Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AVG konnte 2 Viren nicht entfernen (https://www.trojaner-board.de/152615-avg-konnte-2-viren-entfernen.html)

kenny killer 16.04.2014 19:13
AVG konnte 2 Viren nicht entfernen
 
ich habe vor kurzem AVG Internet Security heruntergeladen und einen Scan durchgeführt bei dem 14 Bedrohungen erkannt und nur 12 entfernt/gesichert wurden und jetzt bräuchte ich Hilfe die anderen 2 zu entfernen. ich hab mir die zwei Infektionen vom bericht kopiert und poste sie mal:

"";"Inline-Hook win32k.sys W32pArgumentTable+0x4944 -> 0xFFFFF95F80188B97, <unknown>";"Infiziert"

"";"Inline-Hook win32k.sys W32pArgumentTable+0x2A2C -> 0xFFFFF95F80186C9B, <unknown>";"Infiziert"

wäre dankbar für schnelle Hilfe.

schrauber 16.04.2014 19:27
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


kenny killer 16.04.2014 20:49

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02
Ran by David (administrator) on DAVID-PC on 16-04-2014 21:46:09
Running from C:\Users\David\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2544664 2014-04-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3321541&octid=EB_ORIGINAL_CTID&ISID=M6A1C4773-3B3B-450E-A796-3E069222F74B&SearchSource=55&CUI=&UM=5&UP=SP1BD7DDB0-AA0B-4A7E-B6EC-F05976CBCA47&SSPV=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={5BB138FE-514D-4A73-94B3-958FF9C30F74}&mid=dab0c44df6df47d28f406d4c05e1584f-1c958762862cf795f2146b9091817e6c7314fb80&lang=ge/finishurl=hxxp://toolbar.avg.com/p-install?lang=ge&ds=ht011&coid=avgtbdisht&cmpid=&pr=sa&d=2014-04-10 17:28:02&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SerialTrunc - {e76b4f24-4a2f-4e65-ad36-e2aa934e547c} - C:\Program Files (x86)\SerialTrunc\SerialTruncbho.dll No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (avast! Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-16]
CHR Extension: (Lamborghini Reventon Chrome Theme) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lffkcbaiahgpjjkjahpepcacjphbgfoo [2014-04-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-25]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-04-10] (AVG Secure Search)
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-25] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-25] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-04-10] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 21:46 - 2014-04-16 21:46 - 00014999 _____ () C:\Users\David\Desktop\FRST.txt
2014-04-16 21:46 - 2014-04-16 21:46 - 00000000 ____D () C:\FRST
2014-04-16 21:44 - 2014-04-16 21:44 - 02158592 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-04-15 16:57 - 2014-04-15 16:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG2014
2014-04-15 16:56 - 2014-04-15 18:29 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-15 16:56 - 2014-04-15 16:56 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ___HD () C:\$AVG
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\TuneUp Software
2014-04-15 16:55 - 2014-04-15 16:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-15 16:26 - 2014-04-16 21:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 16:26 - 2014-04-15 16:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-15 16:26 - 2014-04-15 16:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 16:25 - 2014-04-15 16:25 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-15 16:00 - 2014-04-15 16:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 00:44 - 2014-04-16 20:27 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-15 00:44 - 2014-04-16 18:15 - 00000000 ____D () C:\Users\David\AppData\Local\Avg2014
2014-04-15 00:44 - 2014-04-15 00:44 - 00000000 ____D () C:\Users\David\AppData\Local\MFAData
2014-04-15 00:28 - 2014-04-15 00:39 - 150392912 _____ (AVG Technologies) C:\Users\David\Downloads\avg_free_x86_all_2014_4569a7320.exe
2014-04-13 01:39 - 2014-04-16 18:31 - 00000000 ____D () C:\Program Files (x86)\SerialTrunc
2014-04-13 01:39 - 2014-04-13 01:40 - 00000004 _____ () C:\end
2014-04-13 01:39 - 2014-04-13 01:39 - 00003132 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-04-13 01:39 - 2014-04-13 01:39 - 00000000 ____D () C:\Users\David\AppData\Roaming\YourFileDownloader
2014-04-13 01:38 - 2014-04-13 01:38 - 07083456 _____ (hxxp://yourfiledownloader.com) C:\Users\David\Downloads\Minecraft-1.4.7-Kostenlose-Vollversion-d..._downloader.exe
2014-04-13 01:36 - 2014-04-15 15:54 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-04-13 01:35 - 2014-04-13 01:35 - 00675988 _____ () C:\Users\David\Downloads\Minecraft.exe
2014-04-12 21:19 - 2014-04-12 21:19 - 00000000 ____D () C:\Users\David\AppData\Local\{769884F2-AB3A-4FF2-9C25-32BB2EB751C3}
2014-04-10 18:18 - 2014-04-10 18:19 - 00000000 ____D () C:\Users\David\AppData\Local\{0291BC23-9815-4E7C-9523-F29B55A4B8F6}
2014-04-10 17:28 - 2014-04-10 21:28 - 00000000 ____D () C:\Users\David\AppData\Local\AVG SafeGuard toolbar
2014-04-10 17:28 - 2014-04-10 17:27 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-10 17:27 - 2014-04-10 17:28 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 ____D () C:\Program Files (x86)\HyperCam 2
2014-04-09 18:47 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 18:47 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 18:47 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 18:47 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 18:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 18:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 18:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 18:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 18:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 18:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 18:45 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 18:45 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 18:45 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 18:45 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 18:45 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 18:45 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-04 14:03 - 2014-04-04 14:03 - 00001779 _____ () C:\DelFix.txt
2014-04-03 19:10 - 2014-04-03 19:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\CyberLink
2014-04-03 17:53 - 2014-04-03 19:06 - 00001105 _____ () C:\Users\David\Documents\Lieder.txt
2014-04-02 23:01 - 2014-04-04 14:03 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 22:11 - 2014-04-04 14:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 22:11 - 2014-04-02 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-01 16:21 - 2014-04-04 14:01 - 00000000 ____D () C:\Windows\erdnt
2014-04-01 15:50 - 2014-04-04 14:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-31 21:24 - 2014-04-16 16:12 - 00001512 _____ () C:\Windows\setupact.log
2014-03-31 21:24 - 2014-03-31 21:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-31 21:23 - 2014-04-16 16:12 - 00074658 _____ () C:\Windows\PFRO.log
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Opera Software
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Local\Opera Software
2014-03-31 15:31 - 2014-04-04 13:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 19:12 - 2014-03-28 03:14 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-03-27 17:07 - 2014-03-27 17:07 - 00000000 ___RD () C:\MSOCache
2014-03-27 17:02 - 2014-03-28 00:55 - 00000000 ____D () C:\Users\David\AppData\Roaming\SoftGrid Client
2014-03-27 17:02 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Local\SoftGrid Client
2014-03-27 17:01 - 2014-03-28 03:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-03-27 17:01 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\TP
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-27 17:00 - 2014-03-27 17:00 - 00000000 ___RD () C:\Users\David\Documents\Notes
2014-03-26 19:13 - 2014-03-26 19:13 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-03-25 17:50 - 2014-03-25 17:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 16:14 - 2014-03-25 20:07 - 00000000 ____D () C:\ProgramData\PMS
2014-03-25 16:13 - 2014-03-25 16:14 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-03-25 16:13 - 2013-08-19 11:43 - 54431910 _____ () C:\Users\David\Downloads\pms-1.90.1-setup-full-x64.exe
2014-03-25 16:13 - 2013-08-19 11:43 - 53679694 _____ () C:\Users\David\Downloads\pms-1.90.1-setup-full.exe

==================== One Month Modified Files and Folders =======

2014-04-16 21:46 - 2014-04-16 21:46 - 00014999 _____ () C:\Users\David\Desktop\FRST.txt
2014-04-16 21:46 - 2014-04-16 21:46 - 00000000 ____D () C:\FRST
2014-04-16 21:44 - 2014-04-16 21:44 - 02158592 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-04-16 21:44 - 2014-04-15 16:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 21:37 - 2014-02-16 20:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 21:17 - 2014-02-16 20:51 - 01447480 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 20:27 - 2014-04-15 00:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-16 18:31 - 2014-04-13 01:39 - 00000000 ____D () C:\Program Files (x86)\SerialTrunc
2014-04-16 18:15 - 2014-04-15 00:44 - 00000000 ____D () C:\Users\David\AppData\Local\Avg2014
2014-04-16 16:20 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 16:20 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 16:13 - 2014-02-16 20:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 16:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 16:12 - 2014-03-31 21:24 - 00001512 _____ () C:\Windows\setupact.log
2014-04-16 16:12 - 2014-03-31 21:23 - 00074658 _____ () C:\Windows\PFRO.log
2014-04-15 18:29 - 2014-04-15 16:56 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-15 17:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-15 16:57 - 2014-04-15 16:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG2014
2014-04-15 16:56 - 2014-04-15 16:56 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ___HD () C:\$AVG
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\TuneUp Software
2014-04-15 16:55 - 2014-04-15 16:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-15 16:29 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-15 16:26 - 2014-04-15 16:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-15 16:26 - 2014-04-15 16:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 16:26 - 2011-08-22 19:09 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-15 16:25 - 2014-04-15 16:25 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-15 16:01 - 2014-02-19 19:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-15 16:00 - 2014-04-15 16:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 16:00 - 2014-02-19 19:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-15 16:00 - 2014-02-19 19:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-15 16:00 - 2014-02-19 19:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-15 16:00 - 2011-11-23 20:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 15:54 - 2014-04-13 01:36 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-04-15 15:47 - 2014-02-16 20:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-15 00:44 - 2014-04-15 00:44 - 00000000 ____D () C:\Users\David\AppData\Local\MFAData
2014-04-15 00:39 - 2014-04-15 00:28 - 150392912 _____ (AVG Technologies) C:\Users\David\Downloads\avg_free_x86_all_2014_4569a7320.exe
2014-04-14 19:01 - 2014-02-16 22:18 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-13 01:40 - 2014-04-13 01:39 - 00000004 _____ () C:\end
2014-04-13 01:39 - 2014-04-13 01:39 - 00003132 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-04-13 01:39 - 2014-04-13 01:39 - 00000000 ____D () C:\Users\David\AppData\Roaming\YourFileDownloader
2014-04-13 01:38 - 2014-04-13 01:38 - 07083456 _____ (hxxp://yourfiledownloader.com) C:\Users\David\Downloads\Minecraft-1.4.7-Kostenlose-Vollversion-d..._downloader.exe
2014-04-13 01:35 - 2014-04-13 01:35 - 00675988 _____ () C:\Users\David\Downloads\Minecraft.exe
2014-04-12 21:19 - 2014-04-12 21:19 - 00000000 ____D () C:\Users\David\AppData\Local\{769884F2-AB3A-4FF2-9C25-32BB2EB751C3}
2014-04-10 21:28 - 2014-04-10 17:28 - 00000000 ____D () C:\Users\David\AppData\Local\AVG SafeGuard toolbar
2014-04-10 18:19 - 2014-04-10 18:18 - 00000000 ____D () C:\Users\David\AppData\Local\{0291BC23-9815-4E7C-9523-F29B55A4B8F6}
2014-04-10 18:18 - 2014-03-09 20:58 - 00000000 ____D () C:\Users\David\AppData\Local\Windows Live
2014-04-10 17:28 - 2014-04-10 17:27 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-10 17:27 - 2014-04-10 17:28 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 ____D () C:\Program Files (x86)\HyperCam 2
2014-04-10 14:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-06 19:08 - 2011-03-11 11:20 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-04-06 19:08 - 2011-03-11 11:20 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-04-06 19:08 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 14:11 - 2014-04-01 15:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-04 14:09 - 2014-04-02 22:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 14:03 - 2014-04-04 14:03 - 00001779 _____ () C:\DelFix.txt
2014-04-04 14:03 - 2014-04-02 23:01 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 14:01 - 2014-04-01 16:21 - 00000000 ____D () C:\Windows\erdnt
2014-04-04 13:56 - 2014-03-31 15:31 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 13:55 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-03 19:13 - 2014-04-03 19:10 - 00000000 ____D () C:\Users\David\AppData\Roaming\CyberLink
2014-04-03 19:10 - 2011-08-22 19:38 - 00000000 ____D () C:\Users\Public\CyberLink
2014-04-03 19:06 - 2014-04-03 17:53 - 00001105 _____ () C:\Users\David\Documents\Lieder.txt
2014-04-02 22:46 - 2009-07-14 07:08 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-02 22:11 - 2014-04-02 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-01 16:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-01 16:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-31 21:24 - 2014-03-31 21:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-31 20:54 - 2014-03-03 05:26 - 00000000 ____D () C:\Windows\Minidump
2014-03-31 20:54 - 2014-02-26 19:19 - 00000000 ____D () C:\Users\David\AppData\Local\CrashDumps
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Opera Software
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Local\Opera Software
2014-03-31 15:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-31 03:16 - 2014-04-09 18:47 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 18:47 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-28 16:21 - 2014-02-16 20:58 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-03-28 03:28 - 2014-03-27 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-03-28 03:28 - 2014-02-25 01:26 - 01648846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-28 03:14 - 2014-03-27 19:12 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-03-28 00:55 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\SoftGrid Client
2014-03-28 00:32 - 2014-02-16 20:52 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 00:32 - 2014-02-16 20:52 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 17:07 - 2014-03-27 17:07 - 00000000 ___RD () C:\MSOCache
2014-03-27 17:02 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Local\SoftGrid Client
2014-03-27 17:02 - 2014-03-27 17:01 - 00000000 ____D () C:\Users\David\AppData\Roaming\TP
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-27 17:01 - 2011-08-22 19:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-27 17:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-27 17:00 - 2014-03-27 17:00 - 00000000 ___RD () C:\Users\David\Documents\Notes
2014-03-26 19:13 - 2014-03-26 19:13 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-03-26 19:13 - 2014-02-16 21:16 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2014-03-25 20:07 - 2014-03-25 16:14 - 00000000 ____D () C:\ProgramData\PMS
2014-03-25 17:50 - 2014-03-25 17:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 17:50 - 2014-02-16 22:18 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-25 17:50 - 2014-02-16 22:18 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-25 17:43 - 2014-02-24 20:02 - 00000000 ____D () C:\Users\David\Installierte Programme
2014-03-25 16:14 - 2014-03-25 16:13 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-03-25 16:01 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-21 15:07 - 2014-02-22 02:27 - 00000000 ____D () C:\Users\David\Documents\Snagit
2014-03-19 12:40 - 2014-02-16 20:54 - 00000000 ____D () C:\Users\David

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8lrg0_.dll
C:\Users\David\AppData\Local\Temp\htmlayout.dll
C:\Users\David\AppData\Local\Temp\nsg56A2.exe
C:\Users\David\AppData\Local\Temp\nsg5A99.exe
C:\Users\David\AppData\Local\Temp\nsg78C6.exe
C:\Users\David\AppData\Local\Temp\nsv7CCC.exe
C:\Users\David\AppData\Local\Temp\nsw9A4.exe
C:\Users\David\AppData\Local\Temp\oi_{62A45ED5-298D-4A10-A527-F55D60CC93E7}.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\sp-downloader.exe
C:\Users\David\AppData\Local\Temp\SPSetup.exe
C:\Users\David\AppData\Local\Temp\toolbar21197353.exe
C:\Users\David\AppData\Local\Temp\toolbar21266025.exe
C:\Users\David\AppData\Local\Temp\uninstall-updater194923.exe
C:\Users\David\AppData\Local\Temp\uninstall125222.exe
C:\Users\David\AppData\Local\Temp\uninstall137889.exe
C:\Users\David\AppData\Local\Temp\uninstall137904.exe
C:\Users\David\AppData\Local\Temp\uninstall208448.exe
C:\Users\David\AppData\Local\Temp\vp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 00:39

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2014 02
Ran by David at 2014-04-16 21:46:43
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11013 - Advanced Micro Devices, Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61013.1636 - Advanced Micro Devices, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden
ccc-utility64 (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
MAGIX Music Maker MX Premium Update (Version: 18.0.4.1 - MAGIX AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
SerialTrunc (HKLM\...\SerialTrunc) (Version: 2014.04.12.003922 - SerialTrunc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

04-04-2014 12:03:34 Ende der Bereinigung
10-04-2014 01:00:13 Windows Update
14-04-2014 17:00:51 avast! antivirus system restore point
15-04-2014 13:59:55 Removed Java 7 Update 51
15-04-2014 14:00:34 Installed Java 7 Update 51
15-04-2014 14:29:56 Removed AMD Catalyst Install Manager
15-04-2014 14:55:37 Installed AVG 2014
15-04-2014 14:55:56 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-01 16:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {58298F5D-F37A-4D82-BED2-72D2369F5D48} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {5DB32C8A-1929-4E15-8ABE-FED852798538} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-25] (AVAST Software)
Task: {9D407A18-1858-45E0-B8CC-7F1976F4A3B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-15] (Adobe Systems Incorporated)
Task: {B81FD374-F1DF-4433-84E5-E7C2656742F5} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: {CBEBDA5C-8437-4442-BBCC-D64DFA7B6E4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {FD571FE4-0687-41B9-B069-7473D93604E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-10 17:27 - 2014-04-10 17:27 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
2014-04-10 17:27 - 2014-04-10 17:27 - 02544664 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2011-10-14 03:01 - 2011-10-14 03:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-16 00:25 - 2014-04-16 00:25 - 02212352 _____ () C:\Program Files\AVAST Software\Avast\defs\14041501\algo.dll
2014-04-16 20:15 - 2014-04-16 20:15 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041601\algo.dll
2014-04-10 17:27 - 2014-04-10 17:27 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2010-08-04 01:39 - 2010-08-04 01:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 01:39 - 2010-08-04 01:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-02-16 22:18 - 2014-02-16 22:18 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-10 17:27 - 2014-04-10 17:27 - 01603608 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2014-02-18 18:07 - 2014-02-18 18:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2011-08-22 18:03 - 2011-05-20 19:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-04-15 15:47 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-15 15:47 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-15 15:47 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-15 15:47 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-15 15:47 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-15 15:47 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 04:23:46 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (04/16/2014 04:14:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/15/2014 04:33:48 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}


System errors:
=============
Error: (04/16/2014 04:13:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/16/2014 04:13:42 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (04/16/2014 04:13:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util SerialTrunc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5

Error: (04/16/2014 04:13:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update SerialTrunc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5

Error: (04/16/2014 04:32:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util SerialTrunc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5

Error: (04/16/2014 00:32:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util SerialTrunc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5

Error: (04/15/2014 08:32:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util SerialTrunc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5


Microsoft Office Sessions:
=========================
Error: (04/16/2014 04:23:46 PM) (Source: CVHSVC)(User: )
Description: Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (04/16/2014 04:14:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC)(User: )
Description: Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC)(User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC)(User: )
Description: Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC)(User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC)(User: )
Description: Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC)(User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/16/2014 04:13:46 PM) (Source: CVHSVC)(User: )
Description: Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (04/15/2014 04:33:48 PM) (Source: CVHSVC)(User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}


CodeIntegrity Errors:
===================================
  Date: 2014-04-01 16:34:04.766
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-04-01 16:34:04.719
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 4077.64 MB
Available physical RAM: 1891.39 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 5977.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:820.87 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:0.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: C2D23E51)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

schrauber 17.04.2014 13:52
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

kenny killer 17.04.2014 14:58
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.04.2014
Suchlauf-Zeit: 15:15:54
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.17.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: David

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 266564
Verstrichene Zeit: 10 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 13
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [89778c742bd57a868d6c7ad049b9f20e],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [89778c742bd57a868d6c7ad049b9f20e],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}, In Quarantäne, [06faf20e827e44bc9a7c987eb74b06fa],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{033a4be2-42b1-4acb-a69f-d362922136f0}, In Quarantäne, [06faf20e827e44bc9a7c987eb74b06fa],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6BA82436-C754-4B49-B6AD-075AFA9FC625}, In Quarantäne, [06faf20e827e44bc9a7c987eb74b06fa],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6BA82436-C754-4B49-B6AD-075AFA9FC625}, In Quarantäne, [06faf20e827e44bc9a7c987eb74b06fa],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{033a4be2-42b1-4acb-a69f-d362922136f0}, In Quarantäne, [06faf20e827e44bc9a7c987eb74b06fa],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E76B4F24-4A2F-4E65-AD36-E2AA934E547C}, In Quarantäne, [06faf20e827e44bc9a7c987eb74b06fa],
PUP.Optional.SerialTrunc.A, HKU\S-1-5-21-674607549-3252579659-1989267460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E76B4F24-4A2F-4E65-AD36-E2AA934E547C}, In Quarantäne, [06faf20e827e44bc9a7c987eb74b06fa],
PUP.Optional.SerialTrunc.A, HKU\S-1-5-21-674607549-3252579659-1989267460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E76B4F24-4A2F-4E65-AD36-E2AA934E547C}, In Quarantäne, [06faf20e827e44bc9a7c987eb74b06fa],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SerialTrunc, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\SerialTrunc, In Quarantäne, [31cff60a718fe61a249a611911f14fb1],
PUP.Optional.SerialTrunc.A, HKU\S-1-5-21-674607549-3252579659-1989267460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SerialTrunc, In Quarantäne, [cb353ac652ae6a9686370b6f8d7519e7],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-674607549-3252579659-1989267460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?gd=&ctid=CT3321541&octid=EB_ORIGINAL_CTID&ISID=M6A1C4773-3B3B-450E-A796-3E069222F74B&SearchSource=55&CUI=&UM=5&UP=SP1BD7DDB0-AA0B-4A7E-B6EC-F05976CBCA47&SSPV=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?gd=&ctid=CT3321541&octid=EB_ORIGINAL_CTID&ISID=M6A1C4773-3B3B-450E-A796-3E069222F74B&SearchSource=55&CUI=&UM=5&UP=SP1BD7DDB0-AA0B-4A7E-B6EC-F05976CBCA47&SSPV=),Ersetzt,[0bf55ca4ef1102fe6f9829f419ebc739]

Ordner: 4
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\plugins, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\TEMP, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],

Dateien: 23
PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\sp-downloader.exe, In Quarantäne, [cc34be4226da8977a698e7303ac71be5],
PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [ae52ab55f8080cf4ff03e237e819b44c],
PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\toolbar21197353.exe, In Quarantäne, [4fb103fd45bbfa06a39b29ee5da4cd33],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\Temp\nsg56A2.exe, In Quarantäne, [8c74df217a860af60a09e341c04118e8],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\Temp\nsg5A99.exe, In Quarantäne, [8977817ff709669ab65da57f6a978e72],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\Temp\nsg78C6.exe, In Quarantäne, [b44cfa06a759649c9b7877ad51b054ac],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\Temp\nsv7CCC.exe, In Quarantäne, [9a66857b4ab623ddb65d26fe11f0f50b],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\Temp\nsw9A4.exe, In Quarantäne, [8b7560a049b7dd23f91a34f017eae31d],
PUP.Optional.YourFileDownloader, C:\Users\David\AppData\Local\Temp\uninstall-updater194923.exe, In Quarantäne, [3fc140c0d9270af644bf31ed2bd544bc],
PUP.Optional.YourFileDownloader, C:\Users\David\AppData\Local\Temp\uninstall125222.exe, In Quarantäne, [d62aa25e7c84dd2335ce61bde917af51],
PUP.Optional.YourFileDownloader, C:\Users\David\AppData\Local\Temp\uninstall137904.exe, In Quarantäne, [56aae719d22e33cd1fe4e13ddc24946c],
PUP.Optional.YourFileDownloader, C:\Users\David\AppData\Local\Temp\uninstall208448.exe, In Quarantäne, [af517f81ee128080e41f918d758b0ff1],
PUP.Optional.Conduit.A, C:\Users\David\AppData\Local\Temp\nsf9EE6\SpSetup.exe, In Quarantäne, [a55bd32da45c748c53afed2c3ac77f81],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc7568.exe, In Quarantäne, [af51ab559b65817f32e177ad6b961ee2],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc973B.exe, In Quarantäne, [1ce4a25e26da58a818fb6fb55ea34cb4],
PUP.Optional.YourFileDownloader, C:\Users\David\Downloads\Minecraft-1.4.7-Kostenlose-Vollversion-d..._downloader.exe, In Quarantäne, [14ecc739f8086e928a79f628c739cc34],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\SerialTrunc.ico, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\7za.exe, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\SerialTruncUninstall.exe, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.InstallState, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\7za.exe, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\BrowserAdapterS.7z, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],
PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.InstallState, In Quarantäne, [c33dcb357b85728e3587dc9e2cd6b749],

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v3.023 - Bericht erstellt am 17/04/2014 um 15:27:24
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : David - DAVID-PC
# Gestartet von : C:\Users\David\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : \END
Datei Gefunden : C:\END
Ordner Gefunden C:\Program Files (x86)\AVG SafeGuard toolbar
Ordner Gefunden C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden C:\ProgramData\AVG SafeGuard toolbar
Ordner Gefunden C:\ProgramData\AVG Secure Search
Ordner Gefunden C:\Users\David\AppData\Local\AVG SafeGuard toolbar
Ordner Gefunden C:\Users\David\AppData\LocalLow\AVG SafeGuard toolbar
Ordner Gefunden C:\Users\David\AppData\Roaming\yourfiledownloader

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AVG SafeGuard toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\YourFileDownloader
Schlüssel Gefunden : [x64] HKCU\Software\AVG SafeGuard toolbar
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\YourFileDownloader
Schlüssel Gefunden : HKLM\Software\AVG SafeGuard toolbar
Schlüssel Gefunden : HKLM\Software\AVG Security Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\Software\YourFileDownloader
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


*************************

AdwCleaner[R0].txt - [5723 octets] - [17/04/2014 15:27:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5783 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by David on 17.04.2014 at 15:48:17,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{0291BC23-9815-4E7C-9523-F29B55A4B8F6}
Successfully deleted: [Empty Folder] C:\Users\David\appdata\local\{769884F2-AB3A-4FF2-9C25-32BB2EB751C3}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.04.2014 at 15:53:42,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02
Ran by David (administrator) on DAVID-PC on 17-04-2014 15:54:44
Running from C:\Users\David\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2544664 2014-04-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (3D Graffiti) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabfebkdmghefegjmochekfnmiikkko [2014-04-16]
CHR Extension: (AdBlock Premium) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-04-16]
CHR Extension: (avast! Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-25]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-04-10] (AVG Secure Search)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-25] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-25] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-04-10] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-17] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 15:54 - 2014-04-17 15:54 - 00014032 _____ () C:\Users\David\Desktop\FRST.txt
2014-04-17 15:53 - 2014-04-17 15:53 - 00004664 _____ () C:\Users\David\Desktop\JRT.txt
2014-04-17 15:46 - 2014-04-17 15:47 - 01016261 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2014-04-17 15:27 - 2014-04-17 15:46 - 00000000 ____D () C:\AdwCleaner
2014-04-17 15:27 - 2014-04-17 15:27 - 00005895 _____ () C:\Users\David\Desktop\AdwCleaner[R0].txt
2014-04-17 15:26 - 2014-04-17 15:26 - 01426178 _____ () C:\Users\David\Desktop\adwcleaner.exe
2014-04-17 15:21 - 2014-04-17 15:21 - 00007556 _____ () C:\Users\David\Desktop\mbam.txt
2014-04-17 15:00 - 2014-04-17 15:00 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 15:00 - 2014-04-17 15:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 15:00 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 15:00 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 15:00 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-17 14:56 - 2014-04-17 14:58 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-16 21:46 - 2014-04-17 15:54 - 00000000 ____D () C:\FRST
2014-04-16 21:44 - 2014-04-16 21:44 - 02158592 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-04-15 16:57 - 2014-04-15 16:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG2014
2014-04-15 16:56 - 2014-04-15 18:29 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-15 16:56 - 2014-04-15 16:56 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ___HD () C:\$AVG
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\TuneUp Software
2014-04-15 16:55 - 2014-04-15 16:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-15 16:26 - 2014-04-17 15:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 16:26 - 2014-04-15 16:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-15 16:26 - 2014-04-15 16:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 16:25 - 2014-04-15 16:25 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-15 16:00 - 2014-04-15 16:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 00:44 - 2014-04-17 14:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-15 00:44 - 2014-04-16 18:15 - 00000000 ____D () C:\Users\David\AppData\Local\Avg2014
2014-04-15 00:44 - 2014-04-15 00:44 - 00000000 ____D () C:\Users\David\AppData\Local\MFAData
2014-04-15 00:28 - 2014-04-15 00:39 - 150392912 _____ (AVG Technologies) C:\Users\David\Downloads\avg_free_x86_all_2014_4569a7320.exe
2014-04-13 01:39 - 2014-04-13 01:39 - 00003132 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-04-13 01:36 - 2014-04-15 15:54 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-04-10 17:28 - 2014-04-10 21:28 - 00000000 ____D () C:\Users\David\AppData\Local\AVG SafeGuard toolbar
2014-04-10 17:28 - 2014-04-10 17:27 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-10 17:27 - 2014-04-10 17:28 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 ____D () C:\Program Files (x86)\HyperCam 2
2014-04-09 18:47 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 18:47 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 18:47 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 18:47 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 18:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 18:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 18:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 18:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 18:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 18:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 18:45 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 18:45 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 18:45 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 18:45 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 18:45 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 18:45 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-04 14:03 - 2014-04-04 14:03 - 00001779 _____ () C:\DelFix.txt
2014-04-03 19:10 - 2014-04-03 19:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\CyberLink
2014-04-03 17:53 - 2014-04-03 19:06 - 00001105 _____ () C:\Users\David\Documents\Lieder.txt
2014-04-02 23:01 - 2014-04-04 14:03 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 22:11 - 2014-04-17 15:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 22:11 - 2014-04-02 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-01 16:21 - 2014-04-04 14:01 - 00000000 ____D () C:\Windows\erdnt
2014-04-01 15:50 - 2014-04-04 14:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-31 21:24 - 2014-04-17 15:18 - 00001624 _____ () C:\Windows\setupact.log
2014-03-31 21:24 - 2014-03-31 21:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-31 21:23 - 2014-04-17 15:18 - 00081202 _____ () C:\Windows\PFRO.log
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Opera Software
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Local\Opera Software
2014-03-31 15:31 - 2014-04-04 13:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 19:12 - 2014-03-28 03:14 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-03-27 17:07 - 2014-03-27 17:07 - 00000000 ___RD () C:\MSOCache
2014-03-27 17:02 - 2014-03-28 00:55 - 00000000 ____D () C:\Users\David\AppData\Roaming\SoftGrid Client
2014-03-27 17:02 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Local\SoftGrid Client
2014-03-27 17:01 - 2014-03-28 03:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-03-27 17:01 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\TP
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-27 17:00 - 2014-03-27 17:00 - 00000000 ___RD () C:\Users\David\Documents\Notes
2014-03-26 19:13 - 2014-03-26 19:13 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-03-25 17:50 - 2014-03-25 17:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 16:14 - 2014-03-25 20:07 - 00000000 ____D () C:\ProgramData\PMS
2014-03-25 16:13 - 2014-03-25 16:14 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-03-25 16:13 - 2013-08-19 11:43 - 54431910 _____ () C:\Users\David\Downloads\pms-1.90.1-setup-full-x64.exe
2014-03-25 16:13 - 2013-08-19 11:43 - 53679694 _____ () C:\Users\David\Downloads\pms-1.90.1-setup-full.exe

==================== One Month Modified Files and Folders =======

2014-04-17 15:55 - 2014-04-17 15:54 - 00014032 _____ () C:\Users\David\Desktop\FRST.txt
2014-04-17 15:54 - 2014-04-16 21:46 - 00000000 ____D () C:\FRST
2014-04-17 15:53 - 2014-04-17 15:53 - 00004664 _____ () C:\Users\David\Desktop\JRT.txt
2014-04-17 15:47 - 2014-04-17 15:46 - 01016261 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2014-04-17 15:46 - 2014-04-17 15:27 - 00000000 ____D () C:\AdwCleaner
2014-04-17 15:44 - 2014-04-15 16:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 15:38 - 2014-02-16 20:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 15:27 - 2014-04-17 15:27 - 00005895 _____ () C:\Users\David\Desktop\AdwCleaner[R0].txt
2014-04-17 15:26 - 2014-04-17 15:26 - 01426178 _____ () C:\Users\David\Desktop\adwcleaner.exe
2014-04-17 15:25 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 15:25 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 15:21 - 2014-04-17 15:21 - 00007556 _____ () C:\Users\David\Desktop\mbam.txt
2014-04-17 15:20 - 2014-04-02 22:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 15:18 - 2014-03-31 21:24 - 00001624 _____ () C:\Windows\setupact.log
2014-04-17 15:18 - 2014-03-31 21:23 - 00081202 _____ () C:\Windows\PFRO.log
2014-04-17 15:18 - 2014-02-16 22:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-17 15:18 - 2014-02-16 20:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 15:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 15:17 - 2014-02-16 20:51 - 01481309 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 15:17 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-17 15:00 - 2014-04-17 15:00 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 15:00 - 2014-04-17 15:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 14:59 - 2014-04-15 00:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-17 14:58 - 2014-04-17 14:56 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-16 21:44 - 2014-04-16 21:44 - 02158592 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-04-16 18:15 - 2014-04-15 00:44 - 00000000 ____D () C:\Users\David\AppData\Local\Avg2014
2014-04-15 18:29 - 2014-04-15 16:56 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-15 17:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-15 16:57 - 2014-04-15 16:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG2014
2014-04-15 16:56 - 2014-04-15 16:56 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ___HD () C:\$AVG
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\TuneUp Software
2014-04-15 16:55 - 2014-04-15 16:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-15 16:29 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-15 16:26 - 2014-04-15 16:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-15 16:26 - 2014-04-15 16:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 16:26 - 2011-08-22 19:09 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-15 16:25 - 2014-04-15 16:25 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-15 16:01 - 2014-02-19 19:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-15 16:00 - 2014-04-15 16:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 16:00 - 2014-02-19 19:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-15 16:00 - 2014-02-19 19:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-15 16:00 - 2014-02-19 19:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-15 16:00 - 2011-11-23 20:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 15:54 - 2014-04-13 01:36 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-04-15 15:47 - 2014-02-16 20:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-15 00:44 - 2014-04-15 00:44 - 00000000 ____D () C:\Users\David\AppData\Local\MFAData
2014-04-15 00:39 - 2014-04-15 00:28 - 150392912 _____ (AVG Technologies) C:\Users\David\Downloads\avg_free_x86_all_2014_4569a7320.exe
2014-04-13 01:39 - 2014-04-13 01:39 - 00003132 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-04-10 21:28 - 2014-04-10 17:28 - 00000000 ____D () C:\Users\David\AppData\Local\AVG SafeGuard toolbar
2014-04-10 18:18 - 2014-03-09 20:58 - 00000000 ____D () C:\Users\David\AppData\Local\Windows Live
2014-04-10 17:28 - 2014-04-10 17:27 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-10 17:27 - 2014-04-10 17:28 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 ____D () C:\Program Files (x86)\HyperCam 2
2014-04-10 14:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-06 19:08 - 2011-03-11 11:20 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-04-06 19:08 - 2011-03-11 11:20 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-04-06 19:08 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 14:11 - 2014-04-01 15:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-04 14:03 - 2014-04-04 14:03 - 00001779 _____ () C:\DelFix.txt
2014-04-04 14:03 - 2014-04-02 23:01 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 14:01 - 2014-04-01 16:21 - 00000000 ____D () C:\Windows\erdnt
2014-04-04 13:56 - 2014-03-31 15:31 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 13:55 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-03 19:13 - 2014-04-03 19:10 - 00000000 ____D () C:\Users\David\AppData\Roaming\CyberLink
2014-04-03 19:10 - 2011-08-22 19:38 - 00000000 ____D () C:\Users\Public\CyberLink
2014-04-03 19:06 - 2014-04-03 17:53 - 00001105 _____ () C:\Users\David\Documents\Lieder.txt
2014-04-03 09:51 - 2014-04-17 15:00 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-17 15:00 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-17 15:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 22:46 - 2009-07-14 07:08 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-02 22:11 - 2014-04-02 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-01 16:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-01 16:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-31 21:24 - 2014-03-31 21:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-31 20:54 - 2014-03-03 05:26 - 00000000 ____D () C:\Windows\Minidump
2014-03-31 20:54 - 2014-02-26 19:19 - 00000000 ____D () C:\Users\David\AppData\Local\CrashDumps
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Opera Software
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Local\Opera Software
2014-03-31 15:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-31 03:16 - 2014-04-09 18:47 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 18:47 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-28 16:21 - 2014-02-16 20:58 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-03-28 03:28 - 2014-03-27 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-03-28 03:28 - 2014-02-25 01:26 - 01648846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-28 03:14 - 2014-03-27 19:12 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-03-28 00:55 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\SoftGrid Client
2014-03-28 00:32 - 2014-02-16 20:52 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 00:32 - 2014-02-16 20:52 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 17:07 - 2014-03-27 17:07 - 00000000 ___RD () C:\MSOCache
2014-03-27 17:02 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Local\SoftGrid Client
2014-03-27 17:02 - 2014-03-27 17:01 - 00000000 ____D () C:\Users\David\AppData\Roaming\TP
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-27 17:01 - 2011-08-22 19:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-27 17:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-27 17:00 - 2014-03-27 17:00 - 00000000 ___RD () C:\Users\David\Documents\Notes
2014-03-26 19:13 - 2014-03-26 19:13 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-03-26 19:13 - 2014-02-16 21:16 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2014-03-25 20:07 - 2014-03-25 16:14 - 00000000 ____D () C:\ProgramData\PMS
2014-03-25 17:50 - 2014-03-25 17:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 17:50 - 2014-02-16 22:18 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-25 17:50 - 2014-02-16 22:18 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-25 17:43 - 2014-02-24 20:02 - 00000000 ____D () C:\Users\David\Installierte Programme
2014-03-25 16:14 - 2014-03-25 16:13 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-03-25 16:01 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-21 15:07 - 2014-02-22 02:27 - 00000000 ____D () C:\Users\David\Documents\Snagit
2014-03-19 12:40 - 2014-02-16 20:54 - 00000000 ____D () C:\Users\David

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8lrg0_.dll
C:\Users\David\AppData\Local\Temp\htmlayout.dll
C:\Users\David\AppData\Local\Temp\oi_{62A45ED5-298D-4A10-A527-F55D60CC93E7}.exe
C:\Users\David\AppData\Local\Temp\toolbar21266025.exe
C:\Users\David\AppData\Local\Temp\uninstall137889.exe
C:\Users\David\AppData\Local\Temp\vp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 00:39

==================== End Of Log ============================
--- --- ---

schrauber 18.04.2014 16:09

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

kenny killer 19.04.2014 17:30
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ba034acf0fd7654395a7e270f8b05488
# engine=17955
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-19 04:09:26
# local_time=2014-04-19 06:09:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777213 66 67 355415 2164768 0 0
# compatibility_mode=5893 16776574 100 94 349944 149553616 0 0
# scanned=187604
# found=3
# cleaned=0
# scan_time=4403
sh=A376AC1D1534D25FDCFB7D80AD3A61241C911FC2 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="D:\DAVID-PC\Backup Set 2013-02-24 190001\Backup Files 2013-02-24 190001\Backup files 2.zip"
sh=9D5C29D01D3CD907B27B404B7CC82E182C05F72F ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="D:\DAVID-PC\Backup Set 2013-02-24 190001\Backup Files 2013-02-24 190001\Backup files 5.zip"
sh=3527984FA2439C09454335C090E04C95B44C0553 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="D:\DAVID-PC\Backup Set 2013-02-24 190001\Backup Files 2013-04-30 144416\Backup files 5.zip"
Code:
Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2014 
avast! Antivirus           
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
 system32 AvastSvc.exe -?- 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by David (administrator) on DAVID-PC on 19-04-2014 18:28:44
Running from C:\Users\David\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2544664 2014-04-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (3D Graffiti) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabfebkdmghefegjmochekfnmiikkko [2014-04-16]
CHR Extension: (AdBlock Premium) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-04-16]
CHR Extension: (avast! Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-25]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-04-10] (AVG Secure Search)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-25] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-25] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-04-10] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-19 18:28 - 2014-04-19 18:28 - 00013961 _____ () C:\Users\David\Desktop\FRST.txt
2014-04-19 18:28 - 2014-04-19 18:28 - 00000000 ____D () C:\Users\David\Desktop\FRST-OlderVersion
2014-04-19 18:25 - 2014-04-19 18:25 - 00987448 _____ () C:\Users\David\Desktop\SecurityCheck.exe
2014-04-19 16:51 - 2014-04-19 16:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-19 16:48 - 2014-04-19 16:48 - 00000056 _____ () C:\Windows\setupact.log
2014-04-19 16:48 - 2014-04-19 16:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-18 18:58 - 2014-04-18 18:58 - 00000000 ____D () C:\Users\David\AppData\Local\Razer_Inc
2014-04-18 18:55 - 2014-04-18 18:55 - 00000000 ____D () C:\Users\David\Documents\Razer
2014-04-18 18:53 - 2014-04-18 19:01 - 00000000 ____D () C:\Users\David\AppData\Local\Razer
2014-04-18 18:53 - 2014-04-18 19:01 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-04-17 15:46 - 2014-04-17 15:47 - 01016261 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2014-04-17 15:27 - 2014-04-17 15:46 - 00000000 ____D () C:\AdwCleaner
2014-04-17 15:26 - 2014-04-17 15:26 - 01426178 _____ () C:\Users\David\Desktop\adwcleaner.exe
2014-04-17 15:00 - 2014-04-17 15:00 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 15:00 - 2014-04-17 15:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 15:00 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 15:00 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 15:00 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 21:46 - 2014-04-19 18:28 - 00000000 ____D () C:\FRST
2014-04-16 21:44 - 2014-04-19 18:28 - 02055680 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-04-15 16:57 - 2014-04-15 16:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG2014
2014-04-15 16:56 - 2014-04-15 18:29 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-15 16:56 - 2014-04-15 16:56 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ___HD () C:\$AVG
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\TuneUp Software
2014-04-15 16:55 - 2014-04-15 16:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-15 16:26 - 2014-04-19 17:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 16:26 - 2014-04-15 16:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-15 16:26 - 2014-04-15 16:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 16:25 - 2014-04-15 16:25 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-15 16:00 - 2014-04-15 16:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 00:44 - 2014-04-19 18:27 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-15 00:44 - 2014-04-16 18:15 - 00000000 ____D () C:\Users\David\AppData\Local\Avg2014
2014-04-15 00:44 - 2014-04-15 00:44 - 00000000 ____D () C:\Users\David\AppData\Local\MFAData
2014-04-15 00:28 - 2014-04-15 00:39 - 150392912 _____ (AVG Technologies) C:\Users\David\Downloads\avg_free_x86_all_2014_4569a7320.exe
2014-04-13 01:39 - 2014-04-13 01:39 - 00003132 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-04-13 01:36 - 2014-04-19 17:16 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-04-10 17:28 - 2014-04-10 21:28 - 00000000 ____D () C:\Users\David\AppData\Local\AVG SafeGuard toolbar
2014-04-10 17:28 - 2014-04-10 17:27 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-10 17:27 - 2014-04-10 17:28 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 ____D () C:\Program Files (x86)\HyperCam 2
2014-04-09 18:47 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 18:47 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 18:47 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 18:47 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 18:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 18:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 18:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 18:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 18:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 18:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 18:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 18:45 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 18:45 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 18:45 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 18:45 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 18:45 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 18:45 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-03 19:10 - 2014-04-03 19:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\CyberLink
2014-04-03 17:53 - 2014-04-03 19:06 - 00001105 _____ () C:\Users\David\Documents\Lieder.txt
2014-04-02 23:01 - 2014-04-04 14:03 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 22:11 - 2014-04-17 15:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 22:11 - 2014-04-02 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-01 16:21 - 2014-04-04 14:01 - 00000000 ____D () C:\Windows\erdnt
2014-04-01 15:50 - 2014-04-04 14:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Opera Software
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Local\Opera Software
2014-03-31 15:31 - 2014-04-04 13:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 19:12 - 2014-03-28 03:14 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-03-27 17:07 - 2014-03-27 17:07 - 00000000 ___RD () C:\MSOCache
2014-03-27 17:02 - 2014-03-28 00:55 - 00000000 ____D () C:\Users\David\AppData\Roaming\SoftGrid Client
2014-03-27 17:02 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Local\SoftGrid Client
2014-03-27 17:01 - 2014-03-28 03:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-03-27 17:01 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\TP
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-27 17:00 - 2014-03-27 17:00 - 00000000 ___RD () C:\Users\David\Documents\Notes
2014-03-26 19:13 - 2014-03-26 19:13 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-03-25 17:50 - 2014-03-25 17:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 16:14 - 2014-03-25 20:07 - 00000000 ____D () C:\ProgramData\PMS
2014-03-25 16:13 - 2014-03-25 16:14 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-03-25 16:13 - 2013-08-19 11:43 - 54431910 _____ () C:\Users\David\Downloads\pms-1.90.1-setup-full-x64.exe
2014-03-25 16:13 - 2013-08-19 11:43 - 53679694 _____ () C:\Users\David\Downloads\pms-1.90.1-setup-full.exe

==================== One Month Modified Files and Folders =======

2014-04-19 18:29 - 2014-04-19 18:28 - 00013961 _____ () C:\Users\David\Desktop\FRST.txt
2014-04-19 18:28 - 2014-04-19 18:28 - 00000000 ____D () C:\Users\David\Desktop\FRST-OlderVersion
2014-04-19 18:28 - 2014-04-16 21:46 - 00000000 ____D () C:\FRST
2014-04-19 18:28 - 2014-04-16 21:44 - 02055680 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-04-19 18:27 - 2014-04-15 00:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-19 18:25 - 2014-04-19 18:25 - 00987448 _____ () C:\Users\David\Desktop\SecurityCheck.exe
2014-04-19 17:44 - 2014-04-15 16:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-19 17:38 - 2014-02-16 20:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-19 17:16 - 2014-04-13 01:36 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-04-19 16:56 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 16:56 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 16:53 - 2014-02-16 20:51 - 01553016 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 16:51 - 2014-04-19 16:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-19 16:49 - 2014-02-16 20:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-19 16:48 - 2014-04-19 16:48 - 00000056 _____ () C:\Windows\setupact.log
2014-04-19 16:48 - 2014-04-19 16:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 16:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 00:44 - 2014-02-16 20:54 - 00000000 ____D () C:\Users\David
2014-04-18 19:01 - 2014-04-18 18:53 - 00000000 ____D () C:\Users\David\AppData\Local\Razer
2014-04-18 19:01 - 2014-04-18 18:53 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-04-18 18:58 - 2014-04-18 18:58 - 00000000 ____D () C:\Users\David\AppData\Local\Razer_Inc
2014-04-18 18:55 - 2014-04-18 18:55 - 00000000 ____D () C:\Users\David\Documents\Razer
2014-04-17 15:47 - 2014-04-17 15:46 - 01016261 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2014-04-17 15:46 - 2014-04-17 15:27 - 00000000 ____D () C:\AdwCleaner
2014-04-17 15:26 - 2014-04-17 15:26 - 01426178 _____ () C:\Users\David\Desktop\adwcleaner.exe
2014-04-17 15:20 - 2014-04-02 22:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 15:18 - 2014-02-16 22:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-17 15:17 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-17 15:00 - 2014-04-17 15:00 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 15:00 - 2014-04-17 15:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 18:15 - 2014-04-15 00:44 - 00000000 ____D () C:\Users\David\AppData\Local\Avg2014
2014-04-15 18:29 - 2014-04-15 16:56 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-15 17:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-15 16:57 - 2014-04-15 16:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG2014
2014-04-15 16:56 - 2014-04-15 16:56 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ___HD () C:\$AVG
2014-04-15 16:56 - 2014-04-15 16:56 - 00000000 ____D () C:\Users\David\AppData\Roaming\TuneUp Software
2014-04-15 16:55 - 2014-04-15 16:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-15 16:29 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-15 16:26 - 2014-04-15 16:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-15 16:26 - 2014-04-15 16:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 16:26 - 2011-08-22 19:09 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-15 16:25 - 2014-04-15 16:25 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-15 16:01 - 2014-02-19 19:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-15 16:00 - 2014-04-15 16:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 16:00 - 2014-02-19 19:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-15 16:00 - 2014-02-19 19:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-15 16:00 - 2014-02-19 19:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-15 16:00 - 2011-11-23 20:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 15:47 - 2014-02-16 20:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-15 00:44 - 2014-04-15 00:44 - 00000000 ____D () C:\Users\David\AppData\Local\MFAData
2014-04-15 00:39 - 2014-04-15 00:28 - 150392912 _____ (AVG Technologies) C:\Users\David\Downloads\avg_free_x86_all_2014_4569a7320.exe
2014-04-13 01:39 - 2014-04-13 01:39 - 00003132 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-04-10 21:28 - 2014-04-10 17:28 - 00000000 ____D () C:\Users\David\AppData\Local\AVG SafeGuard toolbar
2014-04-10 18:18 - 2014-03-09 20:58 - 00000000 ____D () C:\Users\David\AppData\Local\Windows Live
2014-04-10 17:28 - 2014-04-10 17:27 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-10 17:27 - 2014-04-10 17:28 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-10 17:27 - 2014-04-10 17:27 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 ____D () C:\Program Files (x86)\HyperCam 2
2014-04-10 14:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-06 19:08 - 2011-03-11 11:20 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-04-06 19:08 - 2011-03-11 11:20 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-04-06 19:08 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 14:11 - 2014-04-01 15:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-04 14:03 - 2014-04-02 23:01 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 14:01 - 2014-04-01 16:21 - 00000000 ____D () C:\Windows\erdnt
2014-04-04 13:56 - 2014-03-31 15:31 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 13:55 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-03 19:13 - 2014-04-03 19:10 - 00000000 ____D () C:\Users\David\AppData\Roaming\CyberLink
2014-04-03 19:10 - 2011-08-22 19:38 - 00000000 ____D () C:\Users\Public\CyberLink
2014-04-03 19:06 - 2014-04-03 17:53 - 00001105 _____ () C:\Users\David\Documents\Lieder.txt
2014-04-03 09:51 - 2014-04-17 15:00 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-17 15:00 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-17 15:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 22:46 - 2009-07-14 07:08 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-02 22:11 - 2014-04-02 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-01 16:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-01 16:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-31 20:54 - 2014-03-03 05:26 - 00000000 ____D () C:\Windows\Minidump
2014-03-31 20:54 - 2014-02-26 19:19 - 00000000 ____D () C:\Users\David\AppData\Local\CrashDumps
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Opera Software
2014-03-31 15:33 - 2014-03-31 15:33 - 00000000 ____D () C:\Users\David\AppData\Local\Opera Software
2014-03-31 15:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-31 03:16 - 2014-04-09 18:47 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 18:47 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-28 16:21 - 2014-02-16 20:58 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-03-28 03:28 - 2014-03-27 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-03-28 03:28 - 2014-02-25 01:26 - 01648846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 03:27 - 2014-03-28 03:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-28 03:14 - 2014-03-27 19:12 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-03-28 00:55 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\SoftGrid Client
2014-03-28 00:32 - 2014-02-16 20:52 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 00:32 - 2014-02-16 20:52 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 17:07 - 2014-03-27 17:07 - 00000000 ___RD () C:\MSOCache
2014-03-27 17:02 - 2014-03-27 17:02 - 00000000 ____D () C:\Users\David\AppData\Local\SoftGrid Client
2014-03-27 17:02 - 2014-03-27 17:01 - 00000000 ____D () C:\Users\David\AppData\Roaming\TP
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-27 17:01 - 2014-03-27 17:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-27 17:01 - 2011-08-22 19:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-27 17:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-27 17:00 - 2014-03-27 17:00 - 00000000 ___RD () C:\Users\David\Documents\Notes
2014-03-26 19:13 - 2014-03-26 19:13 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-03-26 19:13 - 2014-02-16 21:16 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2014-03-25 20:07 - 2014-03-25 16:14 - 00000000 ____D () C:\ProgramData\PMS
2014-03-25 17:50 - 2014-03-25 17:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 17:50 - 2014-02-16 22:18 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-25 17:50 - 2014-02-16 22:18 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-25 17:50 - 2014-02-16 22:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-25 17:43 - 2014-02-24 20:02 - 00000000 ____D () C:\Users\David\Installierte Programme
2014-03-25 16:14 - 2014-03-25 16:13 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-03-25 16:01 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-21 15:07 - 2014-02-22 02:27 - 00000000 ____D () C:\Users\David\Documents\Snagit

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 00:39

==================== End Of Log ============================
--- --- ---

schrauber 20.04.2014 18:01
Backups auf D löschen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

kenny killer 24.04.2014 09:29
hab alles wie beschrieben getan jedoch sind die vieren noch vorhanden.

schrauber 24.04.2014 20:03
Nein sind sind nicht, denn du hast meine letzte Frage ob noch Probleme da sind ignoriert, heisst für mich alles gut.

Warum seit ihr alle nicht im Stande meine Anweisungen bis zum Schluss zu lesen? Jeden Tag schreibe ich den gleichen Scheiss 10mal.

Was genau besteht noch an Problemen?

kenny killer 25.04.2014 17:26
sry muss ich mich wohl verlesen haben an der stelle, habe meinen scaner durchlaufen lassen und die 2 beschriebenen vieren sind noch vorhanden

schrauber 26.04.2014 08:26
Poste mal das Log des Scanners.

kenny killer 01.05.2014 16:59
hat sich erlediegt die den log hab ich nicht mehr und brauch ich auch nicht den der letzte scan gestern abend hat gezeigt das keine viren mehr vorhanden sind

schrauber 02.05.2014 16:32
ok :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131