Trojaner-Board - Win32/Jeefo.A loswerden

hab ich bitteschön

Combofix Logfile:

Code:

ComboFix 13-09-10.03 - U 11.09.2013  17:55:19.2.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8190.6144 [GMT 2:00]

ausgeführt von:: d:\users\U\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_PowerManager

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-08-11 bis 2013-09-11  ))))))))))))))))))))))))))))))

.

.

2013-09-11 15:59 . 2013-09-11 15:59        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-09-11 15:59 . 2013-09-11 15:59        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-09-11 08:18 . 2013-09-11 09:18        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-10 19:01 . 2013-09-10 19:01        --------        d-----w-        C:\FRST

2013-09-10 12:50 . 2013-09-10 12:50        --------        d-----w-        c:\programdata\Sophos

2013-09-10 12:50 . 2013-09-10 12:50        73728        ----a-r-        c:\users\U\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-09-10 12:50 . 2013-09-10 12:50        73728        ----a-r-        c:\users\U\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-09-10 12:50 . 2013-09-10 12:50        73728        ----a-r-        c:\users\U\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2013-09-10 12:50 . 2013-09-10 12:50        --------        d-----w-        c:\program files (x86)\Sophos

2013-09-10 12:30 . 2013-09-10 12:30        --------        d-----w-        c:\users\U\AppData\Roaming\AVG2014

2013-09-10 12:29 . 2013-09-10 12:46        --------        d-----w-        c:\users\U\AppData\Local\AVG Secure Search

2013-09-10 12:29 . 2013-09-10 12:29        --------        d-----w-        c:\users\U\AppData\Roaming\TuneUp Software

2013-09-10 12:29 . 2013-09-11 13:40        45856        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys

2013-09-10 12:29 . 2013-09-10 12:29        --------        d-----w-        c:\programdata\AVG Secure Search

2013-09-10 12:29 . 2013-09-10 12:29        --------        d-----w-        c:\program files (x86)\Common Files\AVG Secure Search

2013-09-10 12:29 . 2013-09-11 13:40        --------        d-----w-        c:\program files (x86)\AVG Secure Search

2013-09-10 12:28 . 2013-09-10 12:33        --------        d-----w-        c:\programdata\AVG2014

2013-09-10 12:28 . 2013-09-10 12:28        --------        d-----w-        C:\$AVG

2013-09-10 12:27 . 2013-09-10 12:27        --------        d-----w-        c:\program files (x86)\AVG

2013-09-10 12:25 . 2013-09-11 07:39        --------        d-----w-        c:\programdata\MFAData

2013-09-10 12:25 . 2013-09-10 12:43        --------        d-----w-        c:\users\U\AppData\Local\Avg2014

2013-09-10 12:25 . 2013-09-10 12:25        --------        d-----w-        c:\users\U\AppData\Local\MFAData

2013-09-05 18:56 . 2004-04-18 21:42        733184        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2013-09-05 18:56 . 2004-04-18 21:40        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2013-09-05 18:56 . 2004-04-18 21:39        266240        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2013-09-05 18:56 . 2004-04-18 21:39        172032        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2013-09-05 18:56 . 2004-04-18 21:39        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2013-09-05 18:56 . 2013-09-05 18:56        303236        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2013-09-05 18:56 . 2013-09-05 18:56        180356        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2013-09-05 18:46 . 2013-09-05 18:46        --------        d-----w-        c:\users\U\AppData\Roaming\Unity

2013-09-05 18:24 . 2013-09-05 18:24        --------        d-----w-        c:\users\U\AppData\Local\Unity

2013-08-22 21:25 . 2013-08-22 21:25        212280        ----a-w-        c:\windows\system32\drivers\avgldx64.sys

2013-08-22 21:08 . 2013-08-22 21:08        294712        ----a-w-        c:\windows\system32\drivers\avgloga.sys

2013-08-22 20:55 . 2013-08-22 20:55        241464        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys

2013-08-22 20:54 . 2013-08-22 20:54        192824        ----a-w-        c:\windows\system32\drivers\avgidsha.sys

2013-08-20 20:53 . 2013-08-20 20:53        123704        ----a-w-        c:\windows\system32\drivers\avgmfx64.sys

2013-08-15 12:52 . 2013-08-15 12:52        --------        d-----w-        c:\users\U\AppData\Local\Diagnostics

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-11 09:18 . 2013-04-26 00:29        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-02 12:36 . 2013-05-20 13:05        81112        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-09-02 12:36 . 2013-04-25 15:50        132088        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-09-02 12:36 . 2013-04-25 15:50        105344        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-08-01 14:07 . 2013-08-01 14:07        251192        ----a-w-        c:\windows\system32\drivers\avgtdia.sys

2013-08-01 14:06 . 2013-08-01 14:06        147768        ----a-w-        c:\windows\system32\drivers\avgdiska.sys

2013-08-01 14:04 . 2013-08-01 14:04        31544        ----a-w-        c:\windows\system32\drivers\avgrkx64.sys

2013-07-19 18:19 . 2013-07-03 15:56        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2013-07-19 18:19 . 2013-07-02 20:54        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-07-19 18:14 . 2013-07-02 20:54        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2013-07-03 16:33 . 2013-07-02 20:54        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2013-06-21 01:09 . 2013-06-21 01:09        42184        ----a-w-        c:\windows\system32\drivers\taphss6.sys

2013-06-19 11:54 . 2013-06-19 11:54        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll

2013-06-13 17:04 . 2013-06-13 17:01        231376        ----a-w-        c:\windows\system32\drivers\truecrypt.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EADM"="d:\origin\Origin.exe" [2013-08-27 3549528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-02 347192]

"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-09-11 2314416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0SCTBootTasks

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 X6va014;X6va014;c:\windows\SysWOW64\Drivers\X6va014;c:\windows\SysWOW64\Drivers\X6va014 [x]

R3 XFDriver64;XFDriver64;d:\xfire2\XFDriver64.sys;d:\xfire2\XFDriver64.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk64bit.sys;c:\windows\SYSNATIVE\drivers\elrawdsk64bit.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-26 09:18]

.

2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core.job

- c:\users\U\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-05 17:02]

.

2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA.job

- c:\users\U\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-05 17:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/16&hid=2758861023&lg=EN&cc=DE&unqvl=20

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll

FF - ProfilePath - c:\users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&CUI=UN13117919511767327&UM=1&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN13117919511767327&UM=1&q=

FF - ExtSQL: 2013-09-10 14:29; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\15.5.0.2

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\steam.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

AddRemove-Steam App 219540 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 33910 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 33930 - c:\program files (x86)\Steam\steam.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va014]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va014"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-904730392-2491290814-2578163216-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}*]

"jacbabbaklamadkjdlld"=hex:62,61,6d,62,00,ec

"jacbabbaklamadkjdlhd"=hex:62,61,62,70,00,01

"iaccmejlkdkacmcfoc"=hex:6b,61,6a,62,69,6f,65,69,6d,67,70,66,6c,6a,68,64,6f,65,

   6d,63,67,61,00,77

"haecofgldpchphem"=hex:6b,61,6a,62,69,6f,65,69,6d,67,70,66,6c,6a,68,64,6f,65,

   6d,63,67,61,00,77

"iaecofdfbilpngjbbf"=hex:61,62,6c,61,66,67,67,68,68,6f,6e,6a,61,62,68,66,64,6c,

   65,6d,69,67,66,67,67,68,6b,66,64,63,64,62,69,6b,00,00

"jafcdahdenadmhonnpip"=hex:62,61,69,62,00,01

"baad"=hex:64,61,6d,62,6f,64,6c,66,00,fe

"babd"=hex:64,61,6f,62,62,66,63,69,00,fe

"cahcmc"=hex:64,61,62,70,6c,67,6e,6b,00,fe

"cahcnc"=hex:64,61,63,70,65,67,68,6f,00,fe

"iahflmpafefbgecdea"=hex:65,61,6a,62,6f,68,6a,69,6e,63,00,77

"iahflmpafefbgecdba"=hex:65,61,6a,62,68,69,6e,68,65,6d,00,80

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E07D4006-45D1-19E7-101C-87C24E26C6D5}\InProcServer32*]

"jaiabkhpfnpfjebhomgn"=hex:63,61,6b,62,6f,70,00,76

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-09-11  18:06:32 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-09-11 16:06

.

Vor Suchlauf: 8.453.521.408 Bytes frei

Nach Suchlauf: 8.666.419.200 Bytes frei

.

- - End Of File - - C8C199F6C55F5F76D62617CF5D94435C

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/QUOTE]

Hier sind die

AdwCleaner Logfile:

Code:

# AdwCleaner v3.003 - Bericht erstellt am 12/09/2013 um 11:18:48

# Updated 07/09/2013 von Xplode

# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)

# Benutzername : U - U-PC

# Gestartet von : D:\Users\U\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\AVG Secure Search

Ordner Gelöscht : C:\ProgramData\StarApp

Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search

Ordner Gelöscht : C:\Program Files (x86)\Conduit

Ordner Gelöscht : C:\Program Files (x86)\SafeSaver

Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search

Ordner Gelöscht : C:\Users\U\AppData\Local\AVG Secure Search

Ordner Gelöscht : C:\Users\U\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\U\AppData\LocalLow\AVG Secure Search

Ordner Gelöscht : C:\Users\U\AppData\LocalLow\Conduit

Datei Gelöscht : C:\END

Datei Gelöscht : C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\\invalidprefs.js

Datei Gelöscht : C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\searchplugins\Conduit.xml

Datei Gelöscht : C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\searchplugins\WebSearch.xml
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar

Schlüssel Gelöscht : HKLM\Software\AVG Secure Search

Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\SP Global

Schlüssel Gelöscht : HKLM\Software\SProtector

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16537
 

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 

-\\ Mozilla Firefox v23.0.1 (de)
 

[ Datei : C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\prefs.js ]
 

Zeile gelöscht : user_pref("CT1561552.FF19Solved", "true");

Zeile gelöscht : user_pref("CT1561552.UserID", "UN13117919511767327");

Zeile gelöscht : user_pref("CT1561552.browser.search.defaultthis.engineName", "true");

Zeile gelöscht : user_pref("CT1561552.fullUserID", "UN13117919511767327.IN.20130811133058");

Zeile gelöscht : user_pref("CT1561552.installDate", "11/08/2013 13:30:58");

Zeile gelöscht : user_pref("CT1561552.installSessionId", "-1");

Zeile gelöscht : user_pref("CT1561552.installSp", "FALSE");

Zeile gelöscht : user_pref("CT1561552.installerVersion", "1.5.4.5");

Zeile gelöscht : user_pref("CT1561552.keyword", "true");

Zeile gelöscht : user_pref("CT1561552.originalHomepage", "google.de");

Zeile gelöscht : user_pref("CT1561552.originalSearchAddressUrl", "");

Zeile gelöscht : user_pref("CT1561552.originalSearchEngine", "Google");

Zeile gelöscht : user_pref("CT1561552.originalSearchEngineName", "AVG Secure Search");

Zeile gelöscht : user_pref("CT1561552.searchRevert", "false");

Zeile gelöscht : user_pref("CT1561552.searchUserMode", "1");

Zeile gelöscht : user_pref("CT1561552.smartbar.homepage", "true");

Zeile gelöscht : user_pref("CT1561552.versionFromInstaller", "10.16.9.6");

Zeile gelöscht : user_pref("CT1561552.xpeMode", "0");

Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);

Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);

Zeile gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2");

Zeile gelöscht : user_pref("avg.install.userSPSettings", "WebSearch");

Zeile gelöscht : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");

Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");

Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "Hotspot Shield Customized Web Search");

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&CUI=UN13117919511767327&UM=1&SearchSource=3&q={searchTerms}");

Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");

Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");

Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");

Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN13117919511767327&UM=1&q=");

Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT1561552");

Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1561552&CUI=UN13117919511767327&UM=1&SearchSource=13");

Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN13117919511767327&UM=1&q=");

Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT1561552");

Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT1561552");

Zeile gelöscht : user_pref("smartbar.machineId", "DKWTKCWAKB93MQI75N2UVXJZ7HRN0ZSUSWTX2NX7KY7OT2SZCFJZCEBFQ4SNLUYPYYP8YOZ+MA3LTOPEOMCASW");

Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");
 

-\\ Google Chrome v
 

[ Datei : C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [10779 octets] - [12/09/2013 11:17:10]

AdwCleaner[S0].txt - [10387 octets] - [12/09/2013 11:18:48]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10448 octets] ##########

--- --- ---

JRT.txt

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Ultimate x64
Ran by U on 12.09.2013 at 11:26:23,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-904730392-2491290814-2578163216-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Users\U\AppData\Roaming\mozilla\firefox\profiles\hw6pl1gi.default\invalidprefs.js
Emptied folder: C:\Users\U\AppData\Roaming\mozilla\firefox\profiles\hw6pl1gi.default\minidumps [83 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.09.2013 at 11:31:42,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02

Ran by U (administrator) on U-PC on 12-09-2013 11:33:29

Running from D:\Users\U\Desktop

Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)

HKCU\...\Run: [EADM] - D:\Origin\Origin.exe [3549528 2013-08-27] (Electronic Arts)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851248 2013-08-26] (AVG Technologies CZ, s.r.o.)

BootExecute: autocheck autochk * SCTBootTasks
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8455C68459AACE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default

FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");

FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\U\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\U\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\U\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: DownloadHelper - C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: No Name - C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (Gmail) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3534896 2013-08-27] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [300640 2013-08-20] (AVG Technologies CZ, s.r.o.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-03] ()

S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [197736 2013-06-03] ()

S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]

S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-08-22] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-08-22] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-08-22] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-08-22] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-08-01] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-09-11] (AVG Technologies)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-25] (Avira Operations GmbH & Co. KG)

R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk64bit.sys [23464 2008-07-26] (EldoS Corporation)

R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk64bit.sys [23464 2008-07-26] (EldoS Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

S3 XFDriver64; D:\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)

S3 XFDriver64; D:\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

S3 X6va014; \??\C:\Windows\SysWOW64\Drivers\X6va014 [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-09-12 11:26 - 2013-09-12 11:26 - 00000000 ____D C:\Windows\ERUNT

2013-09-12 11:16 - 2013-09-12 11:19 - 00000000 ____D C:\AdwCleaner

2013-09-11 18:06 - 2013-09-11 18:06 - 00021233 _____ C:\ComboFix.txt

2013-09-11 17:45 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-09-11 17:45 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-09-11 17:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-09-11 17:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-09-11 17:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-09-11 17:45 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-09-11 17:45 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-09-11 17:45 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-09-11 17:44 - 2013-09-11 18:06 - 00000000 ____D C:\Qoobox

2013-09-11 17:44 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\erdnt

2013-09-11 10:18 - 2013-09-11 11:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-10 21:01 - 2013-09-10 21:01 - 00000000 ____D C:\FRST

2013-09-10 17:01 - 2013-09-11 16:29 - 00000585 _____ C:\Users\Public\Desktop\Gameforge Live.lnk

2013-09-10 16:59 - 2013-09-10 17:02 - 00000000 ____D C:\Users\U\Downloads\Gameforge Live

2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\ProgramData\Sophos

2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\Program Files (x86)\Sophos

2013-09-10 14:30 - 2013-09-10 14:30 - 00000000 ____D C:\Users\U\AppData\Roaming\AVG2014

2013-09-10 14:29 - 2013-09-11 15:41 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

2013-09-10 14:29 - 2013-09-11 15:40 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-09-10 14:29 - 2013-09-10 14:29 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2013-09-10 14:29 - 2013-09-10 14:29 - 00000987 _____ C:\Users\Public\Desktop\AVG 2014.lnk

2013-09-10 14:29 - 2013-09-10 14:29 - 00000000 ____D C:\Users\U\AppData\Roaming\TuneUp Software

2013-09-10 14:28 - 2013-09-10 14:33 - 00000000 ____D C:\ProgramData\AVG2014

2013-09-10 14:28 - 2013-09-10 14:28 - 00000000 ____D C:\$AVG

2013-09-10 14:27 - 2013-09-10 14:27 - 00000000 ____D C:\Program Files (x86)\AVG

2013-09-10 14:25 - 2013-09-12 11:26 - 00000000 ____D C:\ProgramData\MFAData

2013-09-10 14:25 - 2013-09-10 14:43 - 00000000 ____D C:\Users\U\AppData\Local\Avg2014

2013-09-10 14:25 - 2013-09-10 14:25 - 00000000 ____D C:\Users\U\AppData\Local\MFAData

2013-09-05 20:46 - 2013-09-05 20:46 - 00000000 ____D C:\Users\U\AppData\Roaming\Unity

2013-09-05 20:24 - 2013-09-05 20:24 - 00000000 ____D C:\Users\U\AppData\Local\Unity

2013-09-05 19:02 - 2013-09-11 23:12 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA.job

2013-09-05 19:02 - 2013-09-11 19:12 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core.job

2013-09-05 19:02 - 2013-09-05 19:07 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA

2013-09-05 19:02 - 2013-09-05 19:07 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core

2013-09-05 19:02 - 2013-09-05 19:02 - 00000000 ____D C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2013-08-22 23:25 - 2013-08-22 23:25 - 00212280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys

2013-08-22 23:08 - 2013-08-22 23:08 - 00294712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys

2013-08-22 22:55 - 2013-08-22 22:55 - 00241464 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

2013-08-22 22:54 - 2013-08-22 22:54 - 00192824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys

2013-08-20 22:53 - 2013-08-20 22:53 - 00123704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

2013-08-17 19:55 - 2013-09-11 15:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

2013-09-12 11:31 - 2013-09-12 11:31 - 00001770 _____ C:\Users\U\Desktop\JRT.txt

2013-09-12 11:26 - 2013-09-12 11:26 - 00000000 ____D C:\Windows\ERUNT

2013-09-12 11:26 - 2013-09-10 14:25 - 00000000 ____D C:\ProgramData\MFAData

2013-09-12 11:25 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-12 11:25 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-12 11:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-12 11:20 - 2009-07-14 06:51 - 00043453 _____ C:\Windows\setupact.log

2013-09-12 11:19 - 2013-09-12 11:16 - 00000000 ____D C:\AdwCleaner

2013-09-12 11:19 - 2013-04-25 15:48 - 01282525 _____ C:\Windows\WindowsUpdate.log

2013-09-12 11:18 - 2013-04-26 02:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-12 11:17 - 2013-05-20 15:39 - 00000000 ____D C:\Users\U\AppData\Roaming\TS3Client

2013-09-11 23:12 - 2013-09-05 19:02 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA.job

2013-09-11 19:12 - 2013-09-05 19:02 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core.job

2013-09-11 18:06 - 2013-09-11 18:06 - 00021233 _____ C:\ComboFix.txt

2013-09-11 18:06 - 2013-09-11 17:44 - 00000000 ____D C:\Qoobox

2013-09-11 18:06 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default

2013-09-11 18:05 - 2013-09-11 17:44 - 00000000 ____D C:\Windows\erdnt

2013-09-11 18:03 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2013-09-11 18:02 - 2013-04-25 16:41 - 00116620 _____ C:\Windows\PFRO.log

2013-09-11 18:01 - 2009-07-14 04:34 - 56098816 _____ C:\Windows\system32\config\SOFTWARE.bak

2013-09-11 18:01 - 2009-07-14 04:34 - 17039360 _____ C:\Windows\system32\config\SYSTEM.bak

2013-09-11 18:01 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2013-09-11 18:01 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2013-09-11 18:01 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak

2013-09-11 17:51 - 2013-06-28 14:56 - 00000000 ____D C:\Program Files (x86)\Steam

2013-09-11 16:29 - 2013-09-10 17:01 - 00000585 _____ C:\Users\Public\Desktop\Gameforge Live.lnk

2013-09-11 15:41 - 2013-09-10 14:29 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

2013-09-11 15:41 - 2013-08-17 19:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-11 15:40 - 2013-09-10 14:29 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-09-11 11:18 - 2013-09-11 10:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-11 11:18 - 2013-04-26 02:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-11 11:18 - 2013-04-26 02:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-11 09:46 - 2013-04-26 02:06 - 00000000 ____D C:\Users\U\AppData\Roaming\Skype

2013-09-10 21:01 - 2013-09-10 21:01 - 00000000 ____D C:\FRST

2013-09-10 17:04 - 2013-04-25 17:19 - 00158741 _____ C:\Windows\DirectX.log

2013-09-10 17:03 - 2013-05-21 13:12 - 00000661 _____ C:\Users\Public\Desktop\AION Free-to-Play.lnk

2013-09-10 17:02 - 2013-09-10 16:59 - 00000000 ____D C:\Users\U\Downloads\Gameforge Live

2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\ProgramData\Sophos

2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\Program Files (x86)\Sophos

2013-09-10 14:43 - 2013-09-10 14:25 - 00000000 ____D C:\Users\U\AppData\Local\Avg2014

2013-09-10 14:39 - 2013-06-21 18:52 - 00000000 ____D C:\Windows\system32\appmgmt

2013-09-10 14:33 - 2013-09-10 14:28 - 00000000 ____D C:\ProgramData\AVG2014

2013-09-10 14:30 - 2013-09-10 14:30 - 00000000 ____D C:\Users\U\AppData\Roaming\AVG2014

2013-09-10 14:29 - 2013-09-10 14:29 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2013-09-10 14:29 - 2013-09-10 14:29 - 00000987 _____ C:\Users\Public\Desktop\AVG 2014.lnk

2013-09-10 14:29 - 2013-09-10 14:29 - 00000000 ____D C:\Users\U\AppData\Roaming\TuneUp Software

2013-09-10 14:28 - 2013-09-10 14:28 - 00000000 ____D C:\$AVG

2013-09-10 14:27 - 2013-09-10 14:27 - 00000000 ____D C:\Program Files (x86)\AVG

2013-09-10 14:25 - 2013-09-10 14:25 - 00000000 ____D C:\Users\U\AppData\Local\MFAData

2013-09-09 13:47 - 2013-05-20 15:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client

2013-09-08 15:49 - 2013-05-20 22:40 - 00000080 _____ C:\Users\U\AppData\Roaming\mBot.ini

2013-09-06 17:14 - 2013-05-20 22:48 - 00000000 ____D C:\Users\U\AppData\Roaming\Teeworlds

2013-09-05 20:56 - 2013-04-25 17:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-09-05 20:46 - 2013-09-05 20:46 - 00000000 ____D C:\Users\U\AppData\Roaming\Unity

2013-09-05 20:24 - 2013-09-05 20:24 - 00000000 ____D C:\Users\U\AppData\Local\Unity

2013-09-05 19:07 - 2013-09-05 19:02 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA

2013-09-05 19:07 - 2013-09-05 19:02 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core

2013-09-05 19:02 - 2013-09-05 19:02 - 00000000 ____D C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2013-09-05 19:02 - 2013-06-30 22:50 - 00000000 ____D C:\Users\U\AppData\Local\Google

2013-09-05 10:44 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-09-02 14:36 - 2013-05-20 15:05 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-09-02 14:36 - 2013-04-25 17:50 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-09-02 14:36 - 2013-04-25 17:50 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-08-27 13:59 - 2013-05-21 20:12 - 00000000 ____D C:\Users\U\AppData\Local\Sarkolata

2013-08-22 23:25 - 2013-08-22 23:25 - 00212280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys

2013-08-22 23:08 - 2013-08-22 23:08 - 00294712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys

2013-08-22 22:55 - 2013-08-22 22:55 - 00241464 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

2013-08-22 22:54 - 2013-08-22 22:54 - 00192824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys

2013-08-20 22:53 - 2013-08-20 22:53 - 00123704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

2013-08-18 11:38 - 2013-04-26 02:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-17 04:08 - 2013-05-24 16:44 - 00000000 ____D C:\Users\U\AppData\Local\PMB Files

2013-08-17 04:08 - 2013-05-24 16:44 - 00000000 ____D C:\ProgramData\PMB Files

2013-08-15 18:32 - 2013-04-25 15:57 - 00000000 ____D C:\Users\U\AppData\Local\VirtualStore

2013-08-15 14:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
 

Files to move or delete:

====================

C:\Users\U\AppData\Local\Temp\Quarantine.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-09-11 13:18
 

==================== End Of Log ============================

--- --- ---