Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   ie_util.exe mit Trojaner R/Agent.73728.25 (https://www.trojaner-board.de/138824-ie_util-exe-trojaner-r-agent-73728-25-a.html)

Fridholm 26.07.2013 17:52
ie_util.exe mit Trojaner R/Agent.73728.25
 
Hallo liebe Trojanerjäger,
ich glaube ich habe da eine doch eher knifflige Aufgabe.
Avira hat mir am 23.7 so gegen 19 Uhr folgende Mitteilungen gemacht:


1.Meldung:
In der Datei 'C:\Users\xxx\AppData\Roaming\ie_util.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.73728.25' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern.

2:Meldung
Die Datei 'C:\Users\xxx\AppData\Roaming\ie_util.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.73728.25' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '548e2592.qua' verschoben!
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-28698115-2746015377-1648965744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util>
wurde erfolgreich repariert.

3 Minuten später:
3. Meldung
Die Datei 'C:\Users\xxx\AppData\Roaming\ie_util.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.73728.25' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.

Ich habe das sicherlich nicht ignoriert!
Die Datei war aber auch gar nicht mehr da. s.o.

Suchlauf gestartet:
In der Datei 'C:\Users\xxx\AppData\Local\Temp\tmpa60a2152\4563.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.btxp' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Die Datei 'C:\Users\ori\AppData\Local\Temp\tmpa60a2152\4563.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.btxp' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '576849d3.qua' verschoben!

Jetzt hatte ich natürlich nicht das Gefühl das wäre es gewesen.
Normalerweise hätte ich jetzt das System neu aufgesetzt. Da ich aber keinen blassen Schimmer habe woher ich das Teil habe
denke ich wäre da Klärungsbedarf, sonst habe ich das Mistdingen in kurzer Zeit wieder auf dem Rechner.
Besonders viele Dinge aus dem Netz heruntergeladen habe ich in der letzten Zeit nämlich nicht.
Und eigentlich war ich nur auf den mir seit Jahren üblichen Seiten unterwegs.

Ich habe dann Malewarebytes installiert, mit einem anderen Computer vorsichtshalber alle Passwörter geändert.
Malewarebytes hat nichts gefunden.
Dann habe ich avast installiert, also ich bin ja ganz bei Avira und denke nicht, dass die selber mal echte Viren verteilen um Leute dazu zu bringen Vollversionen zu kaufen.
Aber auch Fehlalarm kann ja geschäftsfördernd sein. Da bin ich ganz bei Schopenhauer und glaube an das Schlechte im Menschen.

Der erste Suchlauf über Nacht brachte auch nichts, allerdings ein Tag später hatte sich um 19.50 Uhr wieder so eine ie_util.exe breit gemacht.
Die fanden jetzt aber alle 3 Programme total o.k..
Ich habe das entfernt und mit ccleaner die Registry gesäubert. Nebenbei, wenn man CCLEANER installiert ist unter "Optionen" eine ziemlich große Liste an "Zusatztools" aufgeführt die man nicht benötigt. Da kann man dann die Haken entfernen und sie werden trotzdem installiert. Dann kann man sie wieder löschen.

Es scheint jetzt aber so, als würde jeden Abend um 19.50 Uhr das ie_util.exe Teil wieder auftauchen.

Ich habe dann mal die otl.exe ausgeführt. Siehe Anhang.

Dann gmer.
Das lief über Nacht und hat mir nach dem Speichern des log Files einen Bluescreen spendiert.
Ist das so gewollt? Neustart hieß es, aber das war etwas unhöflich wie ich finde.
Anbei das logfile.

Bringt es etwas die Prozedur um 19.40 Uhr zu wiederholen? Evtl. bekommt man dann mit woher die Datei erscheint. Ohne Schwefel und Rauch immerhin.

Ich hoffe euch ist nicht ganz so warm wie mir hier...
Wenn jemand helfen könnte? Also nicht wegen der Temperaturen jetzt... Danke! :dankeschoen:

schrauber 26.07.2013 18:52
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Fridholm 26.07.2013 21:07
Danke für die flotte Antwort. :knuddel:
Sorry, ich dachte zippen wäre erwünscht, da hab' ich bei der Hitze nicht richtig gelesen.
Also dann mal los, die Frst.txt:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01
Ran by xxx (administrator) on 26-07-2013 21:35:06
Running from C:\Users\xxx\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Sony Corporation) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [947360 2011-07-05] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [797344 2011-07-05] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-06-22] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SonicWALLNetExtender] - C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1103744 2011-07-29] (SonicWALL Inc.)
HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [500736 2011-05-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [NPSStartup] -  [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B4EE06273792A79F&affID=119828&tt=230713_18220&tsp=4953
SearchScopes: HKCU - {C80F2912-317F-4A47-A20E-2A93741DCDA1} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q112&_nkw={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D06CE2F6-CC67-4092-A121-FBE712CF3DB5}: [NameServer]10.20.10.20 10.20.10.21

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default
FF user.js: detected! => C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: NetExtender Launcher  - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\Extensions\npNELaunch@sonicwall.com
FF Extension: firebug - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-07-05] (Atheros)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [504192 2011-07-29] (SonicWALL Inc.)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1359408 2013-03-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-24] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-24] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc.)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2011-06-23] (REDC)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-26 21:34 - 2013-07-26 21:34 - 00000000 ____D C:\FRST
2013-07-26 21:33 - 2013-07-26 21:33 - 01780233 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-26 20:08 - 2013-07-26 20:08 - 02191876 _____ C:\Users\xxx\Downloads\neu.log
2013-07-26 18:34 - 2013-07-26 18:34 - 00022908 _____ C:\Users\xxx\Downloads\Extras.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00021358 _____ C:\Users\xxx\Downloads\gmer.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00014498 _____ C:\Users\xxx\Downloads\OTL.zip
2013-07-26 18:12 - 2013-07-26 18:55 - 00003248 _____ C:\Users\xxx\Downloads\Text.txt
2013-07-26 06:57 - 2013-07-26 06:57 - 00000509 _____ C:\Users\xxx\Downloads\bluescreen.txt
2013-07-26 06:54 - 2013-07-26 06:54 - 1098823686 _____ C:\Windows\MEMORY.DMP
2013-07-26 06:54 - 2013-07-26 06:54 - 00290488 _____ C:\Windows\Minidump\072613-30030-01.dmp
2013-07-26 06:54 - 2013-07-26 06:54 - 00000000 ____D C:\Windows\Minidump
2013-07-26 06:53 - 2013-07-26 18:31 - 00392557 _____ C:\Users\xxx\Downloads\gmer.log
2013-07-26 00:05 - 2013-07-26 00:05 - 00377856 _____ C:\Users\xxx\Downloads\gmer_2.1.19163.exe
2013-07-25 23:40 - 2013-07-26 18:29 - 00099632 _____ C:\Users\xxx\Downloads\Extras.Txt
2013-07-25 23:39 - 2013-07-26 18:28 - 00103138 _____ C:\Users\xxx\Downloads\OTL.Txt
2013-07-25 23:31 - 2013-07-25 23:31 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Downloads\OTL.exe
2013-07-25 20:06 - 2013-07-25 20:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-24 23:10 - 2013-07-26 20:09 - 00000336 _____ C:\Windows\setupact.log
2013-07-24 23:10 - 2013-07-24 23:10 - 00001956 _____ C:\Windows\PFRO.log
2013-07-24 23:10 - 2013-07-24 23:10 - 00000000 _____ C:\Windows\setuperr.log
2013-07-24 23:04 - 2013-07-24 23:05 - 00047104 ___SH C:\Users\xxx\Thumbs.db
2013-07-24 23:04 - 2013-07-24 23:04 - 00001125 _____ C:\Users\xxx\Desktop\AppData - Verknüpfung.lnk
2013-07-24 22:35 - 2013-07-24 22:35 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-24 22:35 - 2013-07-24 22:35 - 00000000 ____D C:\Program Files\CCleaner
2013-07-24 22:33 - 2013-07-24 22:43 - 00000000 ____D C:\Users\xxx\AppData\Roaming\BabSolution
2013-07-24 22:33 - 2013-07-24 22:42 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-24 22:33 - 2013-07-24 22:33 - 00000278 _____ C:\Windows\Tasks\EPUpdater.job
2013-07-24 22:33 - 2013-07-24 22:33 - 00000000 ____D C:\ProgramData\Babylon
2013-07-24 22:31 - 2013-07-24 22:31 - 00617312 _____ (www.download-sponsor.de) C:\Users\xxx\Downloads\CCleaner 4.01.4093.exe
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-24 19:58 - 2013-07-24 19:59 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-24 19:58 - 2013-07-24 19:59 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-24 19:58 - 2013-07-24 19:59 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-24 19:58 - 2013-07-24 19:58 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-24 19:58 - 2013-07-24 19:58 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-24 19:58 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-24 19:58 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-24 19:58 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-24 19:56 - 2013-07-24 19:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-24 19:53 - 2013-07-24 19:53 - 00000002 _____ C:\AvastSetup.log
2013-07-23 22:02 - 2013-07-23 22:02 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 22:01 - 2013-07-23 22:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 22:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-22 08:15 - 2013-07-22 08:16 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 15:44 - 2013-07-20 15:44 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Ybiva
2013-07-12 03:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 03:06 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 03:06 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 03:06 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 03:06 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 03:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 03:06 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 03:06 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 03:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 23:19 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 23:19 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 23:19 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 23:19 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 23:14 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 23:13 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 23:13 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-07-26 21:34 - 2013-07-26 21:34 - 00000000 ____D C:\FRST
2013-07-26 21:34 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 21:34 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 21:33 - 2013-07-26 21:33 - 01780233 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-26 20:09 - 2013-07-24 23:10 - 00000336 _____ C:\Windows\setupact.log
2013-07-26 20:09 - 2012-08-30 20:34 - 01636980 _____ C:\Windows\WindowsUpdate.log
2013-07-26 20:09 - 2011-12-07 06:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-26 20:08 - 2013-07-26 20:08 - 02191876 _____ C:\Users\xxx\Downloads\neu.log
2013-07-26 18:55 - 2013-07-26 18:12 - 00003248 _____ C:\Users\xxx\Downloads\Text.txt
2013-07-26 18:34 - 2013-07-26 18:34 - 00022908 _____ C:\Users\xxx\Downloads\Extras.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00021358 _____ C:\Users\xxx\Downloads\gmer.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00014498 _____ C:\Users\xxx\Downloads\OTL.zip
2013-07-26 18:31 - 2013-07-26 06:53 - 00392557 _____ C:\Users\xxx\Downloads\gmer.log
2013-07-26 18:29 - 2013-07-25 23:40 - 00099632 _____ C:\Users\xxx\Downloads\Extras.Txt
2013-07-26 18:28 - 2013-07-25 23:39 - 00103138 _____ C:\Users\xxx\Downloads\OTL.Txt
2013-07-26 06:57 - 2013-07-26 06:57 - 00000509 _____ C:\Users\xxx\Downloads\bluescreen.txt
2013-07-26 06:54 - 2013-07-26 06:54 - 1098823686 _____ C:\Windows\MEMORY.DMP
2013-07-26 06:54 - 2013-07-26 06:54 - 00290488 _____ C:\Windows\Minidump\072613-30030-01.dmp
2013-07-26 06:54 - 2013-07-26 06:54 - 00000000 ____D C:\Windows\Minidump
2013-07-26 00:05 - 2013-07-26 00:05 - 00377856 _____ C:\Users\xxx\Downloads\gmer_2.1.19163.exe
2013-07-25 23:31 - 2013-07-25 23:31 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Downloads\OTL.exe
2013-07-25 22:07 - 2012-09-29 01:09 - 00000000 ____D C:\Users\xxx\AppData\Roaming\foobar2000
2013-07-25 20:18 - 2011-12-07 06:19 - 00697322 _____ C:\Windows\system32\perfh007.dat
2013-07-25 20:18 - 2011-12-07 06:19 - 00148328 _____ C:\Windows\system32\perfc007.dat
2013-07-25 20:18 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 20:11 - 2013-04-23 21:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 20:11 - 2012-09-07 19:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-25 20:11 - 2012-08-30 20:36 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2013-07-25 20:11 - 2011-12-07 07:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-25 20:06 - 2013-07-25 20:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-25 20:06 - 2013-04-03 21:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-25 20:06 - 2013-04-03 21:44 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-25 20:06 - 2011-12-07 06:49 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-25 20:06 - 2011-12-07 06:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-25 20:06 - 2011-12-07 06:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-25 20:06 - 2011-12-07 06:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-24 23:10 - 2013-07-24 23:10 - 00001956 _____ C:\Windows\PFRO.log
2013-07-24 23:10 - 2013-07-24 23:10 - 00000000 _____ C:\Windows\setuperr.log
2013-07-24 23:05 - 2013-07-24 23:04 - 00047104 ___SH C:\Users\xxx\Thumbs.db
2013-07-24 23:05 - 2012-08-30 20:34 - 00000000 ____D C:\Users\xxx
2013-07-24 23:04 - 2013-07-24 23:04 - 00001125 _____ C:\Users\xxx\Desktop\AppData - Verknüpfung.lnk
2013-07-24 22:43 - 2013-07-24 22:33 - 00000000 ____D C:\Users\xxx\AppData\Roaming\BabSolution
2013-07-24 22:42 - 2013-07-24 22:33 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-24 22:39 - 2012-08-30 22:00 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashDumps
2013-07-24 22:39 - 2011-02-11 00:48 - 00000000 ____D C:\Windows\Panther
2013-07-24 22:35 - 2013-07-24 22:35 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-24 22:35 - 2013-07-24 22:35 - 00000000 ____D C:\Program Files\CCleaner
2013-07-24 22:33 - 2013-07-24 22:33 - 00000278 _____ C:\Windows\Tasks\EPUpdater.job
2013-07-24 22:33 - 2013-07-24 22:33 - 00000000 ____D C:\ProgramData\Babylon
2013-07-24 22:31 - 2013-07-24 22:31 - 00617312 _____ (www.download-sponsor.de) C:\Users\xxx\Downloads\CCleaner 4.01.4093.exe
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-24 19:59 - 2013-07-24 19:58 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-24 19:59 - 2013-07-24 19:58 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-24 19:59 - 2013-07-24 19:58 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-24 19:58 - 2013-07-24 19:58 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-24 19:58 - 2013-07-24 19:58 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-24 19:58 - 2013-07-24 19:56 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-24 19:53 - 2013-07-24 19:53 - 00000002 _____ C:\AvastSetup.log
2013-07-23 22:02 - 2013-07-23 22:02 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 22:02 - 2013-07-23 22:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 18:42 - 2013-04-23 21:38 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 18:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 07:59 - 2013-04-23 21:38 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-22 08:16 - 2013-07-22 08:15 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 15:44 - 2013-07-20 15:44 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Ybiva
2013-07-17 23:11 - 2013-01-30 22:51 - 00000000 ____D C:\Users\xxx\AppData\Local\Aptana Studio 3
2013-07-15 23:54 - 2013-04-23 21:38 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 23:54 - 2013-04-23 21:38 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 22:10 - 2012-08-31 00:32 - 00000000 ____D C:\Users\xxx\AppData\Roaming\SoftGrid Client
2013-07-13 20:03 - 2013-04-23 21:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 14:42 - 2013-04-23 21:38 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 03:28 - 2013-03-15 00:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:28 - 2013-03-15 00:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 03:28 - 2009-07-14 06:45 - 00306808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:27 - 2011-10-20 23:31 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 03:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 03:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-01 22:57 - 2013-05-08 18:43 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-30 09:57 - 2012-08-31 00:50 - 00000000 ____D C:\OldComp

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 00:20

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



und die Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2013 01
Ran by xxx at 2013-07-26 21:35:36
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
7-Zip 9.20 (x32)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (x32 Version: 15.4.5722.2)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)
Adobe AIR (x32 Version: 2.7.0.19460)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop Elements 9 (x32 Version: 9.0.3.0)
Adobe Premiere Elements 9 (x32 Version: 9.0)
Adobe Premiere Elements 9 (x32 Version: 9.0.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Aptana Studio 3 (x32 Version: 3.0.1)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.154)
ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.485)
Atheros WiFi Driver Installation (x32 Version: 3.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
Bing Bar (x32 Version: 7.0.850.0)
Bluetooth Win7 Suite (64) (Version: 7.04.000.82)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Corel WinDVD (x32 Version: 10.0.6.124)
D3DX10 (x32 Version: 15.4.2368.0902)
DivX-Setup (x32 Version: 2.6.1.9)
Dolby Home Theater v4 (x32 Version: 7.2.7000.6)
eaner (Version: 4.01)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
Evernote v. 4.5 (x32 Version: 4.5.0.5229)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
foobar2000 v1.1.15 (x32 Version: 1.1.15)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Free FLV Converter V 7.4.0 (x32 Version: 7.4.0.0)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 27 (64-bit) (Version: 6.0.270)
Java(TM) 6 Update 27 (x32 Version: 6.0.270)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KUx86 (x32 Version: 1.0.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Morphyre (x32)
Mozilla Firefox 15.0.1 (x86 de) (x32 Version: 15.0.1)
Mozilla Firefox 16.0.2 (x86 de) (HKCU Version: 16.0.2)
Mozilla Maintenance Service (x32 Version: 16.0.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NVIDIA 3D Vision Treiber 268.93 (Version: 268.93)
NVIDIA 3D Vision Video Player (x32 Version: 1.7.2)
NVIDIA Grafiktreiber 268.93 (Version: 268.93)
NVIDIA HD-Audiotreiber 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.42.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6893)
NVIDIA Systemsteuerung 268.93 (Version: 268.93)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (x32 Version: 15.4.5722.2)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2)
PlayStation(R)Network Downloader (x32 Version: 2.07.00849)
PlayStation(R)Store (x32 Version: 4.5.15.13232)
PMB (x32 Version: 5.8.02.10270)
PMB VAIO Edition Plug-in (Version: 1.7.00.10100)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
PYV_x86 (x32 Version: 1.0.0)
Qualcomm Atheros Direct Connect (x32 Version: 3.0)
Quick Web Access (x32 Version: 1.4.8.1)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6400)
Remote Keyboard (x32 Version: 1.2.0.09270)
Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Samsung New PC Studio (x32 Version: 1.00.0000)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
Skype™ 5.10 (x32 Version: 5.10.116)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090)
SonicWALL SSL-VPN NetExtender (x32 Version: 5.5.156)
SSLx64 (Version: 1.0.0)
SSLx86 (x32 Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 15.2.6.0)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
V3DPx86 (x32 Version: 1.0.0)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030)
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.7.00.10100)
VAIO - Remote Play mit PlayStation®3 (x32 Version: 1.1.0.21090)
VAIO - Remote-Tastatur (x32 Version: 1.2.0.09270)
VAIO - Remote-Tastatur mit PlayStation®3 (x32 Version: 1.2.0.09210)
VAIO - TrackID™ mit BRAVIA (x32 Version: 1.2.0.09270)
VAIO 3D Portal (x32 Version: 1.2.0.10131)
VAIO Care (Version: 7.3.1.05290)
VAIO Control Center (x32 Version: 5.1.0.09300)
VAIO Data Restore Tool (x32 Version: 1.8.0.09210)
VAIO Easy Connect (x32 Version: 1.1.2.01120)
VAIO Gate (x32 Version: 2.4.1.09230)
VAIO Gate Default (x32 Version: 2.5.1.09230)
VAIO Hero Screensaver - Fall 2011 Screensaver (x32)
VAIO Improvement (x32 Version: 1.2.0.09270)
VAIO Improvement Validation (Version: 1.0.4.01190)
VAIO Sample Contents (x32 Version: 1.4.2.09010)
VAIO Smart Network (x32 Version: 3.10.0.09300)
VAIO Update (x32 Version: 6.2.1.03260)
VAIO-Handbuch (x32 Version: 1.5.0.09200)
VAIO-Support für Übertragungen (x32 Version: 1.6.0.09220)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VCCx64 (Version: 1.0.0)
VCCx86 (x32 Version: 1.0.0)
VHD (x32 Version: 1.0.0)
VIx64 (Version: 1.0.0)
VIx86 (x32 Version: 1.0.0)
VMLx86 (x32 Version: 1.0.0)
VPMx64 (Version: 1.0.0)
VSNx64 (Version: 1.0.0)
VSNx86 (x32 Version: 1.0.0)
VSSTx64 (Version: 1.0.0)
VSSTx86 (x32 Version: 1.0.0)
VU5x64 (Version: 1.1.0)
VU5x86 (x32 Version: 1.0.0)
VU5x86 (x32 Version: 1.1.0)
VWSTx86 (x32 Version: 1.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
XAMPP 1.8.1 (x32)
XMedia Recode Version 3.1.6.0 (x32 Version: 3.1.6.0)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (x32 Version: 15.4.5722.2)
Основи Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

12-07-2013 01:00:18 Windows Update
16-07-2013 06:15:49 Windows Update
19-07-2013 15:41:26 Windows Update
22-07-2013 06:15:06 Windows Update
24-07-2013 17:58:10 avast! Free Antivirus Setup
25-07-2013 18:06:11 Installed Java 7 Update 25
26-07-2013 01:00:18 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1059006D-AA19-47D1-A8B9-C40E7E7A5B89} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-09-29] (Sony Corporation)
Task: {1AEEF3A3-DFA4-47DE-8AB2-5DB50127A492} - System32\Tasks\AdobeAAMUpdater-1.0-Marvin42-xxx => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {270E9A7E-F3AA-4A65-8E54-727A33652B0C} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {28C6132A-D88E-4E6C-88F6-525848DAFF7E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-29] (Sony Corporation)
Task: {2FAD9B71-4686-4C66-A4CA-FF6A519BE745} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-03-26] (Sony Corporation)
Task: {32027379-DC33-483A-89A8-04BE1EDFB7E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-23] (Google Inc.)
Task: {42747439-D694-4182-95F4-8990C8F44527} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {45A78F31-BDC5-4579-95A2-F64C73457B2F} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Windows\System32\net No File
Task: {478790EA-3F06-4ABF-835F-37ABACF58772} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-09-20] (Sony Corporation)
Task: {4A2C3995-3998-4F73-941F-C91B67D3AD99} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-29] (Sony Corporation)
Task: {6AD6215A-38D4-4376-995D-6053636CD880} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-03-26] (Sony Corporation)
Task: {6E74A44B-1C57-48FF-B11A-72F8481270CD} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {7385D430-5421-459A-867D-562EADFA3985} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-09-27] (Sony Corporation)
Task: {74786E3A-BD05-4065-AA24-53AA332026A1} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-09-20] (Sony Corporation)
Task: {8078B339-5AAC-4937-B64E-48969AD4D55E} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-29] (Sony Corporation)
Task: {AADC4CA9-B1DE-46F9-B83B-6B5E3B7AEF0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-23] (Google Inc.)
Task: {AAE45FD5-CA41-4901-8447-6B51D0AE8AB0} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-09-20] (Sony Corporation)
Task: {AD14D64B-E521-445A-B18A-DBFCDD07D63A} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2011-09-21] (Sony Corporation)
Task: {B409C450-80C0-432C-B880-5016DAC3A963} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {BBE25DF5-5791-48A2-9076-5B0CD7541531} - System32\Tasks\Sony Corporation\VAIO Update\VUSU Trigger Task => C:\Program Files\Sony\VAIO Update\VUSUTrigger.exe [2013-03-26] (Sony Corporation)
Task: {BEA54CFE-2C23-401E-AF2A-5A02E5CA1E0E} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-29] (Sony Corporation)
Task: {DC4B6D4B-DD51-487F-980A-AD20B761A747} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-29] (Sony Corporation)
Task: {DD4DC5B1-7FB4-40CF-9848-AF5DC5AB7645} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-29] (Sony Corporation)
Task: {E9D63648-D5DD-4FCD-B724-A28EAA730AAF} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-29] (Sony Corporation)
Task: {EB37F3B1-96EE-4C67-8ED6-3D0137787E17} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {EFA39936-D9B9-4331-BCAF-B813CBC181DC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {F6DA0C47-4ADC-471A-8B26-E77F1969999B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25] (Adobe Systems Incorporated)
Task: {F7280687-50AB-4EC5-877E-E0C98CF3F164} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-09-29] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\EPUpdater.job => C:\Users\xxx\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2013 08:19:56 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/26/2013 08:11:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 06:05:53 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/26/2013 05:57:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 07:04:51 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/26/2013 06:56:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 00:24:19 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/26/2013 00:14:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2013 08:13:39 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/25/2013 08:03:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/26/2013 06:54:58 AM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d8997d778f, 0xb3b7465eebfbb3a1, 0xfffff88002f6f5c0, 0x0000000000000002)C:\Windows\MEMORY.DMP072613-30030-01

Error: (07/26/2013 06:54:42 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎07.‎2013 um 06:52:23 unerwartet heruntergefahren.

Error: (07/25/2013 08:04:22 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/25/2013 08:04:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/25/2013 08:04:22 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (07/24/2013 11:11:32 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WerSvc erreicht.

Error: (07/24/2013 10:33:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/24/2013 10:01:45 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error: (07/24/2013 10:01:44 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error: (07/24/2013 06:54:08 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (07/26/2013 08:19:56 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/26/2013 08:11:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 06:05:53 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/26/2013 05:57:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 07:04:51 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/26/2013 06:56:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 00:24:19 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/26/2013 00:14:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2013 08:13:39 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/25/2013 08:03:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2012-09-11 22:16:21.859
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-11 22:16:21.839
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-11 22:16:21.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-11 22:16:21.719
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-11 22:16:21.669
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-11 22:16:21.639
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-11 22:16:21.599
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-11 22:16:21.409
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-11 22:16:21.209
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-09-11 22:16:21.129
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 6125.22 MB
Available physical RAM: 4370.23 MB
Total Pagefile: 12248.62 MB
Available Pagefile: 10243.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:575.47 GB) (Free:504.31 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: E21656CB)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=575 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Ich habe den Rechner nicht länger als nötig im Netz, daher die Fehlermeldungen bzgl. der Netzwerkverbindung. Ich hoffe die war nicht notwendig. :balla:

schrauber 27.07.2013 11:07
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Fridholm 27.07.2013 13:12
Huhu, ein Neustart wurde vom Rechner noch nicht durchgeführt, mache ich gleich manuell.
Wo finde ich eine Kopie der Registry falls die nun im Eimer sein sollte? :confused:
Der Scan hat ca. 25 Minuten gedauert....


Code:
ComboFix 13-07-25.02 - xxx 27.07.2013  13:26:05.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6125.4321 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-27 bis 2013-07-27  ))))))))))))))))))))))))))))))
.
.
2013-07-27 11:48 . 2013-07-27 11:48        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-27 11:27 . 2013-07-27 11:27        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7FA613D-7B6A-438E-9DFA-4EC2A623CF10}\offreg.dll
2013-07-27 07:37 . 2013-06-18 14:22        263576        ----a-w-        c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-27 07:37 . 2013-06-18 14:21        26520        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-07-26 19:34 . 2013-07-26 19:34        --------        d-----w-        C:\FRST
2013-07-26 16:33 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7FA613D-7B6A-438E-9DFA-4EC2A623CF10}\mpengine.dll
2013-07-25 18:07 . 2013-07-25 18:07        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-07-25 18:06 . 2013-07-25 18:06        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-24 20:35 . 2013-07-24 20:35        --------        d-----w-        c:\program files\CCleaner
2013-07-24 20:33 . 2013-07-24 20:43        --------        d-----w-        c:\users\xxx\AppData\Roaming\BabSolution
2013-07-24 20:33 . 2013-07-24 20:33        --------        d-----w-        c:\programdata\Babylon
2013-07-24 17:58 . 2013-07-24 17:59        378944        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-07-24 17:58 . 2013-07-24 17:59        189936        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-07-24 17:58 . 2013-07-24 17:59        1030952        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-07-24 17:58 . 2013-05-09 08:59        72016        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-07-24 17:58 . 2013-05-09 08:59        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-07-24 17:58 . 2013-05-09 08:59        64288        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-07-24 17:58 . 2013-05-09 08:59        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-07-24 17:58 . 2013-05-09 08:59        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-07-24 17:58 . 2013-05-09 08:58        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-07-24 17:58 . 2013-05-09 08:58        41664        ----a-w-        c:\windows\avastSS.scr
2013-07-24 17:58 . 2013-07-24 17:58        --------        d-----w-        c:\program files\AVAST Software
2013-07-24 17:56 . 2013-07-24 17:58        --------        d-----w-        c:\programdata\AVAST Software
2013-07-23 20:02 . 2013-07-23 20:02        --------        d-----w-        c:\users\xxx\AppData\Roaming\Malwarebytes
2013-07-23 20:02 . 2013-07-23 20:02        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-23 20:01 . 2013-07-23 20:02        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-23 20:01 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-22 06:15 . 2013-07-22 06:16        --------        d-----w-        c:\windows\system32\MRT
2013-07-20 13:44 . 2013-07-20 13:44        --------        d-----w-        c:\users\xxx\AppData\Roaming\Ybiva
2013-07-11 21:19 . 2013-05-27 05:50        1011712        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-11 21:19 . 2013-05-27 05:50        571904        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-11 21:19 . 2013-05-27 05:50        314880        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
2013-07-11 21:19 . 2013-05-27 04:57        4608        ----a-w-        c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 21:19 . 2013-05-27 04:57        54784        ----a-w-        c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 21:19 . 2013-05-27 04:57        392704        ----a-w-        c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 21:19 . 2013-05-27 03:15        9216        ----a-w-        c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 21:19 . 2013-06-04 06:00        624128        ----a-w-        c:\windows\system32\qedit.dll
2013-07-11 21:19 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2013-07-11 21:19 . 2013-05-06 06:03        1887744        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-11 21:19 . 2013-05-06 04:56        1620480        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 21:14 . 2013-06-05 03:34        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-07-11 21:14 . 2013-04-10 05:48        1732608        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 21:14 . 2013-04-10 05:46        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 21:14 . 2013-04-10 05:46        1393152        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 21:14 . 2013-04-10 05:46        1367040        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 21:14 . 2013-04-10 05:03        936448        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 21:13 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2013-07-11 21:13 . 2013-04-02 22:51        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-06 07:48 . 2013-07-06 07:48        --------        d-----w-        c:\users\xxx\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-27 07:34 . 2012-09-07 17:56        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-27 07:34 . 2011-12-07 05:24        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-25 18:06 . 2013-04-03 19:44        867240        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-07-25 18:06 . 2011-12-07 04:49        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-07-01 20:57 . 2013-05-08 16:43        83672        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-06-23 22:57 . 2012-09-02 07:45        78277128        ----a-w-        c:\windows\system32\MRT.exe
2013-05-13 05:51 . 2013-06-12 20:55        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 20:55        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 20:55        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 20:55        52224        ----a-w-        c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 20:55        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 20:55        1160192        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 20:55        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 20:55        1192448        ----a-w-        c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 20:55        903168        ----a-w-        c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 20:55        43008        ----a-w-        c:\windows\SysWow64\certenc.dll
2013-05-10 16:20 . 2011-03-28 17:36        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 20:55        30720        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 20:55        24576        ----a-w-        c:\windows\SysWow64\cryptdlg.dll
2013-05-08 22:39 . 2013-05-08 22:39        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-08 22:39 . 2013-05-08 22:39        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-08 22:39 . 2013-05-08 22:39        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-05-08 22:39 . 2013-05-08 22:39        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-05-08 22:39 . 2013-05-08 22:39        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-05-08 22:39 . 2013-05-08 22:39        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-05-08 22:39 . 2013-05-08 22:39        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-05-08 22:39 . 2013-05-08 22:39        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-05-08 22:39 . 2013-05-08 22:39        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-05-08 22:39 . 2013-05-08 22:39        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-08 22:39 . 2013-05-08 22:39        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-05-08 22:39 . 2013-05-08 22:39        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-05-08 22:39 . 2013-05-08 22:39        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-05-08 22:39 . 2013-05-08 22:39        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-05-08 22:39 . 2013-05-08 22:39        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-05-08 22:39 . 2013-05-08 22:39        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-05-08 22:39 . 2013-05-08 22:39        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-05-08 22:39 . 2013-05-08 22:39        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-05-08 22:39 . 2013-05-08 22:39        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-05-08 22:39 . 2013-05-08 22:39        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-08 22:39 . 2013-05-08 22:39        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-08 22:39 . 2013-05-08 22:39        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-05-08 22:39 . 2013-05-08 22:39        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-08 22:39 . 2013-05-08 22:39        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-05-08 22:39 . 2013-05-08 22:39        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-05-08 22:39 . 2013-05-08 22:39        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-08 22:39 . 2013-05-08 22:39        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-05-08 22:39 . 2013-05-08 22:39        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-08 22:39 . 2013-05-08 22:39        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-08 22:39 . 2013-05-08 22:39        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-05-08 22:39 . 2013-05-08 22:39        441856        ----a-w-        c:\windows\system32\html.iec
2013-05-08 22:39 . 2013-05-08 22:39        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-05-08 22:39 . 2013-05-08 22:39        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-08 22:39 . 2013-05-08 22:39        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-05-08 22:39 . 2013-05-08 22:39        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-05-08 22:39 . 2013-05-08 22:39        235008        ----a-w-        c:\windows\system32\url.dll
2013-05-08 22:39 . 2013-05-08 22:39        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-05-08 22:39 . 2013-05-08 22:39        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-05-08 22:39 . 2013-05-08 22:39        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-08 22:39 . 2013-05-08 22:39        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-08 22:39 . 2013-05-08 22:39        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-08 22:39 . 2013-05-08 22:39        149504        ----a-w-        c:\windows\system32\occache.dll
2013-05-08 22:39 . 2013-05-08 22:39        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-05-08 22:39 . 2013-05-08 22:39        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-05-08 22:39 . 2013-05-08 22:39        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-05-08 22:39 . 2013-05-08 22:39        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-05-08 22:39 . 2013-05-08 22:39        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-08 22:39 . 2013-05-08 22:39        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-05-08 22:39 . 2013-05-08 22:39        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-05-08 22:38 . 2013-05-08 22:38        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        648192        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-05-08 22:38 . 2013-05-08 22:38        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2013-05-08 22:38 . 2013-05-08 22:38        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-05-08 22:38 . 2013-05-08 22:38        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-05-08 22:38 . 2013-05-08 22:38        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-05-08 22:38 . 2013-05-08 22:38        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        3928064        ----a-w-        c:\windows\system32\d2d1.dll
2013-05-08 22:38 . 2013-05-08 22:38        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-08 22:38 . 2013-05-08 22:38        363008        ----a-w-        c:\windows\system32\dxgi.dll
2013-05-08 22:38 . 2013-05-08 22:38        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        3419136        ----a-w-        c:\windows\SysWow64\d2d1.dll
2013-05-08 22:38 . 2013-05-08 22:38        333312        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-05-08 22:38 . 2013-05-08 22:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        296960        ----a-w-        c:\windows\system32\d3d10core.dll
2013-05-08 22:38 . 2013-05-08 22:38        293376        ----a-w-        c:\windows\SysWow64\dxgi.dll
2013-05-08 22:38 . 2013-05-08 22:38        2776576        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-05-08 22:38 . 2013-05-08 22:38        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-05-08 22:38 . 2013-05-08 22:38        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-08 22:38 . 2013-05-08 22:38        249856        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2013-05-08 22:38 . 2013-05-08 22:38        245248        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys;c:\windows\SYSNATIVE\drivers\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 12:41        1173456        ----a-w-        c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 07:34]
.
2013-07-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-24 08:58]
.
2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-23 19:38]
.
2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-23 19:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 11895400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-14 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-05 947360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-05 797344]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2011-07-29 1103744]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D06CE2F6-CC67-4092-A121-FBE712CF3DB5}: NameServer = 10.20.10.20 10.20.10.21
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\
FF - ExtSQL: 2013-07-24 19:58; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - b4ee6be700000000000006273792a79f
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15910
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.022:33
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119828&tt=230713_18220&tsp=4953
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-27  13:49:33
ComboFix-quarantined-files.txt  2013-07-27 11:49
.
Vor Suchlauf: 15 Verzeichnis(se), 544.587.640.832 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 544.211.267.584 Bytes frei
.
- - End Of File - - DE871E739920F4CB3724462B05139FD0
D41D8CD98F00B204E9800998ECF8427E

schrauber 27.07.2013 17:41
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Fridholm 27.07.2013 23:06
O.k., das hat jetzt ein wenig Dreck gefegt, aber Hinweise auf ein Virus sehe ich in den Log Files irgendwie nie.:heulen:
Wenn Du da etwas siehst würde mich wirklich brennend interessieren was man da wo erkennen kann.
Die Log Files:
Code:
# AdwCleaner v2.306 - Datei am 27/07/2013 um 23:04:28 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *****- DeepThought42
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\searchplugins\Babylon.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\BabSolution

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\prefs.js

C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "b4ee6be700000000000006273792a79f");
Gelöscht : user_pref("extensions.delta.instlDay", "15910");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.22.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.22.022:33:21");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.22.0");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119828&tt=230713_18220&tsp=4953");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [12650 octets] - [27/07/2013 23:04:28]

########## EOF - C:\AdwCleaner[S1].txt - [12711 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Home Premium x64
Ran by ***** on 27.07.2013 at 23:09:53,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{55558A26-3653-4813-8BD1-A105B8BFE6EB}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{C86F2BA2-0C7F-4F2B-87CA-8C52026C88A5}



~~~ FireFox

Successfully deleted: [File] C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\c4nlpb79.default\invalidprefs.js



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.07.2013 at 23:14:15,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01
Ran by Gernold-Hassknecht(administrator) on 27-07-2013 23:18:01
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Sony Corporation) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [947360 2011-07-05] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [797344 2011-07-05] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-06-22] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SonicWALLNetExtender] - C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1103744 2011-07-29] (SonicWALL Inc.)
HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [500736 2011-05-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {C80F2912-317F-4A47-A20E-2A93741DCDA1} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q112&_nkw={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{D06CE2F6-CC67-4092-A121-FBE712CF3DB5}: [NameServer]10.20.10.20 10.20.10.21

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NetExtender Launcher  - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\Extensions\npNELaunch@sonicwall.com
FF Extension: firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-07-05] (Atheros)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [504192 2011-07-29] (SonicWALL Inc.)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1359408 2013-03-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-24] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-24] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc.)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2011-06-23] (REDC)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-27 23:14 - 2013-07-27 23:14 - 00001175 _____ C:\Users\*****\Desktop\JRT.txt
2013-07-27 23:09 - 2013-07-27 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-07-27 23:08 - 2013-07-27 23:15 - 00000000 ____D C:\Users\*****\Downloads\Neuer Ordner
2013-07-27 23:04 - 2013-07-27 23:04 - 00012693 _____ C:\AdwCleaner[S1].txt
2013-07-27 22:57 - 2013-07-27 22:57 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-07-27 22:56 - 2013-07-27 22:56 - 00666633 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-07-27 14:04 - 2013-07-27 14:07 - 00035721 _____ C:\Users\*****\Downloads\ComboFix.txt
2013-07-27 13:25 - 2013-07-27 13:49 - 00000000 ____D C:\Qoobox
2013-07-27 13:25 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-27 13:25 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-27 13:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-27 13:24 - 2013-07-27 13:48 - 00000000 ____D C:\Windows\erdnt
2013-07-27 13:20 - 2013-07-27 13:20 - 05093969 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-07-26 21:35 - 2013-07-26 21:58 - 00035998 _____ C:\Users\*****\Downloads\FRST1.txt
2013-07-26 21:35 - 2013-07-26 21:58 - 00030220 _____ C:\Users\*****\Downloads\Addition.txt
2013-07-26 21:34 - 2013-07-26 21:34 - 00000000 ____D C:\FRST
2013-07-26 21:33 - 2013-07-26 21:33 - 01780233 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-26 20:08 - 2013-07-26 20:08 - 02191876 _____ C:\Users\*****\Downloads\neu.log
2013-07-26 18:34 - 2013-07-26 18:34 - 00022908 _____ C:\Users\*****\Downloads\Extras.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00021358 _____ C:\Users\*****\Downloads\gmer.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00014498 _____ C:\Users\*****\Downloads\OTL.zip
2013-07-26 18:12 - 2013-07-26 18:55 - 00003248 _____ C:\Users\*****\Downloads\Text.txt
2013-07-26 06:57 - 2013-07-26 06:57 - 00000509 _____ C:\Users\*****\Downloads\bluescreen.txt
2013-07-26 06:54 - 2013-07-26 06:54 - 1098823686 _____ C:\Windows\MEMORY.DMP
2013-07-26 06:54 - 2013-07-26 06:54 - 00290488 _____ C:\Windows\Minidump\072613-30030-01.dmp
2013-07-26 06:54 - 2013-07-26 06:54 - 00000000 ____D C:\Windows\Minidump
2013-07-26 06:53 - 2013-07-26 18:31 - 00392557 _____ C:\Users\*****\Downloads\gmer.log
2013-07-26 00:05 - 2013-07-26 00:05 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2013-07-25 23:40 - 2013-07-26 18:29 - 00099632 _____ C:\Users\*****\Downloads\Extras.Txt
2013-07-25 23:39 - 2013-07-26 18:28 - 00103138 _____ C:\Users\*****\Downloads\OTL.Txt
2013-07-25 23:31 - 2013-07-25 23:31 - 00602112 _____ (OldTimer Tools) C:\Users\*****\Downloads\OTL.exe
2013-07-25 20:06 - 2013-07-25 20:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-24 23:10 - 2013-07-27 23:05 - 00000560 _____ C:\Windows\setupact.log
2013-07-24 23:10 - 2013-07-27 14:13 - 00002508 _____ C:\Windows\PFRO.log
2013-07-24 23:10 - 2013-07-24 23:10 - 00000000 _____ C:\Windows\setuperr.log
2013-07-24 23:04 - 2013-07-24 23:05 - 00047104 ___SH C:\Users\*****\Thumbs.db
2013-07-24 23:04 - 2013-07-24 23:04 - 00001125 _____ C:\Users\*****\Desktop\AppData - Verknüpfung.lnk
2013-07-24 22:35 - 2013-07-24 22:35 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-24 22:35 - 2013-07-24 22:35 - 00000000 ____D C:\Program Files\CCleaner
2013-07-24 22:33 - 2013-07-24 22:42 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-24 22:31 - 2013-07-24 22:31 - 00617312 _____ (www.download-sponsor.de) C:\Users\*****\Downloads\CCleaner 4.01.4093.exe
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-24 19:58 - 2013-07-24 19:59 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-24 19:58 - 2013-07-24 19:59 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-24 19:58 - 2013-07-24 19:59 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-24 19:58 - 2013-07-24 19:58 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-24 19:58 - 2013-07-24 19:58 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-24 19:58 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-24 19:58 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-24 19:58 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-24 19:56 - 2013-07-24 19:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-24 19:53 - 2013-07-24 19:53 - 00000002 _____ C:\AvastSetup.log
2013-07-23 22:02 - 2013-07-23 22:02 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 22:01 - 2013-07-23 22:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 22:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-22 08:15 - 2013-07-22 08:16 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 15:44 - 2013-07-20 15:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Ybiva
2013-07-12 03:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 03:06 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 03:06 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 03:06 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 03:06 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 03:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 03:06 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 03:06 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 03:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 23:19 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 23:19 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 23:19 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 23:19 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 23:14 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 23:13 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 23:13 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-07-27 23:15 - 2013-07-27 23:08 - 00000000 ____D C:\Users\*****\Downloads\Neuer Ordner
2013-07-27 23:14 - 2013-07-27 23:14 - 00001175 _____ C:\Users\*****\Desktop\JRT.txt
2013-07-27 23:13 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 23:13 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 23:09 - 2013-07-27 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-07-27 23:06 - 2011-12-07 06:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-27 23:05 - 2013-07-24 23:10 - 00000560 _____ C:\Windows\setupact.log
2013-07-27 23:05 - 2012-08-30 20:34 - 01679833 _____ C:\Windows\WindowsUpdate.log
2013-07-27 23:04 - 2013-07-27 23:04 - 00012693 _____ C:\AdwCleaner[S1].txt
2013-07-27 22:57 - 2013-07-27 22:57 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-07-27 22:56 - 2013-07-27 22:56 - 00666633 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-07-27 17:50 - 2012-08-31 00:32 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client
2013-07-27 16:49 - 2011-12-07 06:19 - 00697322 _____ C:\Windows\system32\perfh007.dat
2013-07-27 16:49 - 2011-12-07 06:19 - 00148328 _____ C:\Windows\system32\perfc007.dat
2013-07-27 16:49 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 14:57 - 2012-08-30 20:36 - 00000000 ____D C:\Users\*****\AppData\Local\VirtualStore
2013-07-27 14:30 - 2012-08-31 00:50 - 00000000 ____D C:\OldComp
2013-07-27 14:13 - 2013-07-24 23:10 - 00002508 _____ C:\Windows\PFRO.log
2013-07-27 14:07 - 2013-07-27 14:04 - 00035721 _____ C:\Users\*****\Downloads\Combowix.txt
2013-07-27 13:49 - 2013-07-27 13:25 - 00000000 ____D C:\Qoobox
2013-07-27 13:48 - 2013-07-27 13:24 - 00000000 ____D C:\Windows\erdnt
2013-07-27 13:48 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-27 13:20 - 2013-07-27 13:20 - 05093969 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-07-27 13:13 - 2012-09-23 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-27 09:43 - 2013-04-03 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-27 09:43 - 2011-12-07 06:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-27 09:42 - 2011-12-07 06:48 - 00000000 ____D C:\Program Files\Java
2013-07-27 09:37 - 2012-09-23 09:35 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-27 09:34 - 2013-04-23 21:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 09:34 - 2012-09-07 19:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-27 09:34 - 2011-12-07 07:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-26 21:58 - 2013-07-26 21:35 - 00035998 _____ C:\Users\*****\Downloads\FRST1.txt
2013-07-26 21:58 - 2013-07-26 21:35 - 00030220 _____ C:\Users\*****\Downloads\Addition.txt
2013-07-26 21:34 - 2013-07-26 21:34 - 00000000 ____D C:\FRST
2013-07-26 21:33 - 2013-07-26 21:33 - 01780233 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-26 20:08 - 2013-07-26 20:08 - 02191876 _____ C:\Users\*****\Downloads\neu.log
2013-07-26 18:55 - 2013-07-26 18:12 - 00003248 _____ C:\Users\*****\Downloads\Text.txt
2013-07-26 18:34 - 2013-07-26 18:34 - 00022908 _____ C:\Users\*****\Downloads\Extras.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00021358 _____ C:\Users\*****\Downloads\gmer.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00014498 _____ C:\Users\*****\Downloads\OTL.zip
2013-07-26 18:31 - 2013-07-26 06:53 - 00392557 _____ C:\Users\*****\Downloads\gmer.log
2013-07-26 18:29 - 2013-07-25 23:40 - 00099632 _____ C:\Users\*****\Downloads\Extras.Txt
2013-07-26 18:28 - 2013-07-25 23:39 - 00103138 _____ C:\Users\*****\Downloads\OTL.Txt
2013-07-26 06:57 - 2013-07-26 06:57 - 00000509 _____ C:\Users\*****\Downloads\bluescreen.txt
2013-07-26 06:54 - 2013-07-26 06:54 - 1098823686 _____ C:\Windows\MEMORY.DMP
2013-07-26 06:54 - 2013-07-26 06:54 - 00290488 _____ C:\Windows\Minidump\072613-30030-01.dmp
2013-07-26 06:54 - 2013-07-26 06:54 - 00000000 ____D C:\Windows\Minidump
2013-07-26 00:05 - 2013-07-26 00:05 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2013-07-25 23:31 - 2013-07-25 23:31 - 00602112 _____ (OldTimer Tools) C:\Users\*****\Downloads\OTL.exe
2013-07-25 22:07 - 2012-09-29 01:09 - 00000000 ____D C:\Users\*****\AppData\Roaming\foobar2000
2013-07-25 20:11 - 2012-08-30 20:36 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-07-25 20:06 - 2013-07-25 20:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-25 20:06 - 2013-04-03 21:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-25 20:06 - 2013-04-03 21:44 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-25 20:06 - 2011-12-07 06:49 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-25 20:06 - 2011-12-07 06:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-25 20:06 - 2011-12-07 06:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-24 23:10 - 2013-07-24 23:10 - 00000000 _____ C:\Windows\setuperr.log
2013-07-24 23:05 - 2013-07-24 23:04 - 00047104 ___SH C:\Users\*****\Thumbs.db
2013-07-24 23:05 - 2012-08-30 20:34 - 00000000 ____D C:\Users\*****
2013-07-24 23:04 - 2013-07-24 23:04 - 00001125 _____ C:\Users\*****\Desktop\AppData - Verknüpfung.lnk
2013-07-24 22:42 - 2013-07-24 22:33 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-24 22:39 - 2012-08-30 22:00 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-07-24 22:39 - 2011-02-11 00:48 - 00000000 ____D C:\Windows\Panther
2013-07-24 22:35 - 2013-07-24 22:35 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-24 22:35 - 2013-07-24 22:35 - 00000000 ____D C:\Program Files\CCleaner
2013-07-24 22:31 - 2013-07-24 22:31 - 00617312 _____ (www.download-sponsor.de) C:\Users\*****\Downloads\CCleaner 4.01.4093.exe
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-24 19:59 - 2013-07-24 19:58 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-24 19:59 - 2013-07-24 19:58 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-24 19:59 - 2013-07-24 19:58 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-24 19:58 - 2013-07-24 19:58 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-24 19:58 - 2013-07-24 19:58 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-24 19:58 - 2013-07-24 19:56 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-24 19:53 - 2013-07-24 19:53 - 00000002 _____ C:\AvastSetup.log
2013-07-23 22:02 - 2013-07-23 22:02 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 22:02 - 2013-07-23 22:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 18:42 - 2013-04-23 21:38 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 18:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 07:59 - 2013-04-23 21:38 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-22 08:16 - 2013-07-22 08:15 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 15:44 - 2013-07-20 15:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Ybiva
2013-07-17 23:11 - 2013-01-30 22:51 - 00000000 ____D C:\Users\*****\AppData\Local\Aptana Studio 3
2013-07-15 23:54 - 2013-04-23 21:38 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 23:54 - 2013-04-23 21:38 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 20:03 - 2013-04-23 21:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 14:42 - 2013-04-23 21:38 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 03:28 - 2013-03-15 00:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:28 - 2013-03-15 00:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 03:28 - 2009-07-14 06:45 - 00306808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:27 - 2011-10-20 23:31 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 03:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 03:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-01 22:57 - 2013-05-08 18:43 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 00:20

==================== End Of Log ============================
--- --- ---

--- --- ---
:dankeschoen: Und einen schönen Sonntag!

schrauber 28.07.2013 07:21
Adware ohne Ende, noch nen Onlinescan und wir sollten durch sein.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Fridholm 28.07.2013 15:31
Ja, "adware" ich glaube die war zum Teil schon auf dem Rechner als ich den neu gekauft habe. Gut, dass jetzt das Zeug vernichtet ist.
Probleme hatte ich bisher in den letzten 2 Tagen nicht mehr. Ich habe irgendwann bemerkt, dass ich zwar die aktuelle Version von Java 7 installiert habe, aber man Java 6 nicht deinstalliert bekommt. Toll. Da liegt dann eine alte unsichere Version herum. Java 7 hatte ich auch nur in der 64 Bit Version, Java 6 in 32 Bit und 64 Bit. Habe ich jetzt deinstalliert. Hat bisher aber auch nicht viel ausgemacht, ich hatte den IE9 so konfiguriert, dass da kein Java ausgeführt wird. Nun ja, man hat mir ja vor ca. 2 Wochen ungefragt den IE10 installiert, und da ist die Sicherheitsstellung offenbar zurückgestellt worden? Habe ich bereits geändert.
Aber dazu passt jetzt auch dieser Fund von ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=917473b56d97a448833c2aa5d9f0185f
# engine=14560
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-28 12:31:26
# local_time=2013-07-28 02:31:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 325941 151724558 0 0
# compatibility_mode=1799 16775165 100 96 9243 240437976 2030 0
# compatibility_mode=5893 16776573 100 94 51626 126644536 0 0
# scanned=216393
# found=1
# cleaned=0
# scan_time=7305
sh=172AB0F11F87112906AFE444BA2BF1BB6E588F19 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OYJ trojan" ac=I fn="C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\765a2067-3015fb8a"
Der Scan hat ziemlich lange gedauert und ich muss jetzt weg, daher kommt der Rest später. Ich mache erst mal nichts mit der Datei, schalte den Rechner aber auch erst mal ab und schaue mit einem anderen Computer später im Forum vorbei. Ich würde zugerne wissen welches Sackgesicht mir das Teil untergeschoben hat...

So, zum Rest:
Security Check:
Code:
Results of screen317's Security Check version 0.99.70 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
Avira Desktop     
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 25 
 Adobe Flash Player 11.8.800.94 
 Adobe Reader XI 
 Mozilla Firefox (22.0)
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent```````` 
 ESET NOD32 Antivirus egui.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01
Ran by Sylvester Stallon (administrator) on 28-07-2013 16:07:20
Running from C:\Users\xxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Sony Corporation) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [947360 2011-07-05] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [797344 2011-07-05] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-06-22] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SonicWALLNetExtender] - C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1103744 2011-07-29] (SonicWALL Inc.)
HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [500736 2011-05-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {C80F2912-317F-4A47-A20E-2A93741DCDA1} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q112&_nkw={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D06CE2F6-CC67-4092-A121-FBE712CF3DB5}: [NameServer]10.20.10.20 10.20.10.21

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NetExtender Launcher  - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\Extensions\npNELaunch@sonicwall.com
FF Extension: firebug - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\c4nlpb79.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-07-05] (Atheros)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [504192 2011-07-29] (SonicWALL Inc.)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1359408 2013-03-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-24] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-24] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc.)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2011-06-23] (REDC)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-28 15:00 - 2013-07-28 15:00 - 00891062 _____ C:\Users\xxx\Desktop\SecurityCheck.exe
2013-07-28 12:05 - 2013-07-28 12:05 - 02347384 _____ (ESET) C:\Users\xxx\Downloads\esetsmartinstaller_enu.exe
2013-07-27 23:09 - 2013-07-27 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-07-27 23:08 - 2013-07-28 15:06 - 00000000 ____D C:\Users\xxx\Downloads\Neuer Ordner
2013-07-27 23:04 - 2013-07-27 23:04 - 00012693 _____ C:\AdwCleaner[S1].txt
2013-07-27 22:57 - 2013-07-27 22:57 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-27 22:56 - 2013-07-27 22:56 - 00666633 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-07-27 14:04 - 2013-07-27 14:07 - 00035721 _____ C:\Users\xxx\Downloads\ComboFix.txt
2013-07-27 13:25 - 2013-07-27 13:49 - 00000000 ____D C:\Qoobox
2013-07-27 13:25 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-27 13:25 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-27 13:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-27 13:25 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-27 13:24 - 2013-07-27 13:48 - 00000000 ____D C:\Windows\erdnt
2013-07-27 13:20 - 2013-07-27 13:20 - 05093969 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-07-26 21:35 - 2013-07-26 21:58 - 00035998 _____ C:\Users\xxx\Downloads\FRST1.txt
2013-07-26 21:35 - 2013-07-26 21:58 - 00030220 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-26 21:34 - 2013-07-26 21:34 - 00000000 ____D C:\FRST
2013-07-26 21:33 - 2013-07-26 21:33 - 01780233 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-26 20:08 - 2013-07-26 20:08 - 02191876 _____ C:\Users\dori\Downloads\neu.log
2013-07-26 18:34 - 2013-07-26 18:34 - 00022908 _____ C:\Users\nori\Downloads\Extras.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00021358 _____ C:\Users\ori\Downloads\gmer.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00014498 _____ C:\Users\filli\Downloads\OTL.zip
2013-07-26 18:12 - 2013-07-26 18:55 - 00003248 _____ C:\Users\killi\Downloads\Text.txt
2013-07-26 06:57 - 2013-07-26 06:57 - 00000509 _____ C:\Users\balin\Downloads\bluescreen.txt
2013-07-26 06:54 - 2013-07-26 06:54 - 1098823686 _____ C:\Windows\MEMORY.DMP
2013-07-26 06:54 - 2013-07-26 06:54 - 00290488 _____ C:\Windows\Minidump\072613-30030-01.dmp
2013-07-26 06:54 - 2013-07-26 06:54 - 00000000 ____D C:\Windows\Minidump
2013-07-26 06:53 - 2013-07-26 18:31 - 00392557 _____ C:\Users\dwalin\Downloads\gmer.log
2013-07-26 00:05 - 2013-07-26 00:05 - 00377856 _____ C:\Users\bilfur\Downloads\gmer_2.1.19163.exe
2013-07-25 23:40 - 2013-07-26 18:29 - 00099632 _____ C:\Users\bofur\Downloads\Extras.Txt
2013-07-25 23:39 - 2013-07-26 18:28 - 00103138 _____ C:\Users\bombur\Downloads\OTL.Txt
2013-07-25 23:31 - 2013-07-25 23:31 - 00602112 _____ (OldTimer Tools) C:\Users\thorin\Downloads\OTL.exe
2013-07-25 20:06 - 2013-07-25 20:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-24 23:10 - 2013-07-28 16:00 - 00000728 _____ C:\Windows\setupact.log
2013-07-24 23:10 - 2013-07-28 15:59 - 00003342 _____ C:\Windows\PFRO.log
2013-07-24 23:10 - 2013-07-24 23:10 - 00000000 _____ C:\Windows\setuperr.log
2013-07-24 23:04 - 2013-07-24 23:05 - 00047104 ___SH C:\Users\xxx\Thumbs.db
2013-07-24 23:04 - 2013-07-24 23:04 - 00001125 _____ C:\Users\xxx\Desktop\AppData - Verknüpfung.lnk
2013-07-24 22:35 - 2013-07-24 22:35 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-24 22:35 - 2013-07-24 22:35 - 00000000 ____D C:\Program Files\CCleaner
2013-07-24 22:33 - 2013-07-24 22:42 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-24 22:31 - 2013-07-24 22:31 - 00617312 _____ (www.download-sponsor.de) C:\Users\xxx\Downloads\CCleaner 4.01.4093.exe
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-24 19:58 - 2013-07-24 19:59 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-24 19:58 - 2013-07-24 19:59 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-24 19:58 - 2013-07-24 19:59 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-24 19:58 - 2013-07-24 19:58 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-24 19:58 - 2013-07-24 19:58 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-24 19:58 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-24 19:58 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-24 19:58 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-24 19:58 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-24 19:56 - 2013-07-24 19:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-24 19:53 - 2013-07-24 19:53 - 00000002 _____ C:\AvastSetup.log
2013-07-23 22:02 - 2013-07-23 22:02 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 22:01 - 2013-07-23 22:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 22:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-22 08:15 - 2013-07-22 08:16 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 15:44 - 2013-07-20 15:44 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Ybiva
2013-07-12 03:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 03:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 03:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 03:06 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 03:06 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 03:06 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 03:06 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 03:06 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 03:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 03:06 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 03:06 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 03:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 23:19 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 23:19 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 23:19 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 23:19 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 23:14 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 23:13 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 23:13 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-07-28 16:00 - 2013-07-24 23:10 - 00000728 _____ C:\Windows\setupact.log
2013-07-28 16:00 - 2011-12-07 06:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-28 15:59 - 2013-07-24 23:10 - 00003342 _____ C:\Windows\PFRO.log
2013-07-28 15:06 - 2013-07-27 23:08 - 00000000 ____D C:\Users\xxx\Downloads\Neuer Ordner
2013-07-28 15:06 - 2012-08-30 20:34 - 01706837 _____ C:\Windows\WindowsUpdate.log
2013-07-28 15:00 - 2013-07-28 15:00 - 00891062 _____ C:\Users\xxx\Desktop\SecurityCheck.exe
2013-07-28 12:05 - 2013-07-28 12:05 - 02347384 _____ (ESET) C:\Users\xxx\Downloads\esetsmartinstaller_enu.exe
2013-07-28 12:00 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 12:00 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 23:09 - 2013-07-27 23:09 - 00000000 ____D C:\Windows\ERUNT
2013-07-27 23:04 - 2013-07-27 23:04 - 00012693 _____ C:\AdwCleaner[S1].txt
2013-07-27 22:57 - 2013-07-27 22:57 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-27 22:56 - 2013-07-27 22:56 - 00666633 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-07-27 17:50 - 2012-08-31 00:32 - 00000000 ____D C:\Users\xxx\AppData\Roaming\SoftGrid Client
2013-07-27 16:49 - 2011-12-07 06:19 - 00697322 _____ C:\Windows\system32\perfh007.dat
2013-07-27 16:49 - 2011-12-07 06:19 - 00148328 _____ C:\Windows\system32\perfc007.dat
2013-07-27 16:49 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 14:57 - 2012-08-30 20:36 - 00000000 ____D C:\Users\xxx\AppData\Local\VirtualStore
2013-07-27 14:30 - 2012-08-31 00:50 - 00000000 ____D C:\OldComp
2013-07-27 14:07 - 2013-07-27 14:04 - 00035721 _____ C:\Users\xxx\Downloads\ComboFix.txt
2013-07-27 13:49 - 2013-07-27 13:25 - 00000000 ____D C:\Qoobox
2013-07-27 13:48 - 2013-07-27 13:24 - 00000000 ____D C:\Windows\erdnt
2013-07-27 13:48 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-27 13:20 - 2013-07-27 13:20 - 05093969 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-07-27 13:13 - 2012-09-23 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-27 09:43 - 2013-04-03 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-27 09:43 - 2011-12-07 06:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-27 09:42 - 2011-12-07 06:48 - 00000000 ____D C:\Program Files\Java
2013-07-27 09:37 - 2012-09-23 09:35 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-27 09:34 - 2013-04-23 21:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 09:34 - 2012-09-07 19:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-27 09:34 - 2011-12-07 07:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-26 21:58 - 2013-07-26 21:35 - 00035998 _____ C:\Users\xxx\Downloads\FRST1.txt
2013-07-26 21:58 - 2013-07-26 21:35 - 00030220 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-26 21:34 - 2013-07-26 21:34 - 00000000 ____D C:\FRST
2013-07-26 21:33 - 2013-07-26 21:33 - 01780233 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-26 20:08 - 2013-07-26 20:08 - 02191876 _____ C:\Users\xxx\Downloads\neu.log
2013-07-26 18:55 - 2013-07-26 18:12 - 00003248 _____ C:\Users\xxx\Downloads\Text.txt
2013-07-26 18:34 - 2013-07-26 18:34 - 00022908 _____ C:\Users\xxx\Downloads\Extras.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00021358 _____ C:\Users\xxx\Downloads\gmer.zip
2013-07-26 18:34 - 2013-07-26 18:34 - 00014498 _____ C:\Users\xxx\Downloads\OTL.zip
2013-07-26 18:31 - 2013-07-26 06:53 - 00392557 _____ C:\Users\xxx\Downloads\gmer.log
2013-07-26 18:29 - 2013-07-25 23:40 - 00099632 _____ C:\Users\xxx\Downloads\Extras.Txt
2013-07-26 18:28 - 2013-07-25 23:39 - 00103138 _____ C:\Users\xxx\Downloads\OTL.Txt
2013-07-26 06:57 - 2013-07-26 06:57 - 00000509 _____ C:\Users\xxx\Downloads\bluescreen.txt
2013-07-26 06:54 - 2013-07-26 06:54 - 1098823686 _____ C:\Windows\MEMORY.DMP
2013-07-26 06:54 - 2013-07-26 06:54 - 00290488 _____ C:\Windows\Minidump\072613-30030-01.dmp
2013-07-26 06:54 - 2013-07-26 06:54 - 00000000 ____D C:\Windows\Minidump
2013-07-26 00:05 - 2013-07-26 00:05 - 00377856 _____ C:\Users\xxx\Downloads\gmer_2.1.19163.exe
2013-07-25 23:31 - 2013-07-25 23:31 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Downloads\OTL.exe
2013-07-25 22:07 - 2012-09-29 01:09 - 00000000 ____D C:\Users\xxx\AppData\Roaming\foobar2000
2013-07-25 20:11 - 2012-08-30 20:36 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2013-07-25 20:06 - 2013-07-25 20:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-25 20:06 - 2013-04-03 21:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-25 20:06 - 2013-04-03 21:44 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-25 20:06 - 2011-12-07 06:49 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-25 20:06 - 2011-12-07 06:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-25 20:06 - 2011-12-07 06:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-24 23:10 - 2013-07-24 23:10 - 00000000 _____ C:\Windows\setuperr.log
2013-07-24 23:05 - 2013-07-24 23:04 - 00047104 ___SH C:\Users\xxx\Thumbs.db
2013-07-24 23:05 - 2012-08-30 20:34 - 00000000 ____D C:\Users\xxx
2013-07-24 23:04 - 2013-07-24 23:04 - 00001125 _____ C:\Users\xxx\Desktop\AppData - Verknüpfung.lnk
2013-07-24 22:42 - 2013-07-24 22:33 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-24 22:39 - 2012-08-30 22:00 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashDumps
2013-07-24 22:39 - 2011-02-11 00:48 - 00000000 ____D C:\Windows\Panther
2013-07-24 22:35 - 2013-07-24 22:35 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-24 22:35 - 2013-07-24 22:35 - 00000000 ____D C:\Program Files\CCleaner
2013-07-24 22:31 - 2013-07-24 22:31 - 00617312 _____ (www.download-sponsor.de) C:\Users\xxx\Downloads\CCleaner 4.01.4093.exe
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-24 19:59 - 2013-07-24 19:59 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-24 19:59 - 2013-07-24 19:58 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-24 19:59 - 2013-07-24 19:58 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-24 19:59 - 2013-07-24 19:58 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-24 19:58 - 2013-07-24 19:58 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-24 19:58 - 2013-07-24 19:58 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-24 19:58 - 2013-07-24 19:58 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-24 19:58 - 2013-07-24 19:56 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-24 19:53 - 2013-07-24 19:53 - 00000002 _____ C:\AvastSetup.log
2013-07-23 22:02 - 2013-07-23 22:02 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-23 22:02 - 2013-07-23 22:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 22:02 - 2013-07-23 22:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 18:42 - 2013-04-23 21:38 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 18:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 07:59 - 2013-04-23 21:38 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-22 08:16 - 2013-07-22 08:15 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 15:44 - 2013-07-20 15:44 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Ybiva
2013-07-17 23:11 - 2013-01-30 22:51 - 00000000 ____D C:\Users\xxx\AppData\Local\Aptana Studio 3
2013-07-15 23:54 - 2013-04-23 21:38 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 23:54 - 2013-04-23 21:38 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 20:03 - 2013-04-23 21:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 14:42 - 2013-04-23 21:38 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 03:28 - 2013-03-15 00:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:28 - 2013-03-15 00:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 03:28 - 2009-07-14 06:45 - 00306808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:27 - 2011-10-20 23:31 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 03:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 03:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-01 22:57 - 2013-05-08 18:43 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 00:20

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Ich habe nicht alle Speichermedien/externen Festplatten mit dem "onlinescan" checken können, kann man das bei Bedarf wiederholen ohne gleich wieder die komplette Festplatte zu durchsuchen?

schrauber 28.07.2013 16:55
Ja enfach die Festplatte Haken wegmachen :)

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Fridholm 28.07.2013 18:31
:party:
Danke, alles soweit prima.

schrauber 29.07.2013 07:29
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131