Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Versuch, das Antivirus-Programm auszuschalten (https://www.trojaner-board.de/138964-versuch-antivirus-programm-auszuschalten.html)

Lukas1234 29.07.2013 10:08
Versuch, das Antivirus-Programm auszuschalten
 
Guten Morgen,

grad eben bekam ich die Meldung, das etwas versuche mein Antivirus-Programm (Avast) auszuschalten. Dafür ist zum Glück immer noch eine Bestätigung nötig, womit ich das Ausschalten also verhindern konnte. Aber allein die Tatsache, das etwas VERSUCHT Avast auszuschalten, ist ja wohl schon Grund genug, hier nach Rat zu fragen.
Außerdem wird mir seid einigen Tagen jeden Tag angezeigt, das ein neues Update für Windows verfügbar ist und wenn ich das dann lade, ist am nächsten Tag diese Meldung erneut da... ich weiß nicht ob das irgendwas zu bedeuten hat, aber irgendwie ist mir das ebenfalls suspekt :D

Ich weiß das meine Beschreibung nicht unbedingt aussagekräftig ist, aber mehr hab ich leider nicht zu bieten :(

würde mich trotzdem über Hilfe freuen :)

Grüße, Lukas

schrauber 29.07.2013 10:38
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Lukas1234 29.07.2013 11:33
so, hier die Logs


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Mietke (administrator) on 29-07-2013 12:27:30
Running from C:\Users\Mietke\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) D:\Program Files (x86)\Global Agenda\HiPatchService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(fabi.me) C:\Users\Mietke\Desktop\SpeedAutoClicker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ArenaNet) D:\Program Files (x86)\Guild Wars 2\Gw2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
() C:\Users\Mietke\AppData\Local\Temp\gw2cache-{CC434CB7-E2FF-1600-B44C-43CCFFE20016}\awesomium_process.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6440480 2008-07-16] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-20] (Intel Corporation)
HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPanel.exe [2248704 2011-08-02] ()
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKCU\...\Run: [Speed AutoClicker] - C:\Users\Mietke\Desktop\SpeedAutoClicker.exe [174080 2012-05-15] (fabi.me)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser.Mietke-PC\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=10&cc=&mi=442cdc36000000000000001ee5e1a5d7
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - DefaultScope {2624E793-ECBA-45DD-ACFB-19A7C3C58F79} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=442cdc36000000000000001ee5e1a5d7&r=436
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {2624E793-ECBA-45DD-ACFB-19A7C3C58F79} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=442cdc36000000000000001ee5e1a5d7&r=436
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\SoftonicTlbr.dll (Softonic.com)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default
FF user.js: detected! => C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.web.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\searchplugins\softonic.xml
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Battlefield Heroes Updater - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: groovesharkUnlocker - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}] C:\Users\Mietke\AppData\Roaming\5006
FF Extension: Java String Helper - C:\Users\Mietke\AppData\Roaming\5006
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}] C:\Users\Mietke\AppData\Roaming\5006
FF Extension: Java String Helper - C:\Users\Mietke\AppData\Roaming\5006

Chrome:
=======
CHR Extension: (Docs) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0
CHR Extension: (Guild Wars 2 Divinity's Garden Theme) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkbacblabnljjogoaaadkcpjnamonfc\1_0
CHR Extension: (Gmail) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\Softonic.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
S2 gupdate1ca743942b03ae0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-12-03] (Google Inc.)
R2 HiPatchService; D:\Program Files (x86)\Global Agenda\HiPatchService.exe [8704 2012-06-24] (Hi-Rez Studios)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3453712 2009-12-16] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-06-07] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2011-02-23] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [59144 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [56320 2008-07-22] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-02] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 TBPanel; No ImagePath
S3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [x]
S3 X6va002; \??\C:\Users\Mietke\AppData\Local\Temp\002A95A.tmp [x]
S3 X6va005; \??\C:\Users\Mietke\AppData\Local\Temp\005FA6B.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 12:25 - 2013-07-29 12:25 - 00000000 ____D C:\FRST
2013-07-29 12:23 - 2013-07-29 12:24 - 01780547 _____ (Farbar) C:\Users\Mietke\Downloads\FRST64.exe
2013-07-25 23:37 - 2013-07-25 23:37 - 00512825 _____ () C:\Users\Mietke\Downloads\FTB_Launcher.exe
2013-07-25 23:35 - 2013-07-25 23:35 - 00480057 _____ C:\Users\Mietke\Downloads\FTB_Launcher.jar
2013-07-25 23:16 - 2013-07-25 23:16 - 00512825 _____ () C:\Users\Mietke\Desktop\FTB_Launcher.exe
2013-07-23 21:50 - 2013-07-23 21:50 - 00000000 _____ C:\Users\Mietke\Desktop\server.log
2013-07-23 21:47 - 2013-07-23 21:47 - 02028089 _____ C:\Users\Mietke\Downloads\mcpatcher-4.1.0_04.exe
2013-07-23 21:41 - 2013-07-23 21:41 - 00000000 _____ C:\Users\Mietke\Downloads\server.log
2013-07-23 21:37 - 2013-07-23 21:40 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\ftblauncher
2013-07-12 01:05 - 2013-07-12 01:05 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-11 22:44 - 2013-06-01 06:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 22:44 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 22:44 - 2013-04-17 13:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-11 22:44 - 2013-04-17 13:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 22:44 - 2013-04-17 13:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 22:44 - 2013-04-17 12:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:44 - 2013-04-17 12:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-11 22:44 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-11 22:44 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-11 22:44 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-11 22:44 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 22:43 - 2013-06-04 04:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 22:43 - 2013-05-29 13:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 22:43 - 2013-05-29 13:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 22:43 - 2013-05-29 13:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-11 22:43 - 2013-05-29 13:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-11 22:43 - 2013-05-29 13:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 22:43 - 2013-05-29 13:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-07-11 22:43 - 2013-05-29 13:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-11 22:43 - 2013-05-29 13:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 22:43 - 2013-05-29 11:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-11 22:43 - 2013-05-29 10:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-11 22:43 - 2013-05-29 10:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-11 22:43 - 2013-05-29 10:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-11 22:43 - 2013-05-29 10:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 22:43 - 2013-05-29 09:12 - 01489408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:43 - 2013-05-29 09:12 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:43 - 2013-05-29 09:12 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 22:43 - 2013-05-29 09:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-11 22:43 - 2013-05-29 09:09 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 09339904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 12509184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 02356736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 22:43 - 2013-05-29 09:07 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:43 - 2013-05-29 07:59 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-11 22:43 - 2013-05-29 06:27 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 22:43 - 2013-05-29 06:26 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:43 - 2013-05-29 06:24 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-11 22:43 - 2013-05-29 06:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 22:43 - 2013-05-08 06:18 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 22:43 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ___HD C:\Users\Mietke\Desktop\.updtmp
2013-07-10 20:11 - 2012-05-15 21:32 - 00174080 _____ (fabi.me) C:\Users\Mietke\Desktop\SpeedAutoClicker.exe
2013-07-10 18:59 - 2013-07-10 20:13 - 00000000 ____D C:\Users\Mietke\AppData\Local\fabi.me
2013-07-10 18:59 - 2013-07-10 18:59 - 00002026 _____ C:\Users\Public\Desktop\AutoClicker.exe.lnk
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\ProgramData\Macrovision
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\Program Files (x86)\Shark Software
2013-07-10 18:57 - 2013-07-10 18:57 - 08904974 _____ (Shark Software                                              ) C:\Users\Mietke\Downloads\setup.exe
2013-07-10 18:51 - 2013-07-10 18:51 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\Softonic
2013-07-10 18:51 - 2013-07-10 18:51 - 00000000 ____D C:\Program Files (x86)\Softonic
2013-07-10 18:48 - 2013-07-10 18:49 - 00393040 _____ (Softonic                                        ) C:\Users\Mietke\Downloads\SoftonicDownloader_para_xumouse.exe
2013-07-08 17:15 - 2013-07-11 22:08 - 00000016 _____ C:\Users\Mietke\Desktop\Neues Textdokument.txt
2013-07-07 02:08 - 2013-07-07 02:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-29 12:25 - 2013-07-29 12:25 - 00000000 ____D C:\FRST
2013-07-29 12:24 - 2013-07-29 12:23 - 01780547 _____ (Farbar) C:\Users\Mietke\Downloads\FRST64.exe
2013-07-29 12:24 - 2013-01-09 20:44 - 00000440 ____H C:\Windows\Tasks\User_Feed_Synchronization-{38A14B28-3686-4261-A0BB-BA949EC18DBC}.job
2013-07-29 12:02 - 2013-02-25 18:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 11:45 - 2009-12-03 19:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 11:18 - 2010-11-15 18:23 - 00000000 ____D C:\Games
2013-07-29 10:57 - 2008-01-21 03:53 - 01073037 _____ C:\Windows\WindowsUpdate.log
2013-07-29 10:51 - 2012-07-09 13:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-29 10:50 - 2010-04-27 19:54 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-07-29 10:50 - 2009-12-03 19:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-29 10:50 - 2009-04-30 17:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-29 10:50 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 10:50 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 10:50 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 00:18 - 2006-11-02 17:42 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-28 22:41 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\tracing
2013-07-28 21:55 - 2010-10-01 22:36 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\TS3Client
2013-07-28 14:24 - 2012-10-05 16:21 - 00010246 _____ C:\Users\Mietke\Desktop\Gw2 Handelstabelle.ods
2013-07-27 11:04 - 2008-01-21 13:10 - 01474544 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 11:04 - 2008-01-21 13:09 - 00639210 _____ C:\Windows\system32\perfh007.dat
2013-07-27 11:04 - 2008-01-21 13:09 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-07-25 23:37 - 2013-07-25 23:37 - 00512825 _____ () C:\Users\Mietke\Downloads\FTB_Launcher.exe
2013-07-25 23:35 - 2013-07-25 23:35 - 00480057 _____ C:\Users\Mietke\Downloads\FTB_Launcher.jar
2013-07-25 23:16 - 2013-07-25 23:16 - 00512825 _____ () C:\Users\Mietke\Desktop\FTB_Launcher.exe
2013-07-23 21:50 - 2013-07-23 21:50 - 00000000 _____ C:\Users\Mietke\Desktop\server.log
2013-07-23 21:47 - 2013-07-23 21:47 - 02028089 _____ C:\Users\Mietke\Downloads\mcpatcher-4.1.0_04.exe
2013-07-23 21:41 - 2013-07-23 21:41 - 00000000 _____ C:\Users\Mietke\Downloads\server.log
2013-07-23 21:40 - 2013-07-23 21:37 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\ftblauncher
2013-07-23 12:21 - 2013-02-25 18:48 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-23 12:21 - 2013-02-25 18:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-23 12:21 - 2013-02-25 18:48 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-23 12:21 - 2011-03-05 12:21 - 00000000 ____D C:\Users\Mietke\AppData\Local\Adobe
2013-07-22 18:36 - 2011-04-29 14:40 - 00030760 _____ C:\Windows\system32\spsys.log
2013-07-19 14:22 - 2011-03-18 15:05 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\.minecraft
2013-07-17 12:46 - 2013-03-03 15:28 - 00002388 _____ C:\Windows\setupact.log
2013-07-13 12:50 - 2013-03-09 19:33 - 00002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 01:40 - 2009-12-03 19:01 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 01:40 - 2009-12-03 19:01 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 10:15 - 2006-11-02 17:21 - 04815240 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 10:13 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-12 01:12 - 2006-11-02 14:35 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-12 01:05 - 2013-07-12 01:05 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-11 22:08 - 2013-07-08 17:15 - 00000016 _____ C:\Users\Mietke\Desktop\Neues Textdokument.txt
2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ___HD C:\Users\Mietke\Desktop\.updtmp
2013-07-10 20:13 - 2013-07-10 18:59 - 00000000 ____D C:\Users\Mietke\AppData\Local\fabi.me
2013-07-10 18:59 - 2013-07-10 18:59 - 00002026 _____ C:\Users\Public\Desktop\AutoClicker.exe.lnk
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\ProgramData\Macrovision
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\Program Files (x86)\Shark Software
2013-07-10 18:57 - 2013-07-10 18:57 - 08904974 _____ (Shark Software                                              ) C:\Users\Mietke\Downloads\setup.exe
2013-07-10 18:51 - 2013-07-10 18:51 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\Softonic
2013-07-10 18:51 - 2013-07-10 18:51 - 00000000 ____D C:\Program Files (x86)\Softonic
2013-07-10 18:49 - 2013-07-10 18:48 - 00393040 _____ (Softonic                                        ) C:\Users\Mietke\Downloads\SoftonicDownloader_para_xumouse.exe
2013-07-10 08:26 - 2009-04-28 18:55 - 00000000 ____D C:\Users\Mietke
2013-07-08 11:16 - 2012-05-28 22:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-07 02:09 - 2013-07-07 02:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-29 11:03
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-07-2013
Ran by Mietke at 2013-07-29 12:28:20
Running from C:\Users\Mietke\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
7-Zip 9.20 (x32)
Adobe Download Assistant (x32 Version: 1.0.1)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Assassin's Creed Brotherhood (x32 Version: 1.03)
Assassin's Creed II (x32 Version: 1.00)
Assassin's Creed Revelations 1.03 (x32 Version: 1.03)
Assassin's Creed(R) III v1.06 (x32 Version: 1.06)
Auto Clicker - Image Recognizer (x32 Version: 3.0)
avast! Internet Security (x32 Version: 8.0.1489.0)
Bonjour (Version: 3.0.0.10)
Dragon's Prophet (x32 Version: 1.0.1087.5)
eaner (Version: 3.18)
Fable - The Lost Chapters (x32 Version: 1.00.0000)
Firefall (x32)
Global Agenda Launcher (x32 Version: 1.0.0)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.153)
Gothic (x32)
GPL Ghostscript (Version: 9.04)
GUILD WARS (x32)
iCloud (Version: 1.1.0.40)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.1.12)
Java 7 Update 15 (64-bit) (Version: 7.0.150)
Linksys Dual-Band Wireless-N USB Network Adapter (x32 Version: 1.0.0.1)
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter (x32 Version: 1.0.0.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
ManiaPlanet (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (x32)
Microsoft .NET Framework 1.1 Security Update (KB2742597) (x32)
Microsoft .NET Framework 1.1 Security Update (KB979906) (x32)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Neffy 1,3,29,0 (x32 Version: 1,3,29,0)
Neverwinter (x32)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Controller-Treiber 301.42 (Version: 301.42)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Prince of Persia T2T (x32)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.12)
PunkBuster Services (x32 Version: 0.991)
QuickTime (x32 Version: 7.71.80.42)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5667)
RedMon - Redirection Port Monitor
Softonic toolbar  on IE and Chrome (x32 Version: 1.8.19.3)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab (x32)
TeamSpeak 3 Client (x32)
The War Z version 1.0 (x32 Version: 1.0)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 8.0.0.35)
Vtune 7.21 (x32)
WinRAR (x32)

==================== Restore Points  =========================

25-07-2013 07:55:32 Windows Update
26-07-2013 10:44:48 Windows Update
27-07-2013 08:54:34 Windows Update
28-07-2013 08:11:50 Windows Update
29-07-2013 08:54:15 Windows Update

==================== Hosts content: ==========================

2006-11-02 14:34 - 2013-02-21 19:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04821EB8-F084-4387-A947-0F465BA51C0E} - System32\Tasks\{53693049-3DE1-4B5F-A927-64E7F14274F5} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-07-07] (Mozilla Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0DDB9626-2B99-4CD7-ACC2-5EAA6BFF2D85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1FD44D4D-F7C8-4299-9D16-CDEFFAF49B34} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-24] (Microsoft Corporation)
Task: {20869814-3357-4556-8C78-3D6109BE2839} - System32\Tasks\Tomb Raider - Underworld => D:\Program Files (x86)\Eidos\Tomb Raider - Underworld\TRU.exe No File
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {307CC128-007F-4676-ACC7-6392080ACA10} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {35EAD12E-6B1F-4E5C-8839-7C718811451C} - System32\Tasks\ASUS\ASUSInstAll => C:\Windows\AsusInstAll\InstAll.exe [2008-04-24] (ASUS)
Task: {39B356FE-5D50-4634-A4A4-20955430C21E} - System32\Tasks\{F35D0ACD-5689-4BE1-A046-4D367DE98839} => C:\Program Files (x86)\Skype\Phone\Skype.exe No File
Task: {41858589-86A5-4D6D-8304-480125AAC6C6} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe No File
Task: {4782C554-BDFE-47E1-BFE6-D3F3806158D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03] (Google Inc.)
Task: {6F518357-A6BF-4FDC-870F-B7CC451E7DB1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {72640C5D-E7C4-425C-9009-58F08BF93246} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23] (Adobe Systems Incorporated)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7DEA3667-B3F3-4F7D-887E-70121225F1DB} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {ABD80CF7-1311-40EF-A0BC-1C373C7D748A} - System32\Tasks\{E1A48337-550F-440C-8B12-17EB79622FBD} => C:\Program Files (x86)\Skype\Phone\Skype.exe No File
Task: {E4A32AC3-4D28-46AF-A5B4-B84E67622CC5} - System32\Tasks\User_Feed_Synchronization-{38A14B28-3686-4261-A0BB-BA949EC18DBC} => C:\Windows\system32\msfeedssync.exe [2013-05-29] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EDFC5352-2B9A-4747-BDC3-050E182E8CFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FBCFA3CF-E8F4-4693-BAC3-BC48FB28436E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{38A14B28-3686-4261-A0BB-BA949EC18DBC}.job => C:\Windows\system32\msfeedssync.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2013 10:56:59 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log enthalten.

Error: (07/29/2013 10:56:54 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (07/29/2013 10:56:28 AM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT)
Description: 0C:\Program Files\AVAST Software\Avast\AvastSvc.exeavast! Antivirus03026216122560

Error: (07/29/2013 10:56:25 AM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT)
Description: 0C:\Program Files\AVAST Software\Avast\AvastSvc.exeavast! Antivirus0302621612256143003A005C00570069006E0064006F00770073005C004D006900630072006F0073006F00660074002E004E00450054005C004600720061006D00650077006F0072006B005C00760031002E0031002E0034003300320032005C0055007000640061007400650073005C004D0032003700340032003500390037005C004D00320037003400320035003900370055006E0069006E007300740061006C006C002E006D00730070000000

Error: (07/29/2013 10:52:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (07/29/2013 10:57:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Server 2003, Windows Vista und Windows Server 2008 für x64-basierte Systeme (KB2833941){28510982-322D-4077-AFC0-6EF7C4237CE5}203

Error: (07/29/2013 10:53:02 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (07/29/2013 10:53:02 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (07/29/2013 10:52:22 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (07/28/2013 10:15:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Server 2003, Windows Vista und Windows Server 2008 für x64-basierte Systeme (KB2833941){28510982-322D-4077-AFC0-6EF7C4237CE5}203

Error: (07/28/2013 10:14:30 AM) (Source: Service Control Manager) (User: )
Description: 30000

Error: (07/28/2013 10:14:00 AM) (Source: Service Control Manager) (User: )
Description: 30000avast! Antivirus

Error: (07/28/2013 10:10:37 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (07/28/2013 10:10:37 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (07/28/2013 10:09:43 AM) (Source: Service Control Manager) (User: )
Description: Beep


Microsoft Office Sessions:
=========================
Error: (07/29/2013 10:56:59 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\Windows\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log(NULL)

Error: (07/29/2013 10:56:54 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (07/29/2013 10:56:28 AM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT)
Description: 0C:\Program Files\AVAST Software\Avast\AvastSvc.exeavast! Antivirus03026216122560

Error: (07/29/2013 10:56:25 AM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT)
Description: 0C:\Program Files\AVAST Software\Avast\AvastSvc.exeavast! Antivirus0302621612256143003A005C00570069006E0064006F00770073005C004D006900630072006F0073006F00660074002E004E00450054005C004600720061006D00650077006F0072006B005C00760031002E0031002E0034003300320032005C0055007000640061007400650073005C004D0032003700340032003500390037005C004D00320037003400320035003900370055006E0069006E007300740061006C006C002E006D00730070000000

Error: (07/29/2013 10:52:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\9

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\9

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\8

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\8

Error: (07/29/2013 10:52:21 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\MIETKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KZ08TL84.DEFAULT\CACHE\7


CodeIntegrity Errors:
===================================
  Date: 2013-07-29 12:06:07.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 12:06:07.234
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 12:06:06.358
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 12:06:05.308
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 12:06:04.093
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 12:06:02.865
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 12:06:01.861
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 12:06:01.272
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 12:06:00.356
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 12:05:59.293
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 84%
Total physical RAM: 4094.18 MB
Available physical RAM: 625.65 MB
Total Pagefile: 8369.61 MB
Available Pagefile: 3152.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:7.5 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:833.85 GB) (Free:462.47 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 235609EB)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=834 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 29.07.2013 15:14
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Lukas1234 29.07.2013 16:22
Code:
ComboFix 13-07-27.01 - Mietke 29.07.2013  16:51:57.2.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4094.2291 [GMT 2:00]
ausgeführt von:: c:\users\Mietke\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-28 bis 2013-07-29  ))))))))))))))))))))))))))))))
.
.
2013-07-29 15:02 . 2013-07-29 15:02        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-07-29 15:02 . 2013-07-29 15:02        --------        d-----w-        c:\users\UpdatusUser.Mietke-PC\AppData\Local\temp
2013-07-29 15:02 . 2013-07-29 15:02        --------        d-----w-        c:\users\Public\AppData\Local\temp
2013-07-29 15:02 . 2013-07-29 15:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-29 15:02 . 2013-07-29 15:02        --------        d-----w-        c:\users\AppData\AppData\Local\temp
2013-07-29 10:25 . 2013-07-29 10:25        --------        d-----w-        C:\FRST
2013-07-26 11:09 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A8D9256-C393-4906-8D0C-1E58D76605ED}\mpengine.dll
2013-07-23 19:37 . 2013-07-23 19:40        --------        d-----w-        c:\users\Mietke\AppData\Roaming\ftblauncher
2013-07-11 23:05 . 2013-07-11 23:05        --------        d-----w-        c:\windows\PCHEALTH
2013-07-11 20:43 . 2013-05-29 07:08        9339904        ----a-w-        c:\windows\system32\mshtml.dll
2013-07-10 16:59 . 2013-07-10 18:13        --------        d-----w-        c:\users\Mietke\AppData\Local\fabi.me
2013-07-10 16:59 . 2013-07-10 16:59        --------        d-----w-        c:\program files (x86)\Shark Software
2013-07-10 16:59 . 2013-07-10 16:59        --------        d-----w-        c:\programdata\Macrovision
2013-07-10 16:51 . 2013-07-10 16:51        --------        d-----w-        c:\program files (x86)\Softonic
2013-07-10 16:51 . 2013-07-10 16:51        --------        d-----w-        c:\users\Mietke\AppData\Roaming\Softonic
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-23 10:21 . 2013-02-25 16:48        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-23 10:21 . 2013-02-25 16:48        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-11 23:12 . 2006-11-02 12:35        78185248        ----a-w-        c:\windows\system32\mrt.exe
2013-06-27 20:41 . 2013-03-15 15:25        189936        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-06-27 20:41 . 2011-04-20 14:22        378944        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-06-27 20:41 . 2011-04-20 14:21        1030952        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-06-07 12:07 . 2010-05-23 10:03        189248        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-06-07 12:07 . 2010-05-23 10:03        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-05-24 18:00 . 2009-12-06 14:03        270408        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-05-09 08:59 . 2013-03-15 15:25        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2011-04-20 14:21        64288        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-04-20 14:21        59144        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2012-02-28 15:07        22600        ----a-w-        c:\windows\system32\drivers\aswKbd.sys
2013-05-09 08:59 . 2011-04-20 14:22        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2011-04-20 14:22        131232        ----a-w-        c:\windows\system32\drivers\aswFW.sys
2013-05-09 08:59 . 2011-04-20 14:21        270824        ----a-w-        c:\windows\system32\drivers\aswNdis2.sys
2013-05-09 08:59 . 2011-04-20 14:21        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2011-04-20 14:19        41664        ----a-w-        c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-04-20 14:21        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-05-08 04:50 . 2013-06-12 20:22        1423720        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-05-02 04:16 . 2013-06-12 20:22        686080        ----a-w-        c:\windows\system32\win32spl.dll
2013-05-02 04:04 . 2013-06-12 20:22        443904        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-05-02 04:03 . 2013-06-12 20:22        37376        ----a-w-        c:\windows\SysWow64\printcom.dll
2013-05-02 00:06 . 2011-04-22 19:44        278800        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2013-05-06 15:36        301464        ----a-w-        c:\program files (x86)\Softonic\Softonic\1.8.19.3\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.8.19.3\SoftonicTlbr.dll" [2013-05-06 288664]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704]
"Speed AutoClicker"="c:\users\Mietke\Desktop\SpeedAutoClicker.exe" [2012-05-15 174080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 10:45        1173456        ----a-w-        c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 10:21]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 16:54]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 16:54]
.
2013-07-29 c:\windows\Tasks\User_Feed_Synchronization-{38A14B28-3686-4261-A0BB-BA949EC18DBC}.job
- c:\windows\system32\msfeedssync.exe [2013-07-11 08:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-16 6440480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=10&cc=&mi=442cdc36000000000000001ee5e1a5d7
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.web.de
FF - ExtSQL: !HIDDEN! 2009-06-24 11:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-01-04 12:03; {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}; c:\users\Mietke\AppData\Roaming\5006
FF - user.js: extensions.Softonic.hpOld0 - www.web.de
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&mi=442cdc36000000000000001ee5e1a5d7&q=
FF - user.js: extensions.Softonic.id - 442cdc36000000000000001ee5e1a5d7
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15896
FF - user.js: extensions.Softonic.vrsn - 1.8.19.3
FF - user.js: extensions.Softonic.vrsni - 1.8.19.3
FF - user.js: extensions.Softonic.vrsnTs - 1.8.19.318:51
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - MOY00009
FF - user.js: extensions.Softonic.dfltLng - es
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=&mi=442cdc36000000000000001ee5e1a5d7
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=442cdc36000000000000001ee5e1a5d7&q=
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=442cdc36000000000000001ee5e1a5d7
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
AddRemove-Neffy - c:\program files (x86)\Neffy\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va002]
"ImagePath"="\??\c:\users\Mietke\AppData\Local\Temp\002A95A.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Mietke\AppData\Local\Temp\005FA6B.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1126053746-1709790084-1523483457-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:38,0c,9e,88,c5,7a,26,9f,85,ae,8b,25,4d,80,92,06,c2,9a,f6,ae,41,2f,51,
  cd,18,36,f9,a4,81,c6,09,73,dd,50,9c,ec,9a,e3,07,4f,cb,82,5d,5a,f7,ef,c2,d1,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1126053746-1709790084-1523483457-1000\Software\SecuROM\License information*]
"datasecu"=hex:69,14,a1,3b,98,0f,ee,be,42,4e,4c,4a,7a,7e,e3,3a,ca,53,f1,ce,ea,
  c7,0b,4a,6f,90,4f,35,d4,b1,1f,dc,7a,2a,06,b4,ed,88,4f,2d,4f,96,06,37,2e,be,\
"rkeysecu"=hex:29,ca,2a,2e,ea,ce,8d,fe,d0,5a,6b,1e,81,4f,b2,13
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-07-29  17:05:53
ComboFix-quarantined-files.txt  2013-07-29 15:05
ComboFix2.txt  2013-02-21 17:28
.
Vor Suchlauf: 9.013.010.432 Bytes frei
Nach Suchlauf: 9.192.431.616 Bytes frei
.
- - End Of File - - 305F106A0570C76F5A0F08AA95E0129A
5C616939100B85E558DA92B899A0FC36

schrauber 29.07.2013 19:39
Bitte den Inhalt von C:\Qoobox\Combofix2.txt posten.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Lukas1234 30.07.2013 12:29
So, hier alle 5 logs

Code:
ComboFix 13-02-21.02 - Mietke 21.02.2013  18:13:14.1.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4094.2026 [GMT 1:00]
ausgeführt von:: c:\users\Mietke\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\ie_kikin.dll.old
c:\program files (x86)\kikin\kikin.ico
c:\program files (x86)\kikin\kikin_updater_2.0.0.11.exe
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\programdata\0d5af0ae-d4e7-4b12-ba04-658f5165b97e.ico
c:\users\Mietke\AppData\Local\assembly\tmp
c:\users\Mietke\AppData\Roaming\AcroIEHelpe.txt
c:\users\Mietke\AppData\Roaming\Amnaro
c:\users\Mietke\AppData\Roaming\Amnaro\ketuf.cat
c:\users\Mietke\AppData\Roaming\Cayt
c:\users\Mietke\AppData\Roaming\Cayt\daluo.efl
c:\users\Mietke\AppData\Roaming\Cigo
c:\users\Mietke\AppData\Roaming\Cigo\idur.buq
c:\users\Mietke\AppData\Roaming\Ezqy
c:\users\Mietke\AppData\Roaming\Ezqy\hiluo.sou
c:\users\Mietke\AppData\Roaming\Help\coredb\storage
c:\users\Mietke\AppData\Roaming\kikin
c:\users\Mietke\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Mietke\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Mietke\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Mietke\AppData\Roaming\kikin\ie_settings.xml
c:\users\Mietke\AppData\Roaming\Nedem
c:\users\Mietke\AppData\Roaming\Nedem\geil.aty
c:\users\Mietke\AppData\Roaming\Oqel
c:\users\Mietke\AppData\Roaming\Oqel\udesu.nyv
c:\users\Mietke\AppData\Roaming\Otovu
c:\users\Mietke\AppData\Roaming\Otovu\axre.zuy
c:\users\Mietke\AppData\Roaming\srvblck2.tmp
c:\users\Mietke\AppData\Roaming\Tyseh
c:\users\Mietke\AppData\Roaming\Tyseh\kyer.xig
c:\users\Mietke\AppData\Roaming\Usicc
c:\users\Mietke\AppData\Roaming\Usicc\igtey.yta
c:\users\Mietke\AppData\Roaming\Utbeiz
c:\users\Mietke\AppData\Roaming\Utbeiz\icla.lio
c:\users\Mietke\AppData\Roaming\Vihea
c:\users\Mietke\AppData\Roaming\Vihea\alse.ryc
c:\windows\IsUn0407.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-21 bis 2013-02-21  ))))))))))))))))))))))))))))))
.
.
2013-02-21 17:25 . 2013-02-21 17:25        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-02-21 17:25 . 2013-02-21 17:25        --------        d-----w-        c:\users\UpdatusUser.Mietke-PC\AppData\Local\temp
2013-02-21 17:25 . 2013-02-21 17:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-21 16:50 . 2013-02-21 17:11        --------        d-----w-        C:\32788R22FWJFW
2013-02-21 16:10 . 2013-02-21 16:10        --------        d-----w-        C:\_OTL
2013-02-19 11:50 . 2013-01-08 05:32        9161176        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FBC0AD9-5BA6-4E17-BDC8-5D16BE44A60E}\mpengine.dll
2013-02-13 19:48 . 2013-01-02 11:08        1027584        ----a-w-        c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 19:48 . 2013-01-02 07:37        759296        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 19:48 . 2013-01-04 11:31        1423720        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-02-13 19:48 . 2013-01-04 01:59        2773504        ----a-w-        c:\windows\system32\win32k.sys
2013-02-13 19:48 . 2013-01-05 13:44        9331200        ----a-w-        c:\windows\system32\mshtml.dll
2013-02-13 19:48 . 2013-01-05 13:42        2356736        ----a-w-        c:\windows\system32\iertutil.dll
2013-02-13 19:48 . 2013-01-05 13:42        12509184        ----a-w-        c:\windows\system32\ieframe.dll
2013-02-02 18:23 . 2013-02-02 18:23        --------        d-----w-        c:\users\Mietke\AppData\Local\Red 5 Studios
2013-02-02 16:41 . 2013-02-02 16:41        --------        d-----w-        c:\program files (x86)\Xiph.Org
2013-01-30 13:00 . 2013-01-30 13:00        --------        d-----w-        c:\program files\iPod
2013-01-30 13:00 . 2013-01-30 13:01        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-30 13:00 . 2013-01-30 13:01        --------        d-----w-        c:\program files\iTunes
2013-01-30 13:00 . 2013-01-30 13:01        --------        d-----w-        c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 17:27 . 2010-05-23 10:03        270240        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-02-20 17:27 . 2009-12-06 14:03        270240        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-02-13 20:52 . 2006-11-02 12:35        70004024        ----a-w-        c:\windows\system32\mrt.exe
2013-02-09 19:29 . 2012-05-30 10:09        697712        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-09 19:29 . 2012-05-30 10:09        74096        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2011-04-22 19:44        273840        ------w-        c:\windows\system32\MpSigStub.exe
2012-12-26 19:48 . 2010-05-23 10:03        270240        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-12-16 13:31 . 2012-12-22 02:00        48128        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-22 02:00        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-22 02:00        368128        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-22 02:00        293376        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-14 15:49 . 2013-01-09 18:54        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54        2607872        ----a-w-        c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Mietke\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]
"FreeCT"="c:\program files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe" [2012-04-22 2053456]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Mietke\Desktop\mbar\mbar.exe" [2013-02-05 1363528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 71009799
*Deregistered* - 71009799
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 16:26        1607120        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 19:29]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 16:54]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 16:54]
.
2013-02-20 c:\windows\Tasks\User_Feed_Synchronization-{38A14B28-3686-4261-A0BB-BA949EC18DBC}.job
- c:\windows\system32\msfeedssync.exe [2013-02-13 08:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50        133400        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-16 6440480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.iminent.com/?appId=86A427A2-1952-45A7-86C7-EAF17CD51250
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.web.de
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyGIMUR6v&&i=26&search=
FF - ExtSQL: !HIDDEN! 2009-06-24 11:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-11-28 22:36; {800b5000-a755-47e1-992b-48a1c1357f07}; c:\program files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - ExtSQL: !HIDDEN! 2011-01-04 12:03; {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}; c:\users\Mietke\AppData\Roaming\5006
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyGIMUR6v&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 442cdc36000000000000001ee5e1a5d7
FF - user.js: extensions.incredibar_i.instlDay - 15523
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:24
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyGIMUR6v
FF - user.js: extensions.incredibar_i.upn2n - 92261686095990951
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10657
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free YouTube to iPod Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-MobMap_is1 - c:\program files (x86)\MobMapUpdater\unins000.exe
AddRemove-Neffy - c:\program files (x86)\Neffy\uninst.exe
AddRemove-Pflanzen gegen Zombies - c:\program files (x86)\PopCap Games\Pflanzen gegen Zombies\PopUninstall.exe
AddRemove-The Secret World_is1 - d:\program files (x86)\The Secret World\The Secret World\unins000.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001} - d:\program files (x86)\Global Agenda\HiRezGamesDiagAndSupport.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - d:\program files (x86)\Global Agenda\HiRezGamesDiagAndSupport.exe
AddRemove-{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1 - c:\users\Mietke\Documents\The War Z\unins000.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
AddRemove-NCsoft-AionEU - c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
AddRemove-NCsoft-GuildWars - c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
AddRemove-Planetside 2 - d:\program files (x86)\Planetside 2\Uninstaller.exe
AddRemove-soe-PlanetSide 2 PSG - d:\program files (x86)\Planetside 2\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va002]
"ImagePath"="\??\c:\users\Mietke\AppData\Local\Temp\002A95A.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Mietke\AppData\Local\Temp\005FA6B.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1126053746-1709790084-1523483457-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:38,0c,9e,88,c5,7a,26,9f,85,ae,8b,25,4d,80,92,06,c2,9a,f6,ae,41,2f,51,
  cd,18,36,f9,a4,81,c6,09,73,dd,50,9c,ec,9a,e3,07,4f,cb,82,5d,5a,f7,ef,c2,d1,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1126053746-1709790084-1523483457-1000\Software\SecuROM\License information*]
"datasecu"=hex:69,14,a1,3b,98,0f,ee,be,42,4e,4c,4a,7a,7e,e3,3a,ca,53,f1,ce,ea,
  c7,0b,4a,6f,90,4f,35,d4,b1,1f,dc,7a,2a,06,b4,ed,88,4f,2d,4f,96,06,37,2e,be,\
"rkeysecu"=hex:29,ca,2a,2e,ea,ce,8d,fe,d0,5a,6b,1e,81,4f,b2,13
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-02-21  18:28:36
ComboFix-quarantined-files.txt  2013-02-21 17:28
.
Vor Suchlauf: 28 Verzeichnis(se), 20.304.850.944 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 22.944.645.120 Bytes frei
.
- - End Of File - - CFC99D2FE85849AB6CA602529834553A
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.29.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19443
Mietke :: MIETKE-PC [Administrator]

30.07.2013 11:31:06
mbam-log-2013-07-30 (11-31-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 523671
Laufzeit: 1 Stunde(n), 34 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
# AdwCleaner v2.306 - Datei am 30/07/2013 um 13:10:26 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Mietke - MIETKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mietke\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\searchplugins\softonic.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Softonic
Gelöscht mit Neustart : C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Gelöscht mit Neustart : C:\Users\Mietke\AppData\Roaming\Softonic

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19443

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=10&cc=&mi=442cdc36000000000000001ee5e1a5d7 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=442cdc36000000000000001ee5e1a5d7 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\prefs.js

C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.Softonic.admin", false);
Gelöscht : user_pref("extensions.Softonic.aflt", "SD");
Gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Gelöscht : user_pref("extensions.Softonic.dfltLng", "es");
Gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Gelöscht : user_pref("extensions.Softonic.hmpg", true);
Gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&[...]
Gelöscht : user_pref("extensions.Softonic.hpOld0", "www.web.de");
Gelöscht : user_pref("extensions.Softonic.id", "442cdc36000000000000001ee5e1a5d7");
Gelöscht : user_pref("extensions.Softonic.instlDay", "15896");
Gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00009");
Gelöscht : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc[...]
Gelöscht : user_pref("extensions.Softonic.newTab", true);
Gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=[...]
Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Gelöscht : user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive");
Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.19.3");
Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.19.318:51:52");
Gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.19.3");

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [34875 octets] - [25/02/2013 19:33:36]
AdwCleaner[S2].txt - [1220 octets] - [25/02/2013 20:32:11]
AdwCleaner[S3].txt - [347 octets] - [30/07/2013 13:09:33]
AdwCleaner[S4].txt - [9237 octets] - [30/07/2013 13:10:26]

########## EOF - C:\AdwCleaner[S4].txt - [9297 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.8 (07.29.2013:2)
OS: Windows (TM) Vista Home Premium x64
Ran by Mietke on 30.07.2013 at 13:17:05,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2624E793-ECBA-45DD-ACFB-19A7C3C58F79}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Program Files (x86)\advanced pc tweaker"
Successfully deleted: [Folder] "C:\Program Files (x86)\softonic"



~~~ FireFox

Emptied folder: C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\minidumps [68 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.07.2013 at 13:24:46,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Mietke (administrator) on 30-07-2013 13:25:41
Running from C:\Users\Mietke\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) D:\Program Files (x86)\Global Agenda\HiPatchService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(fabi.me) C:\Users\Mietke\Desktop\SpeedAutoClicker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6440480 2008-07-16] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-20] (Intel Corporation)
HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPanel.exe [2248704 2011-08-02] ()
HKCU\...\Run: [Speed AutoClicker] - C:\Users\Mietke\Desktop\SpeedAutoClicker.exe [174080 2012-05-15] (fabi.me)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser.Mietke-PC\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default
FF NewTab: user_pref("browser.newtab.url", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.web.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Battlefield Heroes Updater - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: groovesharkUnlocker - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}] C:\Users\Mietke\AppData\Roaming\5006
FF Extension: Java String Helper - C:\Users\Mietke\AppData\Roaming\5006
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}] C:\Users\Mietke\AppData\Roaming\5006
FF Extension: Java String Helper - C:\Users\Mietke\AppData\Roaming\5006

Chrome:
=======
CHR Extension: (Docs) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Guild Wars 2 Divinity's Garden Theme) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkbacblabnljjogoaaadkcpjnamonfc\1_0
CHR Extension: (Gmail) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
S2 gupdate1ca743942b03ae0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-12-03] (Google Inc.)
R2 HiPatchService; D:\Program Files (x86)\Global Agenda\HiPatchService.exe [8704 2012-06-24] (Hi-Rez Studios)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3453712 2009-12-16] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-06-07] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2011-02-23] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [59144 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [56320 2008-07-22] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-02] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 TBPanel; No ImagePath
S3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [x]
S3 X6va002; \??\C:\Users\Mietke\AppData\Local\Temp\002A95A.tmp [x]
S3 X6va005; \??\C:\Users\Mietke\AppData\Local\Temp\005FA6B.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 13:16 - 2013-07-30 13:16 - 00009330 _____ C:\Users\Mietke\Desktop\AdwCleaner[S4].txt
2013-07-30 13:10 - 2013-07-30 13:10 - 00009330 _____ C:\AdwCleaner[S4].txt
2013-07-30 13:10 - 2013-07-30 13:10 - 00000276 _____ C:\Windows\DeleteOnReboot.bat
2013-07-30 13:09 - 2013-07-30 13:09 - 00000347 _____ C:\AdwCleaner[S3].txt
2013-07-30 13:08 - 2013-07-30 13:08 - 00022799 _____ C:\Users\Mietke\Desktop\ComboFix2.txt
2013-07-30 11:30 - 2013-07-30 11:30 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Mietke\Downloads\JRT.exe
2013-07-30 11:28 - 2013-07-30 11:28 - 00666633 _____ C:\Users\Mietke\Downloads\adwcleaner.exe
2013-07-29 17:05 - 2013-07-29 17:05 - 00013207 _____ C:\ComboFix.txt
2013-07-29 16:47 - 2013-07-29 16:47 - 05095176 ____R (Swearware) C:\Users\Mietke\Downloads\ComboFix.exe
2013-07-29 12:28 - 2013-07-29 12:32 - 00025376 _____ C:\Users\Mietke\Downloads\Addition.txt
2013-07-29 12:25 - 2013-07-29 12:25 - 00000000 ____D C:\FRST
2013-07-29 12:23 - 2013-07-29 12:24 - 01780547 _____ (Farbar) C:\Users\Mietke\Downloads\FRST64.exe
2013-07-25 23:37 - 2013-07-25 23:37 - 00512825 _____ () C:\Users\Mietke\Downloads\FTB_Launcher.exe
2013-07-25 23:35 - 2013-07-25 23:35 - 00480057 _____ C:\Users\Mietke\Downloads\FTB_Launcher.jar
2013-07-25 23:16 - 2013-07-25 23:16 - 00512825 _____ () C:\Users\Mietke\Desktop\FTB_Launcher.exe
2013-07-23 21:50 - 2013-07-23 21:50 - 00000000 _____ C:\Users\Mietke\Desktop\server.log
2013-07-23 21:47 - 2013-07-23 21:47 - 02028089 _____ C:\Users\Mietke\Downloads\mcpatcher-4.1.0_04.exe
2013-07-23 21:41 - 2013-07-23 21:41 - 00000000 _____ C:\Users\Mietke\Downloads\server.log
2013-07-23 21:37 - 2013-07-23 21:40 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\ftblauncher
2013-07-12 01:05 - 2013-07-12 01:05 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-11 22:44 - 2013-06-01 06:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 22:44 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 22:44 - 2013-04-17 13:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-11 22:44 - 2013-04-17 13:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 22:44 - 2013-04-17 13:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 22:44 - 2013-04-17 12:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:44 - 2013-04-17 12:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-11 22:44 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-11 22:44 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-11 22:44 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-11 22:44 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 22:43 - 2013-06-04 04:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 22:43 - 2013-05-29 13:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 22:43 - 2013-05-29 13:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 22:43 - 2013-05-29 13:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-11 22:43 - 2013-05-29 13:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-11 22:43 - 2013-05-29 13:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 22:43 - 2013-05-29 13:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-07-11 22:43 - 2013-05-29 13:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-11 22:43 - 2013-05-29 13:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 22:43 - 2013-05-29 11:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-11 22:43 - 2013-05-29 10:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-11 22:43 - 2013-05-29 10:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-11 22:43 - 2013-05-29 10:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-11 22:43 - 2013-05-29 10:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 22:43 - 2013-05-29 09:12 - 01489408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:43 - 2013-05-29 09:12 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:43 - 2013-05-29 09:12 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 22:43 - 2013-05-29 09:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-11 22:43 - 2013-05-29 09:09 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 09339904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 12509184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 02356736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 22:43 - 2013-05-29 09:07 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:43 - 2013-05-29 07:59 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-11 22:43 - 2013-05-29 06:27 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 22:43 - 2013-05-29 06:26 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:43 - 2013-05-29 06:24 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-11 22:43 - 2013-05-29 06:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 22:43 - 2013-05-08 06:18 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 22:43 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ___HD C:\Users\Mietke\Desktop\.updtmp
2013-07-10 20:11 - 2012-05-15 21:32 - 00174080 _____ (fabi.me) C:\Users\Mietke\Desktop\SpeedAutoClicker.exe
2013-07-10 18:59 - 2013-07-10 20:13 - 00000000 ____D C:\Users\Mietke\AppData\Local\fabi.me
2013-07-10 18:59 - 2013-07-10 18:59 - 00002026 _____ C:\Users\Public\Desktop\AutoClicker.exe.lnk
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\ProgramData\Macrovision
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\Program Files (x86)\Shark Software
2013-07-10 18:57 - 2013-07-10 18:57 - 08904974 _____ (Shark Software                                              ) C:\Users\Mietke\Downloads\setup.exe
2013-07-08 17:15 - 2013-07-11 22:08 - 00000016 _____ C:\Users\Mietke\Desktop\Neues Textdokument.txt
2013-07-07 02:08 - 2013-07-07 02:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
111

==================== One Month Modified Files and Folders =======

2013-07-30 13:24 - 2013-07-30 13:24 - 00001124 _____ C:\Users\Mietke\Desktop\JRT.txt
2013-07-30 13:24 - 2013-01-09 20:44 - 00000440 ____H C:\Windows\Tasks\User_Feed_Synchronization-{38A14B28-3686-4261-A0BB-BA949EC18DBC}.job
2013-07-30 13:18 - 2008-01-21 03:53 - 01221480 _____ C:\Windows\WindowsUpdate.log
2013-07-30 13:16 - 2013-07-30 13:16 - 00009330 _____ C:\Users\Mietke\Desktop\AdwCleaner[S4].txt
2013-07-30 13:13 - 2012-07-09 13:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-30 13:13 - 2010-04-27 19:54 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-07-30 13:13 - 2009-12-03 19:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 13:13 - 2009-04-30 17:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-30 13:13 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 13:13 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 13:13 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 13:11 - 2006-11-02 17:42 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-30 13:10 - 2013-07-30 13:10 - 00009330 _____ C:\AdwCleaner[S4].txt
2013-07-30 13:10 - 2013-07-30 13:10 - 00000276 _____ C:\Windows\DeleteOnReboot.bat
2013-07-30 13:09 - 2013-07-30 13:09 - 00000347 _____ C:\AdwCleaner[S3].txt
2013-07-30 13:08 - 2013-07-30 13:08 - 00022799 _____ C:\Users\Mietke\Desktop\ComboFix2.txt
2013-07-30 13:02 - 2013-02-25 18:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 12:52 - 2009-12-03 19:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 11:30 - 2013-07-30 11:30 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Mietke\Downloads\JRT.exe
2013-07-30 11:28 - 2013-07-30 11:28 - 00666633 _____ C:\Users\Mietke\Downloads\adwcleaner.exe
2013-07-30 11:15 - 2011-04-29 14:40 - 00031016 _____ C:\Windows\system32\spsys.log
2013-07-30 11:14 - 2013-02-25 19:35 - 00013166 _____ C:\Windows\PFRO.log
2013-07-29 18:39 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\tracing
2013-07-29 17:05 - 2013-07-29 17:05 - 00013207 _____ C:\ComboFix.txt
2013-07-29 17:05 - 2013-02-21 18:51 - 00000000 ____D C:\Qoobox
2013-07-29 17:02 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-07-29 16:49 - 2013-02-21 18:50 - 00000000 ____D C:\32788R22FWJFW
2013-07-29 16:47 - 2013-07-29 16:47 - 05095176 ____R (Swearware) C:\Users\Mietke\Downloads\ComboFix.exe
2013-07-29 12:32 - 2013-07-29 12:28 - 00025376 _____ C:\Users\Mietke\Downloads\Addition.txt
2013-07-29 12:25 - 2013-07-29 12:25 - 00000000 ____D C:\FRST
2013-07-29 12:24 - 2013-07-29 12:23 - 01780547 _____ (Farbar) C:\Users\Mietke\Downloads\FRST64.exe
2013-07-29 11:18 - 2010-11-15 18:23 - 00000000 ____D C:\Games
2013-07-28 21:55 - 2010-10-01 22:36 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\TS3Client
2013-07-28 14:24 - 2012-10-05 16:21 - 00010246 _____ C:\Users\Mietke\Desktop\Gw2 Handelstabelle.ods
2013-07-27 11:04 - 2008-01-21 13:10 - 01474544 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 11:04 - 2008-01-21 13:09 - 00639210 _____ C:\Windows\system32\perfh007.dat
2013-07-27 11:04 - 2008-01-21 13:09 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-07-25 23:37 - 2013-07-25 23:37 - 00512825 _____ () C:\Users\Mietke\Downloads\FTB_Launcher.exe
2013-07-25 23:35 - 2013-07-25 23:35 - 00480057 _____ C:\Users\Mietke\Downloads\FTB_Launcher.jar
2013-07-25 23:16 - 2013-07-25 23:16 - 00512825 _____ () C:\Users\Mietke\Desktop\FTB_Launcher.exe
2013-07-23 21:50 - 2013-07-23 21:50 - 00000000 _____ C:\Users\Mietke\Desktop\server.log
2013-07-23 21:47 - 2013-07-23 21:47 - 02028089 _____ C:\Users\Mietke\Downloads\mcpatcher-4.1.0_04.exe
2013-07-23 21:41 - 2013-07-23 21:41 - 00000000 _____ C:\Users\Mietke\Downloads\server.log
2013-07-23 21:40 - 2013-07-23 21:37 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\ftblauncher
2013-07-23 12:21 - 2013-02-25 18:48 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-23 12:21 - 2013-02-25 18:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-23 12:21 - 2013-02-25 18:48 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-23 12:21 - 2011-03-05 12:21 - 00000000 ____D C:\Users\Mietke\AppData\Local\Adobe
2013-07-19 14:22 - 2011-03-18 15:05 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\.minecraft
2013-07-17 12:46 - 2013-03-03 15:28 - 00002388 _____ C:\Windows\setupact.log
2013-07-13 12:50 - 2013-03-09 19:33 - 00002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 01:40 - 2009-12-03 19:01 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 01:40 - 2009-12-03 19:01 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 10:15 - 2006-11-02 17:21 - 04815240 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 10:13 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-12 01:12 - 2006-11-02 14:35 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-12 01:05 - 2013-07-12 01:05 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-11 22:08 - 2013-07-08 17:15 - 00000016 _____ C:\Users\Mietke\Desktop\Neues Textdokument.txt
2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ___HD C:\Users\Mietke\Desktop\.updtmp
2013-07-10 20:13 - 2013-07-10 18:59 - 00000000 ____D C:\Users\Mietke\AppData\Local\fabi.me
2013-07-10 18:59 - 2013-07-10 18:59 - 00002026 _____ C:\Users\Public\Desktop\AutoClicker.exe.lnk
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\ProgramData\Macrovision
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\Program Files (x86)\Shark Software
2013-07-10 18:57 - 2013-07-10 18:57 - 08904974 _____ (Shark Software                                              ) C:\Users\Mietke\Downloads\setup.exe
2013-07-10 08:26 - 2009-04-28 18:55 - 00000000 ____D C:\Users\Mietke
2013-07-08 11:16 - 2012-05-28 22:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-07 02:09 - 2013-07-07 02:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-30 13:20

==================== End Of Log ============================
--- --- ---

schrauber 30.07.2013 13:57
Perfekt :)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Lukas1234 30.07.2013 21:40
also hier der ESET log
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=194c21bfdbf52f48a52fe916cad3f029
# engine=14590
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-30 08:27:32
# local_time=2013-07-30 10:27:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 33329 212739958 0 0
# scanned=263720
# found=2
# cleaned=0
# scan_time=11164
sh=95FF3F659378B0258932261FA103F548A3CDBAA7 ft=1 fh=60338280378105ba vn="a variant of Win32/Adware.RegistryEasy application" ac=I fn="C:\Program Files\Fix Helpmate\FixHelpmate.exe"
sh=17BCD2383679B1BD3ABA3E352C8BE3E8BC4D25DA ft=1 fh=c71c001192ebd825 vn="Win32/Adware.RegistryEasy application" ac=I fn="C:\Program Files\Fix Helpmate\Recoveryer.dll"
bei security check kommt allerdings eine Fehlermeldung:
UNSUPPORTED OPERATING SYSTEM! ABORTED!

schrauber 31.07.2013 09:38
Frisches FRST log bitte. Noch Probleme? :)

Lukas1234 31.07.2013 15:20
so, hier der log


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Mietke (administrator) on 31-07-2013 15:53:27
Running from C:\Users\Mietke\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) D:\Program Files (x86)\Global Agenda\HiPatchService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(fabi.me) C:\Users\Mietke\Desktop\SpeedAutoClicker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(fabi.me) C:\Users\Mietke\Desktop\SpeedAutoClicker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6440480 2008-07-16] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-20] (Intel Corporation)
HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPanel.exe [2248704 2011-08-02] ()
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKCU\...\Run: [Speed AutoClicker] - C:\Users\Mietke\Desktop\SpeedAutoClicker.exe [174080 2012-05-15] (fabi.me)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser.Mietke-PC\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default
FF NewTab: user_pref("browser.newtab.url", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.web.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Battlefield Heroes Updater - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: groovesharkUnlocker - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: No Name - C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}] C:\Users\Mietke\AppData\Roaming\5006
FF Extension: Java String Helper - C:\Users\Mietke\AppData\Roaming\5006
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}] C:\Users\Mietke\AppData\Roaming\5006
FF Extension: Java String Helper - C:\Users\Mietke\AppData\Roaming\5006

Chrome:
=======
CHR Extension: (Docs) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Guild Wars 2 Divinity's Garden Theme) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkbacblabnljjogoaaadkcpjnamonfc\1_0
CHR Extension: (Gmail) - C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
S2 gupdate1ca743942b03ae0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-12-03] (Google Inc.)
R2 HiPatchService; D:\Program Files (x86)\Global Agenda\HiPatchService.exe [8704 2012-06-24] (Hi-Rez Studios)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3453712 2009-12-16] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-06-07] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2011-02-23] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [59144 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [56320 2008-07-22] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-02] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 TBPanel; No ImagePath
S3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [x]
S3 X6va002; \??\C:\Users\Mietke\AppData\Local\Temp\002A95A.tmp [x]
S3 X6va005; \??\C:\Users\Mietke\AppData\Local\Temp\005FA6B.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 22:37 - 2013-07-30 22:37 - 00891098 _____ C:\Users\Mietke\Desktop\SecurityCheck.exe
2013-07-30 19:18 - 2013-07-30 19:18 - 02347384 _____ (ESET) C:\Users\Mietke\Downloads\esetsmartinstaller_enu.exe
2013-07-30 19:18 - 2013-07-30 19:18 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-30 13:24 - 2013-07-30 13:24 - 00001124 _____ C:\Users\Mietke\Desktop\JRT.txt
2013-07-30 13:16 - 2013-07-30 13:16 - 00009330 _____ C:\Users\Mietke\Desktop\AdwCleaner[S4].txt
2013-07-30 13:10 - 2013-07-30 13:10 - 00009330 _____ C:\AdwCleaner[S4].txt
2013-07-30 13:10 - 2013-07-30 13:10 - 00000276 _____ C:\Windows\DeleteOnReboot.bat
2013-07-30 13:09 - 2013-07-30 13:09 - 00000347 _____ C:\AdwCleaner[S3].txt
2013-07-30 13:08 - 2013-07-30 13:08 - 00022799 _____ C:\Users\Mietke\Desktop\ComboFix2.txt
2013-07-30 11:30 - 2013-07-30 11:30 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Mietke\Downloads\JRT.exe
2013-07-30 11:28 - 2013-07-30 11:28 - 00666633 _____ C:\Users\Mietke\Downloads\adwcleaner.exe
2013-07-29 17:05 - 2013-07-29 17:05 - 00013207 _____ C:\ComboFix.txt
2013-07-29 16:47 - 2013-07-29 16:47 - 05095176 ____R (Swearware) C:\Users\Mietke\Downloads\ComboFix.exe
2013-07-29 12:28 - 2013-07-29 12:32 - 00025376 _____ C:\Users\Mietke\Downloads\Addition.txt
2013-07-29 12:25 - 2013-07-29 12:25 - 00000000 ____D C:\FRST
2013-07-29 12:23 - 2013-07-29 12:24 - 01780547 _____ (Farbar) C:\Users\Mietke\Downloads\FRST64.exe
2013-07-25 23:37 - 2013-07-25 23:37 - 00512825 _____ () C:\Users\Mietke\Downloads\FTB_Launcher.exe
2013-07-25 23:35 - 2013-07-25 23:35 - 00480057 _____ C:\Users\Mietke\Downloads\FTB_Launcher.jar
2013-07-25 23:16 - 2013-07-25 23:16 - 00512825 _____ () C:\Users\Mietke\Desktop\FTB_Launcher.exe
2013-07-23 21:50 - 2013-07-23 21:50 - 00000000 _____ C:\Users\Mietke\Desktop\server.log
2013-07-23 21:47 - 2013-07-23 21:47 - 02028089 _____ C:\Users\Mietke\Downloads\mcpatcher-4.1.0_04.exe
2013-07-23 21:41 - 2013-07-23 21:41 - 00000000 _____ C:\Users\Mietke\Downloads\server.log
2013-07-23 21:37 - 2013-07-23 21:40 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\ftblauncher
2013-07-12 01:05 - 2013-07-12 01:05 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-11 22:44 - 2013-06-01 06:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 22:44 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 22:44 - 2013-04-17 14:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 22:44 - 2013-04-17 13:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-11 22:44 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-11 22:44 - 2013-04-17 13:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 22:44 - 2013-04-17 13:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 22:44 - 2013-04-17 12:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:44 - 2013-04-17 12:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-11 22:44 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-11 22:44 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-11 22:44 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-11 22:44 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 22:43 - 2013-06-04 04:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 22:43 - 2013-05-29 13:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 22:43 - 2013-05-29 13:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 22:43 - 2013-05-29 13:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-11 22:43 - 2013-05-29 13:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-11 22:43 - 2013-05-29 13:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 22:43 - 2013-05-29 13:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-07-11 22:43 - 2013-05-29 13:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-11 22:43 - 2013-05-29 13:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-11 22:43 - 2013-05-29 13:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 22:43 - 2013-05-29 13:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 22:43 - 2013-05-29 11:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-11 22:43 - 2013-05-29 10:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-11 22:43 - 2013-05-29 10:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-11 22:43 - 2013-05-29 10:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-11 22:43 - 2013-05-29 10:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 22:43 - 2013-05-29 09:12 - 01489408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:43 - 2013-05-29 09:12 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:43 - 2013-05-29 09:12 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 22:43 - 2013-05-29 09:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-11 22:43 - 2013-05-29 09:09 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 09339904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-11 22:43 - 2013-05-29 09:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 12509184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 02356736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 22:43 - 2013-05-29 09:07 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:43 - 2013-05-29 09:07 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:43 - 2013-05-29 07:59 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-11 22:43 - 2013-05-29 06:27 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 22:43 - 2013-05-29 06:26 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:43 - 2013-05-29 06:24 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-11 22:43 - 2013-05-29 06:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 22:43 - 2013-05-08 06:18 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 22:43 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ___HD C:\Users\Mietke\Desktop\.updtmp
2013-07-10 20:11 - 2012-05-15 21:32 - 00174080 _____ (fabi.me) C:\Users\Mietke\Desktop\SpeedAutoClicker.exe
2013-07-10 18:59 - 2013-07-10 20:13 - 00000000 ____D C:\Users\Mietke\AppData\Local\fabi.me
2013-07-10 18:59 - 2013-07-10 18:59 - 00002026 _____ C:\Users\Public\Desktop\AutoClicker.exe.lnk
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\ProgramData\Macrovision
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\Program Files (x86)\Shark Software
2013-07-10 18:57 - 2013-07-10 18:57 - 08904974 _____ (Shark Software                                              ) C:\Users\Mietke\Downloads\setup.exe
2013-07-08 17:15 - 2013-07-11 22:08 - 00000016 _____ C:\Users\Mietke\Desktop\Neues Textdokument.txt
2013-07-07 02:08 - 2013-07-07 02:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
116

==================== One Month Modified Files and Folders =======

2013-07-31 15:53 - 2008-01-21 03:53 - 01311655 _____ C:\Windows\WindowsUpdate.log
2013-07-31 15:45 - 2009-12-03 19:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 15:32 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 15:32 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 15:02 - 2013-02-25 18:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 12:32 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\tracing
2013-07-31 09:33 - 2012-07-09 13:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-31 09:32 - 2010-04-27 19:54 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-07-31 09:32 - 2009-12-03 19:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 09:32 - 2009-04-30 17:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-31 09:32 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 22:55 - 2006-11-02 17:42 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-30 22:37 - 2013-07-30 22:37 - 00891098 _____ C:\Users\Mietke\Desktop\SecurityCheck.exe
2013-07-30 22:16 - 2010-10-01 22:36 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\TS3Client
2013-07-30 19:18 - 2013-07-30 19:18 - 02347384 _____ (ESET) C:\Users\Mietke\Downloads\esetsmartinstaller_enu.exe
2013-07-30 19:18 - 2013-07-30 19:18 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-30 13:24 - 2013-07-30 13:24 - 00001124 _____ C:\Users\Mietke\Desktop\JRT.txt
2013-07-30 13:16 - 2013-07-30 13:16 - 00009330 _____ C:\Users\Mietke\Desktop\AdwCleaner[S4].txt
2013-07-30 13:10 - 2013-07-30 13:10 - 00009330 _____ C:\AdwCleaner[S4].txt
2013-07-30 13:10 - 2013-07-30 13:10 - 00000276 _____ C:\Windows\DeleteOnReboot.bat
2013-07-30 13:09 - 2013-07-30 13:09 - 00000347 _____ C:\AdwCleaner[S3].txt
2013-07-30 13:08 - 2013-07-30 13:08 - 00022799 _____ C:\Users\Mietke\Desktop\ComboFix2.txt
2013-07-30 11:30 - 2013-07-30 11:30 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Mietke\Downloads\JRT.exe
2013-07-30 11:28 - 2013-07-30 11:28 - 00666633 _____ C:\Users\Mietke\Downloads\adwcleaner.exe
2013-07-30 11:15 - 2011-04-29 14:40 - 00031016 _____ C:\Windows\system32\spsys.log
2013-07-30 11:14 - 2013-02-25 19:35 - 00013166 _____ C:\Windows\PFRO.log
2013-07-29 17:05 - 2013-07-29 17:05 - 00013207 _____ C:\ComboFix.txt
2013-07-29 17:05 - 2013-02-21 18:51 - 00000000 ____D C:\Qoobox
2013-07-29 17:02 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-07-29 16:49 - 2013-02-21 18:50 - 00000000 ____D C:\32788R22FWJFW
2013-07-29 16:47 - 2013-07-29 16:47 - 05095176 ____R (Swearware) C:\Users\Mietke\Downloads\ComboFix.exe
2013-07-29 12:32 - 2013-07-29 12:28 - 00025376 _____ C:\Users\Mietke\Downloads\Addition.txt
2013-07-29 12:25 - 2013-07-29 12:25 - 00000000 ____D C:\FRST
2013-07-29 12:24 - 2013-07-29 12:23 - 01780547 _____ (Farbar) C:\Users\Mietke\Downloads\FRST64.exe
2013-07-29 11:18 - 2010-11-15 18:23 - 00000000 ____D C:\Games
2013-07-28 14:24 - 2012-10-05 16:21 - 00010246 _____ C:\Users\Mietke\Desktop\Gw2 Handelstabelle.ods
2013-07-27 11:04 - 2008-01-21 13:10 - 01474544 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 11:04 - 2008-01-21 13:09 - 00639210 _____ C:\Windows\system32\perfh007.dat
2013-07-27 11:04 - 2008-01-21 13:09 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-07-25 23:37 - 2013-07-25 23:37 - 00512825 _____ () C:\Users\Mietke\Downloads\FTB_Launcher.exe
2013-07-25 23:35 - 2013-07-25 23:35 - 00480057 _____ C:\Users\Mietke\Downloads\FTB_Launcher.jar
2013-07-25 23:16 - 2013-07-25 23:16 - 00512825 _____ () C:\Users\Mietke\Desktop\FTB_Launcher.exe
2013-07-23 21:50 - 2013-07-23 21:50 - 00000000 _____ C:\Users\Mietke\Desktop\server.log
2013-07-23 21:47 - 2013-07-23 21:47 - 02028089 _____ C:\Users\Mietke\Downloads\mcpatcher-4.1.0_04.exe
2013-07-23 21:41 - 2013-07-23 21:41 - 00000000 _____ C:\Users\Mietke\Downloads\server.log
2013-07-23 21:40 - 2013-07-23 21:37 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\ftblauncher
2013-07-23 12:21 - 2013-02-25 18:48 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-23 12:21 - 2013-02-25 18:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-23 12:21 - 2013-02-25 18:48 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-23 12:21 - 2011-03-05 12:21 - 00000000 ____D C:\Users\Mietke\AppData\Local\Adobe
2013-07-19 14:22 - 2011-03-18 15:05 - 00000000 ____D C:\Users\Mietke\AppData\Roaming\.minecraft
2013-07-17 12:46 - 2013-03-03 15:28 - 00002388 _____ C:\Windows\setupact.log
2013-07-13 12:50 - 2013-03-09 19:33 - 00002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 01:40 - 2009-12-03 19:01 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 01:40 - 2009-12-03 19:01 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 10:15 - 2006-11-02 17:21 - 04815240 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 10:13 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-12 01:12 - 2006-11-02 14:35 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-12 01:05 - 2013-07-12 01:05 - 00000000 ____D C:\Windows\PCHEALTH
2013-07-11 22:08 - 2013-07-08 17:15 - 00000016 _____ C:\Users\Mietke\Desktop\Neues Textdokument.txt
2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ___HD C:\Users\Mietke\Desktop\.updtmp
2013-07-10 20:13 - 2013-07-10 18:59 - 00000000 ____D C:\Users\Mietke\AppData\Local\fabi.me
2013-07-10 18:59 - 2013-07-10 18:59 - 00002026 _____ C:\Users\Public\Desktop\AutoClicker.exe.lnk
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\ProgramData\Macrovision
2013-07-10 18:59 - 2013-07-10 18:59 - 00000000 ____D C:\Program Files (x86)\Shark Software
2013-07-10 18:57 - 2013-07-10 18:57 - 08904974 _____ (Shark Software                                              ) C:\Users\Mietke\Downloads\setup.exe
2013-07-10 08:26 - 2009-04-28 18:55 - 00000000 ____D C:\Users\Mietke
2013-07-08 11:16 - 2012-05-28 22:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-07 02:09 - 2013-07-07 02:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-31 09:45

==================== End Of Log ============================
--- --- ---


ich meld mich dann die tage nochmal, ob das mit dem anit-virus-programm nochmal vorgekommen ist.

Aber die andauernde anzeige, das ein Update für windows verfügbar ist, hab ich immernoch.
eine idee, woher das kommen könnte?

Grüße

schrauber 31.07.2013 19:32
welches Update?

Lukas1234 31.07.2013 22:01
Ein windows-systemupdate. Jedes mal, wenn ich zustimme, das update zu installieren, ist, wenn ich das nächste mal den pc anschalte, wieder ein neues update verfügbar.

schrauber 01.08.2013 09:22
Ich brauch den Namen und die KB Nummer. ist es immer das gleiche Update?

Lukas1234 01.08.2013 20:11
das mit dem update hat sich gar erledigt

danke nochmal für die hilfe bei dem anderen problem :)

schrauber 02.08.2013 10:55
Dann sind wir fertig :)


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Lukas1234 02.08.2013 18:13
ist alles erledigt, danke schön.
kannst das abo löschen :D

schrauber 03.08.2013 07:30
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19