Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 startet ausschließlich im abgesichertem Modus...Virus? (https://www.trojaner-board.de/138633-windows-7-startet-ausschliesslich-abgesichertem-modus-virus.html)

Morfo 23.07.2013 01:22
Windows 7 startet ausschließlich im abgesichertem Modus...Virus?
 
Hallo Trojaner-Board,
ich habe seid Montag Abend c.a 22 Uhr das Problem, dass mein Pc nur noch im abgesichertem Modus startet. Nach einer kleinen Internet Recherche fand ich heraus, dass ich zu ,,Ausführen" gehen soll dann ,,msconfig" eingeben muss und das Häkchen bei ,,Abgesicherter Start" entfernen soll. Bei mir war aber kein Häkchen also fand ich heraus, dass ich wahrscheinlich ein Virus oder ähnliches haben muss.
Nachdem ich ein paar Programme gelöscht habe und Avast eine Vollständige Überprüfung durchgeführt hat, kam plötzlich eine Rote Meldung raus, dass ich angeblich einen Trojaner habe der, glaube ich, ,,LyricsMonkey" heißt. Anschließend hat Avast eine ziemlich lange Überprüfung gestartet (schwarzer Bildschirm mit weißer Schrift). Nach einiger Zeit hat er ,,LyricsMoney" gefunden und ich konnte Zahlen von 1-8 eingeben: 1=Löschen 2=Alle Löschen 3=In den Container verschieben 4=Alle in den Container verschieben 5=Reparieren 6=Alle reparieren 7=Ignorieren und 8=Alle ignorieren. Ich habe auf 1 gedrückt und nachdem Avast es gelöscht hat ging die Überprüfung weiter. Nach paar Stunden war er fertig und ich habe gehofft, dass es vorbei ist, aber leider startete Windows immer noch im abgesichertem Modus :heulen: . Nun bin ich verzweifelt und habe Angst, dass mein Pc kaputt ist.
Da ich erst 14 Jahre bin hoffe ich, dass ihr versucht mir mit möglichst wenigen Fachwörtern zu erklären wie ich meinen Pc wieder zum laufen kriege. Ach ja dieser Beitrag ist mein erster hier auf diesem Forum und ich hoffe ich habe alle Regeln beachtet.
LG Artur

aharonov 23.07.2013 02:07
Hallo,

macht bitte im abgesicherten Modus einen FRST-Scan, damit wir mal sehen können, was da los ist:


Downloade dir bitte die für dein System passende Version (32-bit/64-bit) von Farbar Recovery Scan Tool (FRST) und speichere es auf den Desktop.
(Wenn du nicht sicher bist, welche du benötigst: Start -> Computer (Rechtsklick) -> Eigenschaften)
  • Starte dann FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Morfo 23.07.2013 09:04
Hi Leo danke,dass du mir helfen möchtest.

Hier ist FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by Arthur (administrator) on 23-07-2013 09:55:37
Running from C:\Users\Arthur\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Valve Corporation) E:\steam\Steam.exe
(SEC) C:\Program Files\MagicTune Premium\MagicTune.exe
() C:\Program Files\MagicTune Premium\GammaTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MagicTuneEngine] - C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2010-12-14] ()
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKCU\...\Run: [Steam] - E:\steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [SCheck] - C:\Users\Arthur\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\Arthur\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [DataMgr] - C:\Users\Arthur\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)
HKCU\...\Run: [Intermediate] - C:\Users\Arthur\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {0af69a7e-4464-11e2-b165-0025226e2469} - H:\SETUP.EXE
MountPoints2: {e1fbf440-4ac3-11e2-89d0-806e6f6e6963} - G:\Launcher.exe
MountPoints2: {ea260789-3e5f-11e2-9259-806e6f6e6963} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\Lena\...\Run: [uTorrent] - "C:\Users\Lena\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [x]
HKU\Lena\...\Run: [Yontoo Desktop] - "C:\Users\Lena\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]
AppInit_DLLs:  C:\PROGRA~3\Wincert\WIN64C~1.DLL  [8704 2013-02-07] ()
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll [7168 2013-02-07] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
ShortcutTarget: GammaTray.exe.lnk -> C:\Program Files\MagicTune Premium\GammaTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * bootdeletebootdeletebootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=261
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=261
SearchScopes: HKCU - {352FC33D-4B62-40F5-942F-A4E4F3FA10B3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8A3D1516-7B37-4981-8DE1-AB52718B43E5&apn_sauid=A0939C45-06D8-451D-BAF3-EA877CBEEE78
SearchScopes: HKCU - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Video downloader - {77BEC163-D389-42c1-91A4-C758846296A5} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Video downloader - {77BEC163-D389-42c1-91A4-C758846296A5} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [lyricsmonkey@mendoni.net] C:\Program Files (x86)\LyricsMonkey\FF\
FF Extension: No Name - C:\Program Files (x86)\LyricsMonkey\FF\

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/", ""
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (YouTube) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (avast! Online Security) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Gmail) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [khialnikbocfgkohdegnebhmmaifoglp] - C:\Program Files (x86)\LyricsMonkey\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Arthur\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-07-14] (SurfRight B.V.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-22] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 hitmanpro37; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
S0 hitmanpro37duringboot; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-23 09:50 - 2013-07-23 09:50 - 01779447 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2013-07-22 22:49 - 2013-07-23 01:39 - 00000000 ____D C:\Windows\pss
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:11 - 2013-07-22 20:13 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:03 - 2013-07-23 01:31 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 16:03 - 2013-07-22 16:04 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-22 16:03 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-22 15:42 - 2013-07-22 15:45 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2013-07-22 20:15 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:10 - 2013-07-21 20:19 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:35 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-07-21 17:24 - 2013-07-21 17:26 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\DataMgr
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:56 - 2013-07-20 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:35 - 2013-07-20 11:14 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-17 22:48 - 2013-07-17 22:49 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 08:32 - 2013-07-19 21:57 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-16 18:13 - 2013-07-19 22:22 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-16 18:12 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-16 18:08 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-15 15:03 - 2013-07-22 22:33 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-15 15:03 - 2012-08-31 19:57 - 01687408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ntfs.sys
2013-07-15 15:03 - 2010-11-20 14:17 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-15 15:03 - 2009-07-14 04:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storsvc.dll
2013-07-14 18:20 - 2013-07-22 22:36 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-14 13:17 - 2013-07-14 13:18 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-11 17:33 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 17:33 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 17:33 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:33 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 15:43 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 15:43 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:43 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 15:42 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 15:42 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-04 19:18 - 2013-07-04 20:30 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 18:35 - 2013-07-04 19:18 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 14:36 - 2013-07-04 15:18 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-07-01 18:43 - 2013-07-01 18:43 - 00002218 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:18 - 2013-06-24 21:19 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 21:15 - 2013-06-24 21:15 - 00648201 _____ C:\Users\Arthur\Downloads\AdwCleaner.exe
2013-06-24 16:36 - 2013-06-24 21:03 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 21:11 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 16:00 - 2013-07-21 21:49 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent

==================== One Month Modified Files and Folders =======

2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-23 09:54 - 2013-05-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-23 09:54 - 2012-12-17 21:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-23 09:54 - 2012-12-12 16:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 09:52 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 09:52 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 09:51 - 2013-05-13 15:30 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-23 09:50 - 2013-07-23 09:50 - 01779447 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2013-07-23 09:50 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-23 09:47 - 2012-12-06 15:33 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Skype
2013-07-23 09:44 - 2013-05-13 16:13 - 00008545 _____ C:\Windows\setupact.log
2013-07-23 09:44 - 2012-12-06 15:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 09:44 - 2012-12-05 00:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-23 09:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 02:28 - 2012-12-05 00:19 - 01926650 _____ C:\Windows\WindowsUpdate.log
2013-07-23 02:21 - 2012-12-06 15:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 02:00 - 2012-12-28 22:42 - 00000000 ____D C:\Users\Arthur\AppData\Local\Adobe
2013-07-23 01:44 - 2013-03-30 23:46 - 00000000 ____D C:\Program Files\Adobe
2013-07-23 01:44 - 2012-12-13 14:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 01:44 - 2012-12-12 16:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 01:43 - 2013-03-30 23:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-23 01:39 - 2013-07-22 22:49 - 00000000 ____D C:\Windows\pss
2013-07-23 01:31 - 2013-07-22 16:03 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 23:37 - 2013-04-23 20:34 - 00000000 ____D C:\Program Files (x86)\LyricsMonkey
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Sony
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\ProgramData\Sony
2013-07-22 23:10 - 2012-12-19 19:57 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-07-22 23:08 - 2012-12-06 15:01 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-22 23:08 - 2012-12-06 15:01 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-22 23:07 - 2013-02-09 15:44 - 00002952 _____ C:\Windows\System32\Tasks\{23A7EE5B-8126-4140-9EDD-6FB26AA5D81B}
2013-07-22 23:07 - 2012-12-20 18:37 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Users\Arthur\AppData\Local\Google
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-22 22:36 - 2013-07-14 18:20 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-22 22:33 - 2013-07-15 15:03 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-22 22:33 - 2013-06-02 19:29 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:15 - 2013-07-22 15:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-22 20:13 - 2013-07-22 20:11 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 19:37 - 2012-12-06 15:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-22 19:37 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-22 17:41 - 2009-07-14 19:58 - 00696904 _____ C:\Windows\system32\perfh007.dat
2013-07-22 17:41 - 2009-07-14 19:58 - 00148200 _____ C:\Windows\system32\perfc007.dat
2013-07-22 17:41 - 2009-07-14 07:13 - 01613644 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:04 - 2013-07-22 16:03 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-22 16:03 - 2013-04-01 15:51 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 15:47 - 2013-04-27 13:52 - 00082000 _____ C:\Windows\PFRO.log
2013-07-22 15:46 - 2013-01-06 22:28 - 00000000 ____D C:\Users\hedev
2013-07-22 15:45 - 2013-07-22 15:42 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2009-07-14 06:45 - 05070528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 21:49 - 2013-06-24 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:19 - 2013-07-21 20:10 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:39 - 2012-12-16 13:34 - 00000000 ___HD C:\Users\Arthur\AppData\Local\Il1yeC94tyS
2013-07-21 17:39 - 2012-12-05 01:01 - 00117664 _____ C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 17:38 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:26 - 2013-07-21 17:24 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:14 - 2013-07-20 10:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 11:14 - 2012-12-06 17:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\DataMgr
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:57 - 2013-07-20 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-19 22:22 - 2013-07-16 18:13 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-19 22:22 - 2013-07-16 18:12 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-19 22:22 - 2013-07-16 18:08 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-19 21:57 - 2013-07-17 08:32 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-17 22:49 - 2013-07-17 22:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-14 13:18 - 2013-07-14 13:17 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-14 13:13 - 2013-05-17 20:20 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\FreeVideoConverter
2013-07-14 13:12 - 2012-12-06 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\vlc
2013-07-13 21:31 - 2013-05-14 19:18 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-11 18:54 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-11 18:52 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 20:59 - 2013-02-15 21:25 - 00017408 ____H C:\Users\Arthur\Downloads\photothumb.db
2013-07-09 20:59 - 2012-12-06 21:48 - 00001037 _____ C:\Users\Arthur\Desktop\PhotoScape.lnk
2013-07-09 20:59 - 2012-12-06 21:48 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-07-05 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:51 - 2013-01-01 23:52 - 00272384 ___SH C:\Users\Arthur\Documents\Thumbs.db
2013-07-04 20:30 - 2013-07-04 19:18 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 19:18 - 2013-07-04 18:35 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:42 - 2013-05-13 15:30 - 00000000 ____D C:\Users\Arthur\AppData\Local\Microsoft Help
2013-07-04 18:41 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 15:32 - 2013-01-01 20:50 - 00000000 ____D C:\Users\Arthur\AppData\Local\Windows Live
2013-07-04 15:18 - 2013-07-04 14:36 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-07-04 15:13 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2013-07-01 18:43 - 2013-07-01 18:43 - 00002218 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-06-29 23:57 - 2012-12-06 15:33 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-06-29 22:25 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:49 - 2013-03-04 21:38 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Audacity
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:19 - 2013-06-24 21:18 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 21:15 - 2013-06-24 21:15 - 00648201 _____ C:\Users\Arthur\Downloads\AdwCleaner.exe
2013-06-24 21:11 - 2013-06-24 16:04 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 21:03 - 2013-06-24 16:36 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 00:57 - 2012-12-06 17:46 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\ntuser.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 19:57

==================== End Of Log ============================
--- --- ---

--- --- ---


Und hier ist Addition.txt

Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-07-2013 01
Ran by Arthur at 2013-07-23 09:56:27
Running from C:\Users\Arthur\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


µTorrent (HKCU Version: 3.3.1.29812)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Premiere Pro CS6 (x32 Version: 6.0)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.3 (x32 Version: 2.0.3)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Avidemux 2.5 (x32 Version: 2.5.3.0)
Battlefield Heroes (x32)
Battlefront Extreme 2.2 (x32)
bl (x32 Version: 1.0.0)
Brother MFL-Pro Suite DCP-115C (x32 Version: 1.0.1.0)
CamStudio version 2.7 (x32 Version: 2.7)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Fotogalerie (x32 Version: 16.4.3505.0912)
Free Video Converter V 3.1 (x32 Version: 3.1.0.0)
GIGABYTE OC_GURU II (x32 Version: 1.20.0000)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
Grand Theft Auto IV (x32 Version: 1.0.0013.131)
Grand Theft Auto IV (x32)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
LEGO® Star Wars™ III: The Clone Wars™ (x32 Version: 1.0.0.0)
MagicTunePremium (x32 Version: 4.0.09)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (x32 Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office O MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office X MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office XP Professional mit FrontPage (x32 Version: 10.0.6626.0)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Windows Media Video 9 VCM (x32)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Notepad++ (x32 Version: 6.3.3)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
P 2.8.4 (Version: 2.8.4)
ph (x32 Version: 1.0.0)
Photo Gallery (x32 Version: 16.4.3505.0912)
PhotoScape (x32)
QuickShare (x32 Version: 1.6.1.872)
QuickTime (x32 Version: 7.74.80.86)
RAMRush 1.0.6.917 (x32)
Samsung_MonSetup (x32 Version: 1.00.0000)
Skype™ 6.6 (x32 Version: 6.6.106)
Smart File Advisor 1.1.1 (x32 Version: 1.1.1)
SPORE™ (x32 Version: 1.00.0000)
Star Wars - Battlefront II (x32)
Star Wars: The Old Republic (x32 Version: 1.00)
Steam (x32 Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Uplay (x32 Version: 2.0)
VirtualCloneDrive (x32)
VLC media player 2.0.4 (Version: 2.0.4)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Tanks (x32)
Xvid MPEG-4 Video Codec (x32)

==================== Restore Points =========================

22-07-2013 21:08:38 TuneUp Utilities 2013 wird entfernt
22-07-2013 21:10:07 TuneUp Utilities Language Pack (de-DE) wird entfernt
22-07-2013 21:11:26 Removed Vegas Pro 12.0 (64-bit)
22-07-2013 23:32:59 Removed LogMeIn Hamachi
23-07-2013 07:46:36 Removed Google Earth.
23-07-2013 07:48:50 Removed Microsoft Office Professional 2007

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-06-24 21:04 - 00001030 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 tune-up.com
127.0.0.1 tune-up.com/order
127.0.0.1 registertuneup.com
127.0.0.1 download.tune-up.de
127.0.0.1 download.tune-up.com
127.0.0.1 secure.tune-up.com


==================== Scheduled Tasks (whitelisted) =============

Task: {01082626-D524-4FBA-9B71-591B23A1DC4D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {1CB09E1A-7CB1-4FD4-B613-27DBE6C561CD} - System32\Tasks\{32BE3CC1-98B8-4C8E-8829-A4CE7922CA79} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-07-12] (Google Inc.)
Task: {1EA05D96-25D4-414E-8FBB-905C4638A74D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06] (Google Inc.)
Task: {38828480-ADA2-4F90-AC92-E0C8930B3AFF} - System32\Tasks\WPD\SqmUpload_S-1-5-21-950287045-4052571293-3502393058-1004 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {3F1D9D60-D466-4576-A0B2-AC4E77387CFF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {596AB9BC-CC9E-46A3-915A-8FAD8AF11289} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: {62E9BAD1-8CD2-4199-814E-A64B3D914E48} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {6560E11B-2D64-4119-8964-5AF6EAACCC7C} - System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {845AEDE8-6997-4507-97AC-4F1FA1EAE2B0} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {8770FD75-D4D1-4B29-ADFF-4236AA99C30A} - System32\Tasks\{0A7A8F16-AF5D-4A70-88D7-40A44F25E932} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {9253DCDB-0D46-4805-9CCD-F63B8478177E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {99C2503B-381F-4DBD-986A-9304BBD908F6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe No File
Task: {A41A9076-89BB-4E6C-8815-8FE32B30B151} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {B0522F72-B2F1-4D01-9EEA-651686B2D8F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06] (Google Inc.)
Task: {B2D6106C-07B4-4B36-B9FE-1996F0793E70} - System32\Tasks\DealPly => C:\Users\Arthur\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File
Task: {C2A89A8A-AFFA-4210-8EE4-BFC5F62F0B26} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {CA417F1A-D051-43DC-964C-49B4739145DD} - System32\Tasks\{23A7EE5B-8126-4140-9EDD-6FB26AA5D81B} => C:\Program Files (x86)\RAMRush\RAMRush.exe [2009-09-17] (FTweak)
Task: {EA3A2C84-D4EF-4072-A08F-9E52906200F8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {EA4541CE-FD2A-46F8-9B9F-1C70D7095174} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe No File
Task: {F234BA71-3324-4C95-A585-B6444D3A045C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File
Task: {FC94CD4D-A10A-4054-B2A5-023B277AF04D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Virtual CloneDrive
Description: Virtual CloneDrive
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Elaborate Bytes AG
Service: VClone
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: NVIDIA GeForce GTX 660
Description: NVIDIA GeForce GTX 660
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Microsoft LifeCam VX-1000
Description: Microsoft LifeCam VX-1000
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: VX1000
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: ATAPI DVD RW 8XMax ATA Device
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Optiarc DVD RW AD-5200A ATA Device
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2013 01:53:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/23/2013 01:51:32 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/22/2013 11:05:59 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Google Chrome Frame; Fehler = 0x80042302).

Error: (07/22/2013 11:05:59 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (07/22/2013 11:05:59 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (07/22/2013 11:05:59 PM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (07/22/2013 11:05:45 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Google Chrome Frame; Fehler = 0x80042302).

Error: (07/22/2013 11:05:45 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (07/22/2013 11:05:45 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (07/22/2013 11:05:45 PM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


System errors:
=============
Error: (07/23/2013 09:46:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/23/2013 09:46:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/23/2013 09:44:43 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (07/23/2013 01:43:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/23/2013 01:43:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/23/2013 01:41:21 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (07/23/2013 01:39:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/23/2013 01:39:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/23/2013 01:37:10 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (07/23/2013 01:32:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-07-21 19:29:32.983
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 19:29:32.982
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 19:29:32.981
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 19:29:32.965
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 19:29:32.963
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-21 19:29:32.950
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-19 19:04:34.891
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-19 19:04:34.890
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-19 19:04:34.889
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-19 19:04:34.877
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 4095.24 MB
Available physical RAM: 2464.29 MB
Total Pagefile: 10235.43 MB
Available Pagefile: 8534.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:146.39 GB) (Free:69.02 GB) NTFS (Disk=0 Partition=2)
Drive d: (Gaming) (Fixed) (Total:159.67 GB) (Free:143.36 GB) NTFS (Disk=0 Partition=3)
Drive e: (Workshop) (Fixed) (Total:159.61 GB) (Free:97.06 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9C3FC6A7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=160 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=160 GB) - (Type=07 NTFS)

==================== End Of Log ============================

LG Artur

aharonov 23.07.2013 19:41
Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix
  • Log von FRST

Morfo 23.07.2013 20:52
Nachdem ich Combofix ausgeführt, bzw. nachdem ich die .txt Datei erhalten habe, kann ich nicht mehr Google Chrome und Internet Explorer öffnen.Es direkt nachdem ich doppel klick gemacht habe
Zitat:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen,der zum Löschen markiert wurde.
Dann kann man nur OK drücken und dann erscheint
Zitat:
Dieses Element kann nihct geöffnet werden.
Möglicherweise wurde es verschoben, umbenannant oder gelöscht. Möchten Sie dieses Element entfernen?
Zur auswahl gibt es Ja und Nein. Was soll ich tun? Darum schreibe ich dir gerade von einem anderen Pc.
Oh Entschuldigung ich sehe gerade,dass du gesagt hast das ich den Pc neustarten soll.

So also zuerst AdwCleaner.txt
Zitat:
# Benutzer : Arthur - ADDIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Arthur\Desktop\adwcleaner06.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Arthur\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Arthur\AppData\Roaming\DataMgr

***** [Registrierungsdatenbank] *****

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~3\Wincert\WIN64C~1.DLL
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\khialnikbocfgkohdegnebhmmaifoglp
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2354] : homepage = "hxxp://www.searchnu.com/406",

*************************

AdwCleaner[R1].txt - [26004 octets] - [02/06/2013 19:15:50]
AdwCleaner[R2].txt - [4439 octets] - [24/06/2013 21:17:45]
AdwCleaner[S1].txt - [24117 octets] - [02/06/2013 19:16:21]
AdwCleaner[S2].txt - [3992 octets] - [24/06/2013 21:18:04]
AdwCleaner[S3].txt - [1642 octets] - [23/07/2013 21:04:48]

########## EOF - C:\AdwCleaner[S3].txt - [1702 octets] ##########
Als nächstes Combofix.txt
Combofix Logfile:
Code:
ComboFix 13-07-23.01 - Arthur 23.07.2013  21:16:03.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4095.2477 [GMT 2:00]
ausgeführt von:: c:\users\Arthur\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
c:\programdata\ntuser.dat
c:\programdata\Wincert\WIN32C~1.DLL
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\frapsvid.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-23 bis 2013-07-23  ))))))))))))))))))))))))))))))
.
.
2013-07-23 19:21 . 2013-07-23 19:21        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-07-23 19:21 . 2013-07-23 19:21        --------        d-----w-        c:\users\UpdatusUser.ADDIS-PC\AppData\Local\temp
2013-07-23 19:21 . 2013-07-23 19:21        --------        d-----w-        c:\users\Lena\AppData\Local\temp
2013-07-23 11:10 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{384C0252-2C98-4B6B-83F9-7C5253C58E42}\mpengine.dll
2013-07-23 07:55 . 2013-07-23 07:55        --------        d-----w-        C:\FRST
2013-07-22 14:03 . 2013-05-09 08:59        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-07-22 14:03 . 2013-07-22 14:04        378944        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-07-22 14:03 . 2013-05-09 08:59        72016        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-07-22 14:03 . 2013-05-09 08:59        64288        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-07-22 14:03 . 2013-07-22 14:04        1030952        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-07-22 14:03 . 2013-07-22 14:04        189936        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-07-22 14:03 . 2013-05-09 08:59        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-07-22 14:03 . 2013-05-09 08:59        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-07-22 14:03 . 2013-05-09 08:58        41664        ----a-w-        c:\windows\avastSS.scr
2013-07-21 15:39 . 2013-07-21 15:39        --------        d-----w-        c:\users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 15:39 . 2013-07-21 15:39        --------        d-----w-        c:\programdata\PACE Anti-Piracy
2013-07-21 15:39 . 2013-07-21 15:39        --------        d-----w-        c:\users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 15:39 . 2013-07-21 15:39        --------        d-----w-        c:\users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 15:35 . 2011-11-03 01:01        56208        ------w-        c:\windows\system32\drivers\PxHlpa64.sys
2013-07-21 15:35 . 2011-10-17 01:00        10224        ------w-        c:\windows\system32\drivers\cdralw2k.sys
2013-07-21 15:35 . 2011-10-17 01:00        10224        ------w-        c:\windows\system32\drivers\cdr4_xp.sys
2013-07-21 15:35 . 2013-07-21 15:35        --------        d-----w-        c:\program files (x86)\Common Files\Sonic Shared
2013-07-21 15:35 . 2013-07-21 15:35        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine
2013-07-21 15:35 . 2013-07-21 15:35        --------        d-----w-        c:\program files (x86)\My Company Name
2013-07-20 09:14 . 2013-07-20 09:14        --------        d-sh--w-        c:\programdata\SecuROM
2013-07-20 09:04 . 2013-07-20 09:04        --------        d-----w-        c:\users\Arthur\AppData\Roaming\SSync
2013-07-20 09:04 . 2013-07-20 09:04        --------        d-----w-        c:\users\Arthur\AppData\Roaming\SCheck
2013-07-20 09:04 . 2013-07-20 09:04        --------        d-----w-        c:\users\Arthur\AppData\Roaming\Intermediate
2013-07-20 09:02 . 2013-07-20 09:02        --------        d-----w-        c:\users\Arthur\AppData\Roaming\PiccShare
2013-07-20 09:02 . 2013-07-20 09:02        --------        d-----w-        c:\users\Arthur\AppData\Roaming\Common
2013-07-20 08:57 . 2013-07-20 08:57        --------        d-----w-        c:\windows\SysWow64\xlive
2013-07-20 08:56 . 2013-07-20 08:57        --------        d-----w-        c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 08:35 . 2013-07-20 09:14        --------        d-----w-        c:\users\Arthur\AppData\Local\Rockstar Games
2013-07-17 20:48 . 2013-07-17 20:49        --------        d-----w-        c:\windows\system32\MRT
2013-07-15 13:03 . 2009-07-14 02:57        23552        ----a-w-        c:\windows\SysWow64\storsvc.dll
2013-07-15 13:03 . 2012-08-31 17:57        1687408        ----a-w-        c:\windows\SysWow64\drivers\ntfs.sys
2013-07-14 16:20 . 2013-07-22 20:36        30616        ----a-w-        c:\windows\SysWow64\drivers\hitmanpro37.sys
2013-07-14 11:17 . 2013-07-14 11:18        --------        d-----w-        c:\program files (x86)\Zoom Player
2013-07-11 13:44 . 2013-05-27 05:50        1011712        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-11 13:44 . 2013-05-27 05:50        571904        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-11 13:44 . 2013-05-27 05:50        314880        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
2013-07-11 13:44 . 2013-05-27 04:57        4608        ----a-w-        c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 13:44 . 2013-05-27 04:57        54784        ----a-w-        c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 13:44 . 2013-05-27 04:57        392704        ----a-w-        c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 13:44 . 2013-05-27 03:15        9216        ----a-w-        c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 13:43 . 2013-06-04 06:00        624128        ----a-w-        c:\windows\system32\qedit.dll
2013-07-11 13:43 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2013-07-11 13:43 . 2013-05-06 06:03        1887744        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-11 13:43 . 2013-05-06 04:56        1620480        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 13:43 . 2013-06-05 03:34        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-07-11 13:43 . 2013-04-10 05:48        1732608        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 13:43 . 2013-04-10 05:46        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 13:43 . 2013-04-10 05:46        1393152        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 13:43 . 2013-04-10 05:46        1367040        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:43 . 2013-04-10 05:03        936448        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:42 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2013-07-11 13:42 . 2013-04-02 22:51        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2013-06-24 14:04 . 2013-06-24 14:04        --------        d-----w-        c:\program files (x86)\Enigma Software Group
2013-06-24 14:04 . 2013-06-24 19:11        --------        d-----w-        c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 14:00 . 2013-07-21 19:49        --------        d-----w-        c:\users\Arthur\AppData\Roaming\uTorrent
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 22:57 . 2012-12-06 15:46        78277128        ----a-w-        c:\windows\system32\MRT.exe
2013-06-12 12:55 . 2012-12-12 14:55        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 12:55 . 2012-12-12 14:55        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-02 17:17 . 2013-06-02 17:16        234        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-05-13 05:51 . 2013-06-12 12:59        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 12:59        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 12:59        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 12:59        52224        ----a-w-        c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 12:59        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 12:59        1160192        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 12:59        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 12:59        1192448        ----a-w-        c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:59        903168        ----a-w-        c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:59        43008        ----a-w-        c:\windows\SysWow64\certenc.dll
2013-05-11 11:03 . 2012-07-17 13:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 13:00        30720        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 13:00        24576        ----a-w-        c:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:58 . 2013-04-01 13:52        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-05-08 06:39 . 2013-06-12 13:00        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2012-12-06 13:03        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
2013-04-30 17:46 . 2013-04-30 17:46        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 17:46 . 2013-04-30 17:46        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-04-30 17:46 . 2013-04-30 17:46        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-04-30 17:46 . 2013-04-30 17:46        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-04-30 17:46 . 2013-04-30 17:46        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-04-30 17:46 . 2013-04-30 17:46        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-04-30 17:46 . 2013-04-30 17:46        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-04-30 17:46 . 2013-04-30 17:46        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-04-30 17:46 . 2013-04-30 17:46        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-04-30 17:46 . 2013-04-30 17:46        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-04-30 17:46 . 2013-04-30 17:46        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 17:46 . 2013-04-30 17:46        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-04-30 17:46 . 2013-04-30 17:46        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 17:46 . 2013-04-30 17:46        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-04-30 17:46 . 2013-04-30 17:46        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-04-30 17:46 . 2013-04-30 17:46        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-04-30 17:46 . 2013-04-30 17:46        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-04-30 17:46 . 2013-04-30 17:46        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 17:46 . 2013-04-30 17:46        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-04-30 17:46 . 2013-04-30 17:46        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-04-30 17:46 . 2013-04-30 17:46        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-04-30 17:46 . 2013-04-30 17:46        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-04-30 17:46 . 2013-04-30 17:46        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-04-30 17:46 . 2013-04-30 17:46        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-04-30 17:46 . 2013-04-30 17:46        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-04-30 17:46 . 2013-04-30 17:46        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-04-30 17:46 . 2013-04-30 17:46        441856        ----a-w-        c:\windows\system32\html.iec
2013-04-30 17:46 . 2013-04-30 17:46        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-04-30 17:46 . 2013-04-30 17:46        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-04-30 17:46 . 2013-04-30 17:46        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-04-30 17:46 . 2013-04-30 17:46        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-04-30 17:46 . 2013-04-30 17:46        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-04-30 17:46 . 2013-04-30 17:46        235008        ----a-w-        c:\windows\system32\url.dll
2013-04-30 17:46 . 2013-04-30 17:46        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-04-30 17:46 . 2013-04-30 17:46        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-04-30 17:46 . 2013-04-30 17:46        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-04-30 17:46 . 2013-04-30 17:46        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-04-30 17:46 . 2013-04-30 17:46        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-04-30 17:46 . 2013-04-30 17:46        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-04-30 17:46 . 2013-04-30 17:46        149504        ----a-w-        c:\windows\system32\occache.dll
2013-04-30 17:46 . 2013-04-30 17:46        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-04-30 17:46 . 2013-04-30 17:46        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-04-30 17:46 . 2013-04-30 17:46        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-04-30 17:46 . 2013-04-30 17:46        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-04-30 17:46 . 2013-04-30 17:46        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-04-30 17:46 . 2013-04-30 17:46        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-04-30 17:46 . 2013-04-30 17:46        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-04-30 17:46 . 2013-04-30 17:46        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 17:46 . 2013-04-30 17:46        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-04-30 17:45 . 2013-04-30 17:45        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        10752        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-04-30 17:45 . 2013-04-30 17:45        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-04-30 17:45 . 2013-04-30 17:45        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-30 17:45 . 2013-04-30 17:45        2284544        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-30 17:45 . 2013-04-30 17:45        1682432        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-04-30 17:45 . 2013-04-30 17:45        1158144        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2013-04-30 17:45 . 2013-04-30 17:45        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45        648192        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-04-30 17:45 . 2013-04-30 17:45        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2013-04-30 17:45 . 2013-04-30 17:45        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-04-30 17:45 . 2013-04-30 17:45        3928064        ----a-w-        c:\windows\system32\d2d1.dll
2013-04-30 17:45 . 2013-04-30 17:45        363008        ----a-w-        c:\windows\system32\dxgi.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\Steam.exe" [2013-07-10 1672616]
"SCheck"="c:\users\Arthur\AppData\Roaming\SCheck\SCheck.exe" [2013-04-09 36864]
"SSync"="c:\users\Arthur\AppData\Roaming\SSync\SSync.exe" [2013-04-09 36864]
"Intermediate"="c:\users\Arthur\AppData\Roaming\Intermediate\Intermediate.exe" [2013-04-09 36864]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2012-7-23 17432576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0bootdelete\0bootdelete\0bootdelete
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="E:\QTTask.exe" -atboottime
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SweetIM"=c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
"Sweetpacks Communicator"=c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
"BrMfcWnd"=c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" /checkassoc
"QuickTime Task"="E:\QTTask.exe" -atboottime
.
R0 hitmanpro37duringboot;hitmanpro37duringboot;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 19:29        1173456        ----a-w-        c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 12:55]
.
2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 13:01]
.
2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 13:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2010-12-14 53760]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{77BEC163-D389-42c1-91A4-C758846296A5} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{77BEC163-D389-42c1-91A4-C758846296A5} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-950287045-4052571293-3502393058-1000\Software\SecuROM\License information*]
"datasecu"=hex:b0,87,95,82,9f,6f,08,58,ce,32,14,8d,48,66,e5,5a,9c,32,5e,0f,d8,
  58,f6,00,b1,0c,d2,b0,62,c8,26,5b,64,34,43,c4,b3,87,22,86,66,09,2d,dc,9e,88,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\brsvc01a.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-23  21:26:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-23 19:26
.
Vor Suchlauf: 13 Verzeichnis(se), 74.093.682.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 74.959.994.880 Bytes frei
.
- - End Of File - - 372EEF762E3FAF45F8DCE5ABBCE59519
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/QUOTE]

Und zuletzt FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by Arthur (administrator) on 23-07-2013 21:47:33
Running from C:\Users\Arthur\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Valve Corporation) E:\steam\Steam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SEC) C:\Program Files\MagicTune Premium\MagicTune.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MagicTuneEngine] - C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2010-12-14] ()
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKCU\...\Run: [Steam] - E:\steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [SCheck] - C:\Users\Arthur\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\Arthur\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [Intermediate] - C:\Users\Arthur\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\Lena\...\Run: [uTorrent] - "C:\Users\Lena\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [x]
HKU\Lena\...\Run: [Yontoo Desktop] - "C:\Users\Lena\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * bootdeletebootdeletebootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=261
SearchScopes: HKCU - {352FC33D-4B62-40F5-942F-A4E4F3FA10B3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8A3D1516-7B37-4981-8DE1-AB52718B43E5&apn_sauid=A0939C45-06D8-451D-BAF3-EA877CBEEE78
SearchScopes: HKCU - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Video downloader - {77BEC163-D389-42c1-91A4-C758846296A5} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [lyricsmonkey@mendoni.net] C:\Program Files (x86)\LyricsMonkey\FF\
FF Extension: No Name - C:\Program Files (x86)\LyricsMonkey\FF\

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Amazon-Icon) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Arthur\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-07-14] (SurfRight B.V.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-22] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 hitmanpro37; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
S0 hitmanpro37duringboot; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 21:47 - 2013-07-23 21:47 - 01779757 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2013-07-23 21:28 - 2013-07-23 21:28 - 00030221 _____ C:\Users\Arthur\Desktop\combofixtext.txt
2013-07-23 21:26 - 2013-07-23 21:26 - 00030221 _____ C:\ComboFix.txt
2013-07-23 21:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-23 21:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-23 21:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-23 21:12 - 2013-07-23 21:26 - 00000000 ____D C:\Qoobox
2013-07-23 21:12 - 2013-07-23 21:25 - 00000000 ____D C:\Windows\erdnt
2013-07-23 21:09 - 2013-07-23 21:10 - 05092552 ____R (Swearware) C:\Users\Arthur\Desktop\ComboFix.exe
2013-07-23 21:08 - 2013-07-23 21:08 - 00001771 _____ C:\Users\Arthur\Desktop\AdwCleaner[S3].txt
2013-07-23 21:04 - 2013-07-23 21:05 - 00001771 _____ C:\AdwCleaner[S3].txt
2013-07-23 21:03 - 2013-07-23 21:03 - 00666633 _____ C:\Users\Arthur\Desktop\adwcleaner06.exe
2013-07-23 09:56 - 2013-07-23 09:56 - 00032932 _____ C:\Users\Arthur\Desktop\Addition.txt
2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-22 22:49 - 2013-07-23 01:39 - 00000000 ____D C:\Windows\pss
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:11 - 2013-07-22 20:13 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:03 - 2013-07-23 17:20 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 16:03 - 2013-07-22 16:04 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-22 16:03 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-22 15:42 - 2013-07-22 15:45 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2013-07-23 13:01 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:10 - 2013-07-21 20:19 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:35 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-07-21 17:24 - 2013-07-21 17:26 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:56 - 2013-07-20 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:35 - 2013-07-20 11:14 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-17 22:48 - 2013-07-17 22:49 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 08:32 - 2013-07-19 21:57 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-16 18:13 - 2013-07-19 22:22 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-16 18:12 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-16 18:08 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-15 15:03 - 2013-07-22 22:33 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-15 15:03 - 2012-08-31 19:57 - 01687408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ntfs.sys
2013-07-15 15:03 - 2010-11-20 14:17 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-15 15:03 - 2009-07-14 04:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storsvc.dll
2013-07-14 18:20 - 2013-07-22 22:36 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-14 13:17 - 2013-07-14 13:18 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-11 17:33 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 17:33 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 17:33 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:33 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 15:43 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 15:43 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:43 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 15:42 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 15:42 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-04 19:18 - 2013-07-04 20:30 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 18:35 - 2013-07-04 19:18 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 14:36 - 2013-07-04 15:18 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:18 - 2013-06-24 21:19 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 16:36 - 2013-06-24 21:03 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 21:11 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 16:00 - 2013-07-21 21:49 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent

==================== One Month Modified Files and Folders =======

2013-07-23 21:47 - 2013-07-23 21:47 - 01779757 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2013-07-23 21:42 - 2012-12-06 15:33 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Skype
2013-07-23 21:41 - 2013-05-13 16:13 - 00008825 _____ C:\Windows\setupact.log
2013-07-23 21:41 - 2012-12-06 15:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 21:41 - 2012-12-05 00:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-23 21:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 21:40 - 2012-12-05 00:19 - 02004451 _____ C:\Windows\WindowsUpdate.log
2013-07-23 21:30 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 21:30 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 21:28 - 2013-07-23 21:28 - 00030221 _____ C:\Users\Arthur\Desktop\combofixtext.txt
2013-07-23 21:26 - 2013-07-23 21:26 - 00030221 _____ C:\ComboFix.txt
2013-07-23 21:26 - 2013-07-23 21:12 - 00000000 ____D C:\Qoobox
2013-07-23 21:26 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-23 21:25 - 2013-07-23 21:12 - 00000000 ____D C:\Windows\erdnt
2013-07-23 21:22 - 2013-04-27 13:52 - 00083004 _____ C:\Windows\PFRO.log
2013-07-23 21:22 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-23 21:21 - 2012-12-06 15:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 21:20 - 2013-03-19 18:00 - 00000000 ____D C:\ProgramData\Wincert
2013-07-23 21:10 - 2013-07-23 21:09 - 05092552 ____R (Swearware) C:\Users\Arthur\Desktop\ComboFix.exe
2013-07-23 21:08 - 2013-07-23 21:08 - 00001771 _____ C:\Users\Arthur\Desktop\AdwCleaner[S3].txt
2013-07-23 21:05 - 2013-07-23 21:04 - 00001771 _____ C:\AdwCleaner[S3].txt
2013-07-23 21:03 - 2013-07-23 21:03 - 00666633 _____ C:\Users\Arthur\Desktop\adwcleaner06.exe
2013-07-23 20:54 - 2012-12-12 16:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 18:51 - 2009-07-14 19:58 - 00696904 _____ C:\Windows\system32\perfh007.dat
2013-07-23 18:51 - 2009-07-14 19:58 - 00148200 _____ C:\Windows\system32\perfc007.dat
2013-07-23 18:51 - 2009-07-14 07:13 - 01613644 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 17:20 - 2013-07-22 16:03 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-23 13:01 - 2013-07-22 15:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-23 13:01 - 2012-12-28 22:42 - 00000000 ____D C:\Users\Arthur\AppData\Local\Adobe
2013-07-23 09:56 - 2013-07-23 09:56 - 00032932 _____ C:\Users\Arthur\Desktop\Addition.txt
2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-23 09:54 - 2013-05-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-23 09:54 - 2012-12-17 21:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-23 09:51 - 2013-05-13 15:30 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-23 09:50 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-23 01:44 - 2013-03-30 23:46 - 00000000 ____D C:\Program Files\Adobe
2013-07-23 01:44 - 2012-12-13 14:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 01:44 - 2012-12-12 16:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 01:43 - 2013-03-30 23:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-23 01:39 - 2013-07-22 22:49 - 00000000 ____D C:\Windows\pss
2013-07-22 23:37 - 2013-04-23 20:34 - 00000000 ____D C:\Program Files (x86)\LyricsMonkey
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Sony
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\ProgramData\Sony
2013-07-22 23:10 - 2012-12-19 19:57 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-07-22 23:08 - 2012-12-06 15:01 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-22 23:08 - 2012-12-06 15:01 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-22 23:07 - 2013-02-09 15:44 - 00002952 _____ C:\Windows\System32\Tasks\{23A7EE5B-8126-4140-9EDD-6FB26AA5D81B}
2013-07-22 23:07 - 2012-12-20 18:37 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Users\Arthur\AppData\Local\Google
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-22 22:36 - 2013-07-14 18:20 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-22 22:33 - 2013-07-15 15:03 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-22 22:33 - 2013-06-02 19:29 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:13 - 2013-07-22 20:11 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 19:37 - 2012-12-06 15:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-22 19:37 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:04 - 2013-07-22 16:03 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-22 16:03 - 2013-04-01 15:51 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 15:46 - 2013-01-06 22:28 - 00000000 ____D C:\Users\hedev
2013-07-22 15:45 - 2013-07-22 15:42 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2009-07-14 06:45 - 05070528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 21:49 - 2013-06-24 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:19 - 2013-07-21 20:10 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:39 - 2012-12-16 13:34 - 00000000 ___HD C:\Users\Arthur\AppData\Local\Il1yeC94tyS
2013-07-21 17:39 - 2012-12-05 01:01 - 00117664 _____ C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 17:38 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:26 - 2013-07-21 17:24 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:14 - 2013-07-20 10:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 11:14 - 2012-12-06 17:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:57 - 2013-07-20 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-19 22:22 - 2013-07-16 18:13 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-19 22:22 - 2013-07-16 18:12 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-19 22:22 - 2013-07-16 18:08 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-19 21:57 - 2013-07-17 08:32 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-17 22:49 - 2013-07-17 22:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-14 13:18 - 2013-07-14 13:17 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-14 13:13 - 2013-05-17 20:20 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\FreeVideoConverter
2013-07-14 13:12 - 2012-12-06 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\vlc
2013-07-13 21:31 - 2013-05-14 19:18 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-11 18:54 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-11 18:52 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 20:59 - 2013-02-15 21:25 - 00017408 ____H C:\Users\Arthur\Downloads\photothumb.db
2013-07-09 20:59 - 2012-12-06 21:48 - 00001037 _____ C:\Users\Arthur\Desktop\PhotoScape.lnk
2013-07-09 20:59 - 2012-12-06 21:48 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-07-05 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:51 - 2013-01-01 23:52 - 00272384 ___SH C:\Users\Arthur\Documents\Thumbs.db
2013-07-04 20:30 - 2013-07-04 19:18 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 19:18 - 2013-07-04 18:35 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:42 - 2013-05-13 15:30 - 00000000 ____D C:\Users\Arthur\AppData\Local\Microsoft Help
2013-07-04 18:41 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 15:32 - 2013-01-01 20:50 - 00000000 ____D C:\Users\Arthur\AppData\Local\Windows Live
2013-07-04 15:18 - 2013-07-04 14:36 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-07-04 15:13 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2013-06-29 23:57 - 2012-12-06 15:33 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-06-29 22:25 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:49 - 2013-03-04 21:38 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Audacity
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:19 - 2013-06-24 21:18 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 21:11 - 2013-06-24 16:04 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 21:03 - 2013-06-24 16:36 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 00:57 - 2012-12-06 17:46 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 19:57

==================== End Of Log ============================
--- --- ---

--- --- ---


So ich glaube das war alles.
Ich hoffe du schreibst mir bald zurück :D

LG Artur

aharonov 23.07.2013 21:19
Hi,

wie läuft denn der Rechner jetzt?


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\...\Run: [SCheck] - C:\Users\Arthur\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\Arthur\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [Intermediate] - C:\Users\Arthur\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-22 23:37 - 2013-04-23 20:34 - 00000000 ____D C:\Program Files (x86)\LyricsMonkey
FF HKCU\...\Firefox\Extensions: [lyricsmonkey@mendoni.net] C:\Program Files (x86)\LyricsMonkey\FF\
SearchScopes: HKLM-x32 - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
SearchScopes: HKCU - {352FC33D-4B62-40F5-942F-A4E4F3FA10B3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8A3D1516-7B37-4981-8DE1-AB52718B43E5&apn_sauid=A0939C45-06D8-451D-BAF3-EA877CBEEE78
SearchScopes: HKCU - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
HKU\Lena\...\Run: [Yontoo Desktop] - "C:\Users\Lena\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Log von MBAM
  • Log von ESET
  • Log von FRST

Morfo 23.07.2013 21:45
Ok hier ist erstmal Fixlog.txt
Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-07-2013
Ran by Arthur at 2013-07-23 22:36:03 Run:1
Running from C:\Users\Arthur\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SCheck => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SSync => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Intermediate => Value deleted successfully.
C:\Users\Arthur\AppData\Roaming\SSync => Moved successfully.
C:\Users\Arthur\AppData\Roaming\SCheck => Moved successfully.
C:\Users\Arthur\AppData\Roaming\Intermediate => Moved successfully.
C:\Program Files (x86)\LyricsMonkey => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\lyricsmonkey@mendoni.net => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{352FC33D-4B62-40F5-942F-A4E4F3FA10B3} => Key deleted successfully.
HKCR\CLSID\{352FC33D-4B62-40F5-942F-A4E4F3FA10B3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} => Key deleted successfully.
HKCR\CLSID\{C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} => Key not found.
HKU\Lena\Software\Microsoft\Windows\CurrentVersion\Run\\Yontoo Desktop => Value deleted successfully.

==== End of Fixlog ====
Das ist Malwarebytes
Zitat:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Arthur :: ADDIS-PC [Administrator]

Schutz: Deaktiviert

23.07.2013 22:40:22
mbam-log-2013-07-23 (22-40-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 301374
Laufzeit: 4 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

aharonov 23.07.2013 23:24
Ok, der ESET-Scan könnte etwas länger dauern.

Morfo 23.07.2013 23:39
Puhhh nach einer etwas längeren Wartezeit ist das Ergebnis gekommen:
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fe4fc00795cb30498b766351c692bc03
# engine=14509
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 10:27:34
# local_time=2013-07-24 12:27:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 116606 151328326 0 0
# compatibility_mode=5893 16776573 100 94 40596 126248304 0 0
# scanned=184810
# found=6
# cleaned=0
# scan_time=5714
sh=ED1117C1320C353F7BE99A75ED96F44F7AC911F2 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\FRST\Quarantine\LyricsMonkey\chrome.crx"
sh=F6078F840FA3B1A5A610E631C283545867A1C7B0 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\FRST\Quarantine\LyricsMonkey\FF\chrome\content\main.js"
sh=E9B1B280597ECACC10B79CFC7E446113E3B72C94 ft=0 fh=0000000000000000 vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\System Volume Information\Windows Backup\Staging\{CC197E9E-DFD2-48CE-A34A-10D1635F4D5F}\Backup files 5.zip"
sh=E08EF6298DB507FC55E944040ECBE7B5AA5CAA6A ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_0\contentscript.js"
sh=53E8812AAF1D6F39B1ACF69348AE7A3EED3AE381 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="D:\ADDIS-PC\Backup Set 2013-05-19 190000\Backup Files 2013-05-19 190000\Backup files 2.zip"
sh=1F5A5CFA557AC697CEC923E901CC6956173BD423 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\ADDIS-PC\Backup Set 2013-05-19 190000\Backup Files 2013-05-19 190000\Backup files 4.zip"
Und wieder FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by Arthur (administrator) on 24-07-2013 00:37:27
Running from C:\Users\Arthur\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Valve Corporation) E:\steam\Steam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SEC) C:\Program Files\MagicTune Premium\MagicTune.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MagicTuneEngine] - C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2010-12-14] ()
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Steam] - E:\steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\Lena\...\Run: [uTorrent] - "C:\Users\Lena\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * bootdeletebootdeletebootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=261
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Video downloader - {77BEC163-D389-42c1-91A4-C758846296A5} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Amazon-Icon) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Arthur\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-07-14] (SurfRight B.V.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-22] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 hitmanpro37; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
S0 hitmanpro37duringboot; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 22:47 - 2013-07-23 22:47 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-23 22:40 - 2013-07-23 22:40 - 02347384 _____ (ESET) C:\Users\Arthur\Downloads\esetsmartinstaller_enu.exe
2013-07-23 22:39 - 2013-07-23 22:39 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 22:39 - 2013-07-23 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 22:39 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-23 22:37 - 2013-07-23 22:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Arthur\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-23 22:35 - 2013-07-23 22:35 - 01779757 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64 (1).exe
2013-07-23 21:48 - 2013-07-23 21:48 - 00042488 _____ C:\Users\Arthur\Downloads\FRST.txt
2013-07-23 21:47 - 2013-07-23 21:47 - 01779757 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2013-07-23 21:28 - 2013-07-23 21:28 - 00030221 _____ C:\Users\Arthur\Desktop\combofixtext.txt
2013-07-23 21:26 - 2013-07-23 21:26 - 00030221 _____ C:\ComboFix.txt
2013-07-23 21:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-23 21:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-23 21:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-23 21:12 - 2013-07-23 21:26 - 00000000 ____D C:\Qoobox
2013-07-23 21:12 - 2013-07-23 21:25 - 00000000 ____D C:\Windows\erdnt
2013-07-23 21:09 - 2013-07-23 21:10 - 05092552 ____R (Swearware) C:\Users\Arthur\Desktop\ComboFix.exe
2013-07-23 21:08 - 2013-07-23 21:08 - 00001771 _____ C:\Users\Arthur\Desktop\AdwCleaner[S3].txt
2013-07-23 21:04 - 2013-07-23 21:05 - 00001771 _____ C:\AdwCleaner[S3].txt
2013-07-23 21:03 - 2013-07-23 21:03 - 00666633 _____ C:\Users\Arthur\Desktop\adwcleaner06.exe
2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-22 22:49 - 2013-07-23 01:39 - 00000000 ____D C:\Windows\pss
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:11 - 2013-07-22 20:13 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:03 - 2013-07-23 17:20 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 16:03 - 2013-07-22 16:04 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-22 16:03 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-22 15:42 - 2013-07-22 15:45 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2013-07-23 13:01 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:10 - 2013-07-21 20:19 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:35 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-07-21 17:24 - 2013-07-21 17:26 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:56 - 2013-07-20 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:35 - 2013-07-20 11:14 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-17 22:48 - 2013-07-17 22:49 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 08:32 - 2013-07-19 21:57 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-16 18:13 - 2013-07-19 22:22 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-16 18:12 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-16 18:08 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-15 15:03 - 2013-07-22 22:33 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-15 15:03 - 2012-08-31 19:57 - 01687408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ntfs.sys
2013-07-15 15:03 - 2010-11-20 14:17 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-15 15:03 - 2009-07-14 04:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storsvc.dll
2013-07-14 18:20 - 2013-07-22 22:36 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-14 13:17 - 2013-07-14 13:18 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-11 17:33 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 17:33 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 17:33 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:33 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 15:43 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 15:43 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:43 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 15:42 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 15:42 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-04 19:18 - 2013-07-04 20:30 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 18:35 - 2013-07-04 19:18 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 14:36 - 2013-07-04 15:18 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:18 - 2013-06-24 21:19 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 16:36 - 2013-06-24 21:03 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 21:11 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 16:00 - 2013-07-21 21:49 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent

==================== One Month Modified Files and Folders =======

2013-07-24 00:21 - 2012-12-06 15:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 23:54 - 2012-12-12 16:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 22:47 - 2013-07-23 22:47 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-23 22:40 - 2013-07-23 22:40 - 02347384 _____ (ESET) C:\Users\Arthur\Downloads\esetsmartinstaller_enu.exe
2013-07-23 22:39 - 2013-07-23 22:39 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 22:39 - 2013-07-23 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 22:38 - 2013-07-23 22:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Arthur\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-23 22:35 - 2013-07-23 22:35 - 01779757 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64 (1).exe
2013-07-23 21:49 - 2012-12-06 15:33 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Skype
2013-07-23 21:49 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 21:49 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 21:48 - 2013-07-23 21:48 - 00042488 _____ C:\Users\Arthur\Downloads\FRST.txt
2013-07-23 21:47 - 2013-07-23 21:47 - 01779757 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2013-07-23 21:45 - 2012-12-05 00:19 - 02004451 _____ C:\Windows\WindowsUpdate.log
2013-07-23 21:41 - 2013-05-13 16:13 - 00008825 _____ C:\Windows\setupact.log
2013-07-23 21:41 - 2012-12-06 15:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 21:41 - 2012-12-05 00:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-23 21:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 21:28 - 2013-07-23 21:28 - 00030221 _____ C:\Users\Arthur\Desktop\combofixtext.txt
2013-07-23 21:26 - 2013-07-23 21:26 - 00030221 _____ C:\ComboFix.txt
2013-07-23 21:26 - 2013-07-23 21:12 - 00000000 ____D C:\Qoobox
2013-07-23 21:26 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-23 21:25 - 2013-07-23 21:12 - 00000000 ____D C:\Windows\erdnt
2013-07-23 21:22 - 2013-04-27 13:52 - 00083004 _____ C:\Windows\PFRO.log
2013-07-23 21:22 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-23 21:20 - 2013-03-19 18:00 - 00000000 ____D C:\ProgramData\Wincert
2013-07-23 21:10 - 2013-07-23 21:09 - 05092552 ____R (Swearware) C:\Users\Arthur\Desktop\ComboFix.exe
2013-07-23 21:08 - 2013-07-23 21:08 - 00001771 _____ C:\Users\Arthur\Desktop\AdwCleaner[S3].txt
2013-07-23 21:05 - 2013-07-23 21:04 - 00001771 _____ C:\AdwCleaner[S3].txt
2013-07-23 21:03 - 2013-07-23 21:03 - 00666633 _____ C:\Users\Arthur\Desktop\adwcleaner06.exe
2013-07-23 18:51 - 2009-07-14 19:58 - 00696904 _____ C:\Windows\system32\perfh007.dat
2013-07-23 18:51 - 2009-07-14 19:58 - 00148200 _____ C:\Windows\system32\perfc007.dat
2013-07-23 18:51 - 2009-07-14 07:13 - 01613644 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 17:20 - 2013-07-22 16:03 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-23 13:01 - 2013-07-22 15:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-23 13:01 - 2012-12-28 22:42 - 00000000 ____D C:\Users\Arthur\AppData\Local\Adobe
2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-23 09:54 - 2013-05-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-23 09:54 - 2012-12-17 21:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-23 09:51 - 2013-05-13 15:30 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-23 09:50 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-23 01:44 - 2013-03-30 23:46 - 00000000 ____D C:\Program Files\Adobe
2013-07-23 01:44 - 2012-12-13 14:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 01:44 - 2012-12-12 16:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 01:43 - 2013-03-30 23:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-23 01:39 - 2013-07-22 22:49 - 00000000 ____D C:\Windows\pss
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Sony
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\ProgramData\Sony
2013-07-22 23:10 - 2012-12-19 19:57 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-07-22 23:08 - 2012-12-06 15:01 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-22 23:08 - 2012-12-06 15:01 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-22 23:07 - 2013-02-09 15:44 - 00002952 _____ C:\Windows\System32\Tasks\{23A7EE5B-8126-4140-9EDD-6FB26AA5D81B}
2013-07-22 23:07 - 2012-12-20 18:37 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Users\Arthur\AppData\Local\Google
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-22 22:36 - 2013-07-14 18:20 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-22 22:33 - 2013-07-15 15:03 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-22 22:33 - 2013-06-02 19:29 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:13 - 2013-07-22 20:11 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 19:37 - 2012-12-06 15:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-22 19:37 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:04 - 2013-07-22 16:03 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-22 16:03 - 2013-04-01 15:51 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 15:46 - 2013-01-06 22:28 - 00000000 ____D C:\Users\hedev
2013-07-22 15:45 - 2013-07-22 15:42 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2009-07-14 06:45 - 05070528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 21:49 - 2013-06-24 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:19 - 2013-07-21 20:10 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:39 - 2012-12-16 13:34 - 00000000 ___HD C:\Users\Arthur\AppData\Local\Il1yeC94tyS
2013-07-21 17:39 - 2012-12-05 01:01 - 00117664 _____ C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 17:38 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:26 - 2013-07-21 17:24 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:14 - 2013-07-20 10:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 11:14 - 2012-12-06 17:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:57 - 2013-07-20 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-19 22:22 - 2013-07-16 18:13 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-19 22:22 - 2013-07-16 18:12 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-19 22:22 - 2013-07-16 18:08 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-19 21:57 - 2013-07-17 08:32 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-17 22:49 - 2013-07-17 22:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-14 13:18 - 2013-07-14 13:17 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-14 13:13 - 2013-05-17 20:20 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\FreeVideoConverter
2013-07-14 13:12 - 2012-12-06 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\vlc
2013-07-13 21:31 - 2013-05-14 19:18 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-11 18:54 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-11 18:52 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 20:59 - 2013-02-15 21:25 - 00017408 ____H C:\Users\Arthur\Downloads\photothumb.db
2013-07-09 20:59 - 2012-12-06 21:48 - 00001037 _____ C:\Users\Arthur\Desktop\PhotoScape.lnk
2013-07-09 20:59 - 2012-12-06 21:48 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-07-05 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:51 - 2013-01-01 23:52 - 00272384 ___SH C:\Users\Arthur\Documents\Thumbs.db
2013-07-04 20:30 - 2013-07-04 19:18 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 19:18 - 2013-07-04 18:35 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:42 - 2013-05-13 15:30 - 00000000 ____D C:\Users\Arthur\AppData\Local\Microsoft Help
2013-07-04 18:41 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 15:32 - 2013-01-01 20:50 - 00000000 ____D C:\Users\Arthur\AppData\Local\Windows Live
2013-07-04 15:18 - 2013-07-04 14:36 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-07-04 15:13 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2013-06-29 23:57 - 2012-12-06 15:33 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-06-29 22:25 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:49 - 2013-03-04 21:38 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Audacity
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:19 - 2013-06-24 21:18 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 21:11 - 2013-06-24 16:04 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 21:03 - 2013-06-24 16:36 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 00:57 - 2012-12-06 17:46 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 19:57

==================== End Of Log ============================
--- --- ---

--- --- ---

aharonov 23.07.2013 23:43
Und wie läuft der Rechner jetzt? Alles in Ordnung oder gibt es noch Probleme?

Morfo 23.07.2013 23:44
Inwiefern Probleme? Meinst du wegen dem Abgesichertem Modus der sich automatisch einschaltet?

aharonov 23.07.2013 23:46
Ja.

Morfo 23.07.2013 23:47
Aso ich gucke gleich nach :)

aharonov 23.07.2013 23:48
Ok. :)

Morfo 23.07.2013 23:57
Leider habe ich das Problem immer noch :confused: .
Kann es vielleicht sein, dass ich einen Trojaner habe?
Oder würden die Programme die ich benutzt habe diesen Trojaner auch erkennen?
Das scheint eine echt harte Nuss zu sein.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:00 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131