D99-B72B-3E4DC2EEC388}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 

"{1335EF71-BA1A-4058-B9A1-B4459F124399}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{19CEDF91-1788-491D-AC89-CDAE46B6284E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 

"{1A1D61DA-133C-46FA-B67D-66E756303074}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 

"{1C894D1C-1FDE-4EEA-9A8D-C044D2268C6C}" = protocol=6 | dir=out | app=system | 

"{1DE7C39E-B17A-423C-A7A3-5F14BD1593B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{1EDC4EE2-A226-4BE0-91BA-6D2AFD2B663A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 

"{29B95D44-87D1-44CC-B351-B086C709E602}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 

"{35B05655-ABA2-4CC1-B59D-2035BBCA361A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{36299523-C8F0-4421-ACE8-C84A1F589837}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08n\faxrx.exe | 

"{45EC4EE6-B3D9-4C7A-9438-EB853F9C3CF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{57282BB4-D6C2-4D2B-BF92-505893E90A60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{5C7661E9-B078-4C6F-B84F-AAB07DAD4741}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5F92D6F8-54CA-49B9-9160-2FE963417865}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{6CA98628-315D-43F4-AB70-7BA17CB0E07D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{6DA746B1-688A-4A61-BAEA-C99B22124652}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 

"{7067609B-B752-4936-91A6-0D054035107A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{7C05BA9F-7092-48D6-A4A0-D921FAB5AB7B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{8723A385-296E-403C-8500-D9BA8926EACD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 

"{89DCFB69-D81E-484C-952B-7EDAC31B15CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{8EFAB1D9-96AD-4426-97B0-B90C8AB3E3C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{99396669-1998-4B1D-8222-810237A1B5E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{99A25FA2-8D2B-4130-BEAF-53D0ABC46878}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{9CBCB310-1C8B-417C-8D0B-ABE873CAF59E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{BB4BD499-6758-4DCE-801E-8AB07EF780AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{C207DDFE-ECA2-43E6-A922-36A347405E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08n\faxrx.exe | 

"{C92CAB4D-37F4-40B8-B71B-D6CA9B56E13A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{F16E2B81-0903-4F66-A80E-290A6EC78647}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 

"{F397ADE8-13DC-4197-8F30-B0256C16D2D0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{FBD20F07-9241-480D-8014-4058B49AC549}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 290.70

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 290.70

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.6.24

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0

"{D50E19B5-A29A-4A78-8381-0E562B40CDFD}" = AVG 2012

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"AVG" = AVG 2012

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{184BF682-537C-4CAE-8789-6696508A4032}" = Brother MFL-Pro Suite MFC-5895CW

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{4B3230C5-F069-416B-9169-1B84A216ED6A}" = Dell Digital Delivery

"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch

"{AFD5A54E-E9A1-413D-8AA2-C9EDB6782400}" = LibreOffice 3.6

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Dell Webcam Central" = Dell Webcam Central

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Picasa 3" = Picasa 3

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DSite" = Update for Zip Opener

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 23.07.2013 06:13:53 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.07.2013 06:23:50 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.07.2013 06:28:20 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10

Description = 

 

 

< End of report >

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

die ergebnisse von malwarebytes anti malware:

Code:

2013/07/24 08:44:08 +0200        DELL-PC        Dell        MESSAGE        Starting protection

2013/07/24 08:44:08 +0200        DELL-PC        Dell        MESSAGE        Protection started successfully

2013/07/24 08:44:08 +0200        DELL-PC        Dell        MESSAGE        Starting IP protection

2013/07/24 08:44:25 +0200        DELL-PC        Dell        MESSAGE        IP Protection started successfully

2013/07/24 08:45:34 +0200        DELL-PC        Dell        MESSAGE        Starting database refresh

2013/07/24 08:45:34 +0200        DELL-PC        Dell        MESSAGE        Stopping IP protection

2013/07/24 08:45:38 +0200        DELL-PC        Dell        MESSAGE        IP Protection stopped successfully

2013/07/24 08:45:41 +0200        DELL-PC        Dell        MESSAGE        Database refreshed successfully

2013/07/24 08:45:41 +0200        DELL-PC        Dell        MESSAGE        Starting IP protection

2013/07/24 08:45:43 +0200        DELL-PC        Dell        MESSAGE        IP Protection started successfully

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.07.24.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

Dell :: DELL-PC [Administrator]
 

Schutz: Aktiviert
 

24.07.2013 08:46:40

mbam-log-2013-07-24 (08-46-40).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 340445

Laufzeit: 34 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)