| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.06.2013, 08:22
| #1 |
 |  FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Moin erstmal, ich habe nach einem Scan am heutigen frühen Morgen mit Avast herausgefunden, dass sich FindLyrics auf meinem Pc befindet. Leider weiß ich nicht wo ich den Avast Log finden kann, da diese Dateien scheinbar gut versteckt sind. :/ Secunia hab ich schon installiert. Ich wollte dann auch im Anschluss gerne nochmal diese Seite bzgl der Profile gegen alles möglich haben, wo diese Cookies u.a. mit geblockt werden. Außerdem steht überall was von Yontoo?...damit kann ich mal gar nix anfangen. Ich habe aber schon den OTL und den GMER Scan bereit, wobei OTL aus i-einem Grund keine Extra.txt auswarf: Code:
ATTFilter OTL logfile created on: 28.06.2013 05:43:45 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 63,22% Memory free 7,50 Gb Paging File | 6,05 Gb Available in Paging File | 80,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 197,34 Gb Free Space | 84,77% Space Free | Partition Type: NTFS Drive D: | 76,69 Gb Total Space | 9,92 Gb Free Space | 12,93% Space Free | Partition Type: NTFS Computer Name: xxx| User Name: xxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.28 05:43:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.05.01 06:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe PRC - [2013.05.01 06:11:08 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe PRC - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2013.04.18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 03:07:00 | 000,136,616 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe PRC - [2010.04.08 20:10:24 | 005,687,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV\TurboV.exe PRC - [2009.12.28 22:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ========== Modules (No Company Name) ========== MOD - [2013.06.28 04:31:25 | 000,013,600 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll MOD - [2013.05.15 06:57:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.15 06:57:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.04.20 00:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2013.02.07 22:31:00 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.07 22:30:33 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll MOD - [2013.02.07 22:30:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.07 22:30:15 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.11.21 05:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010.11.21 05:24:25 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2010.11.21 05:23:56 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2010.11.21 05:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.12.08 22:37:18 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\pngio.dll MOD - [2009.12.08 22:37:18 | 000,135,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\TVOCLIB.DLL ========== Services (SafeList) ========== SRV:64bit: - [2013.02.07 21:51:09 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.11 20:45:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.05.21 03:07:00 | 000,136,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.28 22:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.27 21:58:31 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.06.27 21:58:31 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.06.27 21:58:31 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.04.18 15:55:50 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI) DRV:64bit: - [2013.02.07 21:51:18 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2013.02.07 21:51:17 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2013.02.07 21:51:09 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2013.02.07 20:12:49 | 001,488,896 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.09.28 04:12:10 | 000,023,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UHSfiltv.sys -- (UHSfiltv) DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.08.23 14:08:08 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.24 19:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010.05.21 03:06:52 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.20 19:21:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.08 14:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2013.05.13 20:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hf2irw73.default\extensions [2013.05.08 20:34:39 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\hf2irw73.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.27 03:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.27 03:57:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.02.25 03:13:22 | 000,572,148 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost #[IPv6] O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 abcstats.com O1 - Hosts: 127.0.0.1 a.abv.bg O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 ca.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 csh.actiondesk.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 cms.ad2click.nl O1 - Hosts: 15484 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.) O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9674CBAF-6D39-479D-9BDA-7ECCDB552EF6}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.28 05:43:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013.06.27 18:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.27 18:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.27 04:29:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\.minecraft [2013.06.19 21:19:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.06.16 16:30:05 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.06.16 16:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition ========== Files - Modified Within 30 Days ========== [2013.06.28 05:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.28 05:43:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013.06.28 04:41:28 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.28 04:41:28 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.28 04:29:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.28 04:29:52 | 351,309,356 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.28 04:29:51 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys [2013.06.27 21:58:31 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.06.27 21:58:31 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.06.27 21:58:31 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.06.27 21:58:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.06.27 21:58:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.06.27 21:58:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.06.27 04:29:10 | 000,263,186 | ---- | M] () -- C:\Users\xxx\Desktop\Minecraft.exe [2013.06.27 03:57:51 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.19 20:54:29 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.06.19 20:30:03 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.19 20:30:03 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.19 20:30:03 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.19 20:30:03 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.19 20:30:03 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2013.06.27 21:58:31 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.06.27 04:29:09 | 000,263,186 | ---- | C] () -- C:\Users\xxx\Desktop\Minecraft.exe [2013.06.26 19:22:04 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.06.26 19:22:04 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.06.19 20:54:29 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.06.19 20:54:29 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.06.16 16:29:51 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.06.16 16:29:44 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.05.13 20:03:25 | 000,004,509 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\CamStudio.cfg [2013.03.02 14:40:04 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2013.02.05 18:17:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2013.02.04 21:41:40 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2013.02.04 21:41:40 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2013.02.04 21:37:38 | 000,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll [2013.02.04 21:37:35 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.02.04 20:43:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.28 04:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini [2012.09.28 04:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini [2012.09.28 04:12:10 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.27 18:07:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\.minecraft [2013.02.16 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2013.05.13 22:12:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client [2013.06.28 04:31:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Yontoo ========== Purity Check ========== < End of report >  |
|
28.06.2013, 09:28
| #2 |
| /// the machine /// TB-Ausbilder    | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
28.06.2013, 10:23
| #3 |
| | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Erstmal danke Schrauber, das du deine Zeit opferst um zu helfen
__________________ Dieses Yontoo ist schon wieder in den Scans gelistet ohne das ich es je installiert habe :/ Falls du mich wie andere hier fragst was DevPro ist. Dabei handelt es sich ähnlich wie bei Minecraft um ein Programm, an dem ein Kollege teilweise mitarbeitet. Es dient zum Testen eines Hobbys. Hier die gewünschten Scans (bitte nicht Wundern, habe meinen Namen mit xxx zensiert): FRST Scan: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by xxx(administrator) on 28-06-2013 11:13:42
Running from C:\Users\xxx\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Yontoo LLC) C:\Users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft) C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [Yontoo Desktop] "C:\Users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe" [42784 2013-05-01] (Yontoo LLC)
HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5687424 2010-04-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default
FF user.js: detected! => C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
==================== Services (Whitelisted) =================
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
R2 Yontoo Desktop Updater; C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552 2013-05-01] (Microsoft)
==================== Drivers (Whitelisted) ====================
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 08:40 - 2013-06-28 08:40 - 00096969 ____A C:\Users\xxx\Desktop\gmer.log
2013-06-28 05:48 - 2013-06-28 05:48 - 00065072 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:07 - 2013-06-27 18:08 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 04:29 - 2013-06-27 18:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:17 - 2013-06-19 21:18 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-19 20:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-19 20:45 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-19 20:45 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-19 20:45 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-19 20:45 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-19 20:45 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:27 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-16 16:27 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-16 16:20 - 2013-06-16 16:25 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-13 19:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 19:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 19:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 19:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 19:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 19:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 19:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 11:11 - 2013-02-08 21:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-06-28 10:45 - 2013-03-02 10:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 09:14 - 2013-03-02 14:37 - 00000000 ____D C:\Users\xxx\Desktop\Systemüberprüfung
2013-06-28 09:03 - 2009-07-14 06:51 - 00056096 ____A C:\Windows\setupact.log
2013-06-28 08:49 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 08:49 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 08:43 - 2013-05-13 20:02 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Yontoo
2013-06-28 08:42 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 08:41 - 2013-02-04 20:43 - 01840622 ____A C:\Windows\WindowsUpdate.log
2013-06-28 08:40 - 2013-06-28 08:40 - 00096969 ____A C:\Users\xxx\Desktop\gmer.log
2013-06-28 05:48 - 2013-06-28 05:48 - 00065072 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-28 04:30 - 2013-03-30 19:07 - 00000000 ____D C:\Windows\Minidump
2013-06-28 04:29 - 2013-03-30 19:07 - 351309356 ____A C:\Windows\MEMORY.DMP
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 21:58 - 2013-04-24 15:09 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:10 - 2013-02-08 14:06 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-27 18:10 - 2013-02-08 14:06 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-27 18:08 - 2013-06-27 18:07 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 18:07 - 2013-06-27 04:29 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 17:55 - 2013-02-08 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-27 03:57 - 2013-04-12 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 03:57 - 2013-02-08 14:05 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-26 22:00 - 2013-05-24 20:45 - 00000000 ____D C:\Users\xxx\Desktop\DevPro
2013-06-22 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:18 - 2013-06-19 21:17 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:54 - 2013-03-22 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-19 20:30 - 2010-11-21 08:50 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-19 20:30 - 2010-11-21 08:50 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-19 20:30 - 2009-07-14 07:13 - 01518986 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 20:21 - 2010-11-21 05:47 - 00012164 ____A C:\Windows\PFRO.log
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-18 20:04 - 2013-05-25 18:39 - 00000000 ____D C:\Users\xxx\Desktop\TCG_A
2013-06-16 17:31 - 2013-02-16 01:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2013-02-16 01:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:25 - 2013-06-16 16:20 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-14 00:19 - 2013-03-02 05:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-14 00:19 - 2013-02-08 14:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 22:14 - 2013-02-05 19:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-24 20:33
==================== End Of Log ============================
--- --- --- Addition Log Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013 Ran by xxx at 2013-06-28 11:14:07 Running from C:\Users\xxx\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122) AMD OverDrive (x32 Version: 3.2.2.0452) Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.18) ATI Catalyst Install Manager (Version: 3.0.732.0) Auslogics Disk Defrag (x32 Version: 3.6) avast! Free Antivirus (x32 Version: 8.0.1489.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Full New (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Light (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0614.2131.36800) Catalyst Control Center HydraVision Full (x32 Version: 2009.0614.2131.36800) Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Localization All (x32 Version: 2009.0614.2131.36800) CCC Help Chinese Standard (x32 Version: 2009.0614.2130.36800) CCC Help Chinese Traditional (x32 Version: 2009.0614.2130.36800) CCC Help Czech (x32 Version: 2009.0614.2130.36800) CCC Help Danish (x32 Version: 2009.0614.2130.36800) CCC Help Dutch (x32 Version: 2009.0614.2130.36800) CCC Help English (x32 Version: 2009.0614.2130.36800) CCC Help Finnish (x32 Version: 2009.0614.2130.36800) CCC Help French (x32 Version: 2009.0614.2130.36800) CCC Help German (x32 Version: 2009.0614.2130.36800) CCC Help Greek (x32 Version: 2009.0614.2130.36800) CCC Help Hungarian (x32 Version: 2009.0614.2130.36800) CCC Help Italian (x32 Version: 2009.0614.2130.36800) CCC Help Japanese (x32 Version: 2009.0614.2130.36800) CCC Help Korean (x32 Version: 2009.0614.2130.36800) CCC Help Norwegian (x32 Version: 2009.0614.2130.36800) CCC Help Polish (x32 Version: 2009.0614.2130.36800) CCC Help Portuguese (x32 Version: 2009.0614.2130.36800) CCC Help Russian (x32 Version: 2009.0614.2130.36800) CCC Help Spanish (x32 Version: 2009.0614.2130.36800) CCC Help Swedish (x32 Version: 2009.0614.2130.36800) CCC Help Thai (x32 Version: 2009.0614.2130.36800) CCC Help Turkish (x32 Version: 2009.0614.2130.36800) ccc-core-static (x32 Version: 2009.0614.2131.36800) ccc-utility64 (Version: 2009.0614.2131.36800) D3DX10 (x32 Version: 15.4.2368.0902) Fotogalerie (x32 Version: 16.4.3508.0205) HydraVision (x32 Version: 4.2.108.0) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Movie Maker (x32 Version: 16.4.3508.0205) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Photo Common (x32 Version: 16.4.3508.0205) Photo Gallery (x32 Version: 16.4.3508.0205) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5880) Revo Uninstaller 1.94 (x32 Version: 1.94) Secunia PSI (3.0.0.7009) (x32 Version: 3.0.0.7009) Skype™ 6.5 (x32 Version: 6.5.158) swMSM (x32 Version: 12.0.0.1) TeamSpeak 3 Client (HKCU Version: 3.0.10.1) TurboV (x32 Version: 1.02.05) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Windows Live Communications Platform (x32 Version: 16.4.3508.0205) Windows Live Essentials (x32 Version: 16.4.3508.0205) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3508.0205) Windows Live Messenger (x32 Version: 16.4.3508.0205) Windows Live Photo Common (x32 Version: 16.4.3508.0205) Windows Live PIMT Platform (x32 Version: 16.4.3508.0205) Windows Live SOXE (x32 Version: 16.4.3508.0205) Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205) Windows Live UX Platform (x32 Version: 16.4.3508.0205) Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205) Yontoo 2.053 (Version: 2.053) ==================== Restore Points ========================= 16-06-2013 14:26:45 Windows Live Essentials 16-06-2013 14:27:29 DirectX wurde installiert 16-06-2013 14:27:53 DirectX wurde installiert 16-06-2013 14:28:06 DirectX wurde installiert 16-06-2013 14:28:38 WLSetup 18-06-2013 17:36:04 Windows Update 19-06-2013 18:16:12 Revo Uninstaller's restore point - Secunia PSI (3.0.0.6005) 19-06-2013 18:28:14 Windows Update 19-06-2013 18:44:52 Windows Update 19-06-2013 18:45:01 Revo Uninstaller's restore point - Secunia PSI (3.0.0.7009) 19-06-2013 18:59:57 Windows Update 19-06-2013 19:17:11 Installed Java 7 Update 25 19-06-2013 19:18:47 Removed Java 7 Update 21 (64-bit) 25-06-2013 16:11:57 Windows Update 27-06-2013 16:08:45 Removed Java 7 Update 25 27-06-2013 16:09:58 Installed Java 7 Update 25 ==================== Hosts content: ========================== 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 aconti.net 127.0.0.1 secure.aconti.net 127.0.0.1 www.aconti.net #[Dialer.Aconti] 127.0.0.1 csh.actiondesk.com 127.0.0.1 www.activemeter.com #[Tracking.Cookie] 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] 127.0.0.1 cms.ad2click.nl 127.0.0.1 ad2games.com 127.0.0.1 ads.ad2games.com 127.0.0.1 content.ad20.net 127.0.0.1 core.ad20.net 127.0.0.1 banner.ad.nu There are more than 1000 lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {02C9BA4F-42AC-45BF-AFC9-DD5D3D475C58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {2A889B86-5664-46B2-9EFE-864B53292EBD} - System32\Tasks\ASUS\i-Setup203735 => C:\Windows\AMD_Chipset_V307320_Windows7\AsusSetup.exe [2013-02-07] (ASUSTek) Task: {AB561088-A822-47F0-B05E-6DFD95E74C4A} - System32\Tasks\ASUS\i-Setup205132 => C:\Windows\AMD_Chipset_V307320_Windows7\AsusSetup.exe [2013-02-07] (ASUSTek) Task: {AF7DD9E7-CB7B-4F0A-9DBF-ACEF859E345D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {CF3BA66B-6CFB-43B3-9902-6E5CA599271B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {D7B33AC5-B255-4902-9371-AA31F96FE7DC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {E00A506D-365D-480A-B43B-E5E12F43D780} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= Name: D-Link DWA-547 RangeBooster N650 Desktop Adapter Description: D-Link DWA-547 RangeBooster N650 Desktop Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: D-Link Corporation Service: athr Problem: : Your computer's system firmware does not include enough information to properly configure and use this device. To use this device, contact your computer manufacturer to obtain a firmware or BIOS update. (Code 35) Resolution: The Multiprocessor System (MPS) table, which stores the resource assignments for the BIOS, is missing an entry for your device and needs to be updated. Obtain a new BIOS from the system vendor. ==================== Event log errors: ========================= Application errors: ================== Error: (06/28/2013 08:43:48 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 04:31:39 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 06:09:25 PM) (Source: MsiInstaller) (User: xxx) Description: Produkt: Java 7 Update 25 -- Fehler 1500. Im Augenblick wird eine weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen, bevor Sie mit dieser Installation fortfahren können. Error: (06/27/2013 05:57:02 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 04:31:21 AM) (Source: Application Hang) (User: ) Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7d8 Startzeit: 01ce72de4d4b6915 Endzeit: 21 Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe Berichts-ID: a4ea1dcc-ded1-11e2-8eff-00248ca77df0 Error: (06/27/2013 04:30:31 AM) (Source: Application Hang) (User: ) Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9b0 Startzeit: 01ce72de27b04a70 Endzeit: 28 Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe Berichts-ID: 8862138b-ded1-11e2-8eff-00248ca77df0 Error: (06/27/2013 03:53:16 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2013 10:08:29 PM) (Source: Application Hang) (User: ) Description: Programm devpro.dll, Version 1.0.3.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1438 Startzeit: 01ce72a89835512f Endzeit: 10 Anwendungspfad: C:\Users\xxx\Desktop\DevPro\devpro.dll Berichts-ID: 2977f5df-de9c-11e2-a61a-00248ca77df0 Error: (06/26/2013 10:06:04 PM) (Source: Application Hang) (User: ) Description: Programm devpro.dll, Version 1.0.3.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 14f0 Startzeit: 01ce72a7dd6b420a Endzeit: 20 Anwendungspfad: C:\Users\xxx\Desktop\DevPro\devpro.dll Berichts-ID: d336efb2-de9b-11e2-a61a-00248ca77df0 Error: (06/26/2013 01:08:22 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/28/2013 09:03:24 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/28/2013 09:03:24 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/28/2013 09:03:23 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/28/2013 09:03:22 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/28/2013 04:33:01 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/28/2013 04:33:01 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/28/2013 04:32:59 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/28/2013 04:32:58 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/28/2013 04:30:12 AM) (Source: BugCheck) (User: ) Description: 0x0000001a (0x0000000000000411, 0xfffff680000750a0, 0x00000000c001fad2, 0xfffff6800008a219)C:\Windows\MEMORY.DMP062813-25303-01 Error: (06/27/2013 05:58:55 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= Error: (06/28/2013 08:43:48 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 04:31:39 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 06:09:25 PM) (Source: MsiInstaller)(User: xxx) Description: Produkt: Java 7 Update 25 -- Fehler 1500. Im Augenblick wird eine weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen, bevor Sie mit dieser Installation fortfahren können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (06/27/2013 05:57:02 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 04:31:21 AM) (Source: Application Hang)(User: ) Description: javaw.exe7.0.250.167d801ce72de4d4b691521C:\Program Files (x86)\Java\jre7\bin\javaw.exea4ea1dcc-ded1-11e2-8eff-00248ca77df0 Error: (06/27/2013 04:30:31 AM) (Source: Application Hang)(User: ) Description: javaw.exe7.0.250.169b001ce72de27b04a7028C:\Program Files (x86)\Java\jre7\bin\javaw.exe8862138b-ded1-11e2-8eff-00248ca77df0 Error: (06/27/2013 03:53:16 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2013 10:08:29 PM) (Source: Application Hang)(User: ) Description: devpro.dll1.0.3.1143801ce72a89835512f10C:\Users\xxx\Desktop\DevPro\devpro.dll2977f5df-de9c-11e2-a61a-00248ca77df0 Error: (06/26/2013 10:06:04 PM) (Source: Application Hang)(User: ) Description: devpro.dll1.0.3.114f001ce72a7dd6b420a20C:\Users\xxx\Desktop\DevPro\devpro.dlld336efb2-de9b-11e2-a61a-00248ca77df0 Error: (06/26/2013 01:08:22 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 43% Total physical RAM: 3839.18 MB Available physical RAM: 2158.49 MB Total Pagefile: 7676.54 MB Available Pagefile: 5837.33 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:195.74 GB) NTFS (Disk=0 Partition=2) Drive d: () (Fixed) (Total:76.69 GB) (Free:9.92 GB) NTFS (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 47F55653) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 77 GB) (Disk ID: 275D275C) Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
28.06.2013, 16:37
| #4 | |
| /// the machine /// TB-Ausbilder | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.06.2013, 18:05
| #5 |
| | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Ich soll lediglich die Viren-Scanner deaktivieren? Die Internetverbindung soll offen bleiben? Edit: Habs mit offener Internetverbindung durchgezogen. Hier das Log Code:
ATTFilter ComboFix 13-06-28.01 - xxx 28.06.2013 19:08:37.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3839.2447 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-28 bis 2013-06-28 ))))))))))))))))))))))))))))))
.
.
2013-06-28 17:15 . 2013-06-28 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-28 09:13 . 2013-06-28 09:13 -------- d-----w- C:\FRST
2013-06-27 16:10 . 2013-06-27 16:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-27 16:10 . 2013-06-27 16:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-27 16:10 . 2013-06-27 16:10 -------- d-----w- c:\program files (x86)\Java
2013-06-27 02:29 . 2013-06-27 16:07 -------- d-----w- c:\users\xxx\AppData\Roaming\.minecraft
2013-06-27 01:57 . 2013-06-18 14:22 263576 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-25 16:17 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3A6869C-549C-4880-9F61-6A43F3900734}\mpengine.dll
2013-06-19 19:19 . 2013-06-19 19:19 -------- d-----w- c:\windows\system32\appmgmt
2013-06-19 18:58 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-19 18:58 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-16 14:30 . 2013-06-16 14:30 -------- d-----w- c:\windows\de
2013-06-16 14:29 . 2013-06-16 14:29 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 14:28 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-06-16 14:28 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-06-16 14:28 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-06-16 14:28 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-06-16 14:28 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-06-16 14:28 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-06-16 14:28 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-06-16 14:28 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-06-16 14:28 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-06-16 14:28 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-06-16 14:27 . 2006-11-29 11:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-06-16 14:27 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-06-16 14:27 . 2013-06-16 14:27 94040 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8f3755231ce6a9d04\DSETUP.dll
2013-06-16 14:27 . 2013-06-16 14:27 525656 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8f3755231ce6a9d04\DXSETUP.exe
2013-06-16 14:27 . 2013-06-16 14:27 1691480 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8f3755231ce6a9d04\dsetup32.dll
2013-06-16 14:26 . 2013-06-16 14:26 537432 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8e2a59a41ce6a9d03\DXSETUP.exe
2013-06-16 14:26 . 2013-06-16 14:26 1801048 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8e2a59a41ce6a9d03\dsetup32.dll
2013-06-16 14:26 . 2013-06-16 14:26 89944 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8e2a59a41ce6a9d03\DSETUP.dll
2013-06-16 14:26 . 2013-06-16 14:26 89944 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c25cf091ce6a9d02\DSETUP.dll
2013-06-16 14:26 . 2013-06-16 14:26 537432 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c25cf091ce6a9d02\DXSETUP.exe
2013-06-16 14:26 . 2013-06-16 14:26 1801048 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c25cf091ce6a9d02\dsetup32.dll
2013-06-13 17:43 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 17:43 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 17:43 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-13 17:43 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-13 17:43 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-13 17:42 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 17:42 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-13 17:42 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 17:42 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 17:42 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 17:42 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 17:42 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-13 17:42 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-13 17:42 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-13 17:42 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-13 17:42 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-13 17:42 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 19:58 . 2013-04-24 13:09 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:58 . 2013-04-24 13:09 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:58 . 2013-04-24 13:09 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 16:10 . 2013-02-08 12:06 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-27 16:10 . 2013-02-08 12:06 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-13 20:14 . 2013-02-05 17:38 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 18:45 . 2013-02-04 19:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 18:45 . 2013-02-04 19:23 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 05:03 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-04-24 13:09 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-04-24 13:09 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-24 13:09 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-04-24 13:09 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-04-24 13:09 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-04-24 13:08 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-04 19:10 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-06 13:39 . 2013-05-15 04:49 9060352 ----a-w- c:\windows\system32\mshtml.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-19 19:06 . 2013-02-08 12:07 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-19 19:06 . 2013-02-08 12:07 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-18 13:55 . 2013-04-18 13:55 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-04-13 05:49 . 2013-05-15 04:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 04:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 04:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 04:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 04:50 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 04:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:29 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 04:50 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 04:50 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 04:49 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2013-03-09 12:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-05-01 04:12 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"Yontoo Desktop"="c:\users\xxx\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-05-01 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV"="c:\program files (x86)\ASUS\TurboV\TurboV.exe" [2010-04-08 5687424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
S3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-04 18:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extentions.y2layers.installId - 46837ead-54ed-49d5-86ee-d20c79c09ce7
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-28 19:24:16
ComboFix-quarantined-files.txt 2013-06-28 17:24
.
Vor Suchlauf: 7 Verzeichnis(se), 210.006.749.184 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 210.632.818.688 Bytes frei
.
- - End Of File - - 7231EFE495CCDFD0CCBA688F0245E703
A36C5E4F47E84449FF07ED3517B43A31
Es geht immernoch um dieses Yontoo. Es wird mir unter Programme und Funktionen angezeigt, allerdings nicht wenn ich den Revo Uninstaller nutze. Der findet sonst ja auch eigtl alles... Geändert von DukeYGO (28.06.2013 um 18:34 Uhr) |
|
28.06.2013, 18:39
| #6 |
| /// the machine /// TB-Ausbilder | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Das is Adware, die weigert sich halt en bissl Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ --> FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} |
|
28.06.2013, 19:17
| #7 |
| | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Anmerkung...pfiffig wie ich bin, hab ich den ersten Log von AdwCleaner nicht gespeichert, hab dann den gleichen Scan nochmal durchgeführt, keine Ahnung ob das gleichwertig ist...  Anmerkung 2: Neuerdings erscheint jetzt die Meldung beim Start...von Asus geöffnet offenbar: C:\Users\xxx\AppData\Temp\205132Logs.iniis lost Ist das ne wichtige Anmerkung? Hier der AdwLog Code:
ATTFilter # AdwCleaner v2.303 - Datei am 28/06/2013 um 19:56:15 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : xxx - xxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3298 octets] - [28/06/2013 19:52:34]
AdwCleaner[S2].txt - [782 octets] - [28/06/2013 19:56:15]
########## EOF - C:\AdwCleaner[S2].txt - [841 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by xxx on 28.06.2013 at 20:00:29,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\hf2irw73.default\minidumps [96 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.06.2013 at 20:04:48,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by xxx (administrator) on 28-06-2013 20:05:09
Running from C:\Users\xxx\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5687424 2010-04-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
==================== Services (Whitelisted) =================
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
==================== Drivers (Whitelisted) ====================
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-28 20:04 - 2013-06-28 20:04 - 00000755 ____A C:\Users\xxx\Desktop\JRT.txt
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:58 - 2013-06-28 19:58 - 00000909 ____A C:\Users\xxx\Desktop\AdwCleaner[S2].txt
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:51 - 2013-06-28 19:51 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-06-28 19:50 - 2013-06-28 19:50 - 00648201 ____A C:\Users\xxx\Desktop\adwcleaner.exe
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\Qoobox
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\ComboFix
2013-06-28 19:07 - 2013-06-28 19:22 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-28 19:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-28 19:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-28 19:04 - 2013-06-28 19:04 - 05083661 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-06-28 11:14 - 2013-06-28 11:14 - 00018474 ____A C:\Users\xxx\Desktop\Addition.txt
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 08:40 - 2013-06-28 08:40 - 00096969 ____A C:\Users\xxx\Desktop\gmer.log
2013-06-28 05:48 - 2013-06-28 05:48 - 00065072 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:07 - 2013-06-27 18:08 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 04:29 - 2013-06-27 18:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:17 - 2013-06-19 21:18 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-19 20:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-19 20:45 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-19 20:45 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-19 20:45 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-19 20:45 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-19 20:45 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:27 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-16 16:27 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-16 16:20 - 2013-06-16 16:25 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-13 19:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 19:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 19:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 19:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 19:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 19:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 19:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-06-28 20:05 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 20:05 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 20:04 - 2013-06-28 20:04 - 00000755 ____A C:\Users\xxx\Desktop\JRT.txt
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 20:00 - 2013-02-08 21:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-06-28 19:58 - 2013-06-28 19:58 - 00000909 ____A C:\Users\xxx\Desktop\AdwCleaner[S2].txt
2013-06-28 19:57 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 19:57 - 2009-07-14 06:51 - 00056712 ____A C:\Windows\setupact.log
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:53 - 2013-02-04 20:43 - 01878552 ____A C:\Windows\WindowsUpdate.log
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:51 - 2013-06-28 19:51 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-06-28 19:50 - 2013-06-28 19:50 - 00648201 ____A C:\Users\xxx\Desktop\adwcleaner.exe
2013-06-28 19:45 - 2013-03-02 10:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 19:25 - 2010-11-21 05:47 - 00012716 ____A C:\Windows\PFRO.log
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\Qoobox
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\ComboFix
2013-06-28 19:22 - 2013-06-28 19:07 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-28 19:04 - 2013-06-28 19:04 - 05083661 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-06-28 11:14 - 2013-06-28 11:14 - 00018474 ____A C:\Users\xxx\Desktop\Addition.txt
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 09:14 - 2013-03-02 14:37 - 00000000 ____D C:\Users\xxx\Desktop\Systemüberprüfung
2013-06-28 08:40 - 2013-06-28 08:40 - 00096969 ____A C:\Users\xxx\Desktop\gmer.log
2013-06-28 05:48 - 2013-06-28 05:48 - 00065072 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-28 04:30 - 2013-03-30 19:07 - 00000000 ____D C:\Windows\Minidump
2013-06-28 04:29 - 2013-03-30 19:07 - 351309356 ____A C:\Windows\MEMORY.DMP
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 21:58 - 2013-04-24 15:09 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:10 - 2013-02-08 14:06 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-27 18:10 - 2013-02-08 14:06 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-27 18:08 - 2013-06-27 18:07 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 18:07 - 2013-06-27 04:29 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 17:55 - 2013-02-08 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-27 03:57 - 2013-04-12 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 03:57 - 2013-02-08 14:05 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-26 22:00 - 2013-05-24 20:45 - 00000000 ____D C:\Users\xxx\Desktop\DevPro
2013-06-22 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:18 - 2013-06-19 21:17 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:54 - 2013-03-22 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-19 20:30 - 2010-11-21 08:50 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-19 20:30 - 2010-11-21 08:50 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-19 20:30 - 2009-07-14 07:13 - 01518986 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-18 20:04 - 2013-05-25 18:39 - 00000000 ____D C:\Users\xxx\Desktop\TCG_A
2013-06-16 17:31 - 2013-02-16 01:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2013-02-16 01:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:25 - 2013-06-16 16:20 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-14 00:19 - 2013-03-02 05:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-14 00:19 - 2013-02-08 14:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 22:14 - 2013-02-05 19:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-24 20:33
==================== End Of Log ============================
--- --- --- --- --- --- |
|
29.06.2013, 09:04
| #8 |
| /// the machine /// TB-Ausbilder | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Da fehlt ne temp-Datei, entfernen wir nachher. erstmal nach Überresten scannen. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2013, 10:48
| #9 |
| | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} So, ich habe alle Scans durchgeführt und im Vorhinein nochmal eine Frage. Java ist ja eh recht unsicher, ich halte das aber immer mit Secunia up to date. Ich hab aber die 32 bit version installiert, mein Pc läuft aber auf 64 bit. Wäre es sinnvoll umzusteigen? Die MVP Hostfiles werde ich im Anschluss auch mal wieder updaten...wird nötig nach 3 Monaten Da hab ich zugegebener Maßen geschlampt ^^Hier die Scans: Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c597cae99355c641a16eafe6358ce2cb
# engine=14197
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-29 09:21:58
# local_time=2013-06-29 11:21:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 134607 149211190 0 0
# compatibility_mode=5893 16776573 100 94 17217 124127568 0 0
# scanned=133086
# found=0
# cleaned=0
# scan_time=3606
Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Secunia PSI (3.0.0.7009) Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by xxx (administrator) on 29-06-2013 11:40:34
Running from C:\Users\xxx\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5687424 2010-04-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
==================== Services (Whitelisted) =================
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
==================== Drivers (Whitelisted) ====================
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-29 11:38 - 2013-06-29 11:38 - 00000820 ____A C:\Users\xxx\Desktop\checkup.txt
2013-06-29 10:18 - 2013-06-29 10:18 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-06-29 10:17 - 2013-06-29 10:17 - 02347384 ____A (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-28 20:51 - 2013-06-29 11:39 - 00000000 ____D C:\Users\xxx\Desktop\Neueste Scanversionen
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\Qoobox
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\ComboFix
2013-06-28 19:07 - 2013-06-28 19:22 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-28 19:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-28 19:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:07 - 2013-06-27 18:08 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 04:29 - 2013-06-28 23:33 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:17 - 2013-06-19 21:18 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-19 20:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-19 20:45 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-19 20:45 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-19 20:45 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-19 20:45 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-19 20:45 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:27 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-16 16:27 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-16 16:20 - 2013-06-16 16:25 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-13 19:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 19:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 19:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 19:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 19:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 19:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 19:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-06-29 11:39 - 2013-06-28 20:51 - 00000000 ____D C:\Users\xxx\Desktop\Neueste Scanversionen
2013-06-29 11:38 - 2013-06-29 11:38 - 00000820 ____A C:\Users\xxx\Desktop\checkup.txt
2013-06-29 11:37 - 2013-02-08 21:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-06-29 10:45 - 2013-03-02 10:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 10:18 - 2013-06-29 10:18 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-06-29 10:17 - 2013-06-29 10:17 - 02347384 ____A (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-29 09:50 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-29 09:50 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-29 09:47 - 2009-07-14 06:51 - 00057048 ____A C:\Windows\setupact.log
2013-06-29 09:44 - 2013-02-04 20:43 - 01934770 ____A C:\Windows\WindowsUpdate.log
2013-06-29 09:40 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 23:33 - 2013-06-27 04:29 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:25 - 2010-11-21 05:47 - 00012716 ____A C:\Windows\PFRO.log
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\Qoobox
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\ComboFix
2013-06-28 19:22 - 2013-06-28 19:07 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 09:14 - 2013-03-02 14:37 - 00000000 ____D C:\Users\xxx\Desktop\Systemüberprüfung
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-28 04:30 - 2013-03-30 19:07 - 00000000 ____D C:\Windows\Minidump
2013-06-28 04:29 - 2013-03-30 19:07 - 351309356 ____A C:\Windows\MEMORY.DMP
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 21:58 - 2013-04-24 15:09 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:10 - 2013-02-08 14:06 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-27 18:10 - 2013-02-08 14:06 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-27 18:08 - 2013-06-27 18:07 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 17:55 - 2013-02-08 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-27 03:57 - 2013-04-12 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 03:57 - 2013-02-08 14:05 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-26 22:00 - 2013-05-24 20:45 - 00000000 ____D C:\Users\xxx\Desktop\DevPro
2013-06-22 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:18 - 2013-06-19 21:17 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:54 - 2013-03-22 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-19 20:30 - 2010-11-21 08:50 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-19 20:30 - 2010-11-21 08:50 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-19 20:30 - 2009-07-14 07:13 - 01518986 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-18 20:04 - 2013-05-25 18:39 - 00000000 ____D C:\Users\xxx\Desktop\TCG_A
2013-06-16 17:31 - 2013-02-16 01:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2013-02-16 01:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:25 - 2013-06-16 16:20 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-14 00:19 - 2013-03-02 05:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-14 00:19 - 2013-02-08 14:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 22:14 - 2013-02-05 19:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-24 20:33
==================== End Of Log ============================
|
|
29.06.2013, 11:45
| #10 | |
| /// the machine /// TB-Ausbilder | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}Zitat:
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2013, 11:46
| #11 |
| | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Ich habe beim Neustart nochmal nachgesehen. Diese temp Datei spinnert immernoch rum. |
|
29.06.2013, 12:14
| #12 |
| /// the machine /// TB-Ausbilder | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Screenshot bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2013, 13:40
| #13 |
| | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Screenshot ist im Anhang. Lösung wäre super Edit: Muss Combofix nicht noch gelöscht werden? Geändert von DukeYGO (29.06.2013 um 14:11 Uhr) |
|
29.06.2013, 14:31
| #14 |
| /// the machine /// TB-Ausbilder | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Wir löschen unsre Tools wenn wir fertig sind Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. FRST öffnen , Haken setzen bei Additions, scannen, beide Logs posten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2013, 14:47
| #15 |
| | FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} Ich habe TFC drüberlaufen lassen. Jetzt sind zwei Dateien namens Desktop.ini auf meinem Desktop Die Fehler oben im Screen tauchten beim Neustart allerdings wieder auf. FRST Log neu: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by xxx (administrator) on 29-06-2013 15:37:18
Running from C:\Users\xxx\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\userinit.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5687424 2010-04-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
==================== Services (Whitelisted) =================
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
==================== Drivers (Whitelisted) ====================
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-29 15:33 - 2013-06-29 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\xxx\Downloads\TFC(1).exe
2013-06-29 15:33 - 2013-06-29 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\xxx\Desktop\TFC.exe
2013-06-29 11:38 - 2013-06-29 11:38 - 00000820 ____A C:\Users\xxx\Desktop\checkup.txt
2013-06-29 10:18 - 2013-06-29 10:18 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-06-29 10:17 - 2013-06-29 10:17 - 02347384 ____A (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-28 20:51 - 2013-06-29 11:39 - 00000000 ____D C:\Users\xxx\Desktop\Neueste Scanversionen
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\Qoobox
2013-06-28 19:07 - 2013-06-28 19:24 - 00000000 ____D C:\ComboFix
2013-06-28 19:07 - 2013-06-28 19:22 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-28 19:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-28 19:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-28 19:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:07 - 2013-06-27 18:08 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 04:29 - 2013-06-28 23:33 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 19:22 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:17 - 2013-06-19 21:18 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-19 20:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 20:45 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-19 20:45 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-19 20:45 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-19 20:45 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-19 20:45 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-19 20:45 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-19 20:45 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-19 20:45 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-19 20:45 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-19 20:45 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-19 20:45 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-19 20:45 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-19 20:45 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-19 20:45 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-19 20:45 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-19 20:45 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-16 16:28 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-16 16:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:27 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-06-16 16:27 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-16 16:20 - 2013-06-16 16:25 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-13 19:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 19:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 19:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 19:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 19:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 19:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 19:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 19:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 19:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 19:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-06-29 15:37 - 2013-02-08 21:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-06-29 15:35 - 2009-07-14 06:51 - 00057328 ____A C:\Windows\setupact.log
2013-06-29 15:33 - 2013-06-29 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\xxx\Downloads\TFC(1).exe
2013-06-29 15:33 - 2013-06-29 15:33 - 00448512 ____A (OldTimer Tools) C:\Users\xxx\Desktop\TFC.exe
2013-06-29 15:00 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-29 15:00 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-29 14:55 - 2013-02-04 20:43 - 01955624 ____A C:\Windows\WindowsUpdate.log
2013-06-29 14:52 - 2010-11-21 05:47 - 00013542 ____A C:\Windows\PFRO.log
2013-06-29 14:52 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 14:45 - 2013-03-02 10:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 11:39 - 2013-06-28 20:51 - 00000000 ____D C:\Users\xxx\Desktop\Neueste Scanversionen
2013-06-29 11:38 - 2013-06-29 11:38 - 00000820 ____A C:\Users\xxx\Desktop\checkup.txt
2013-06-29 10:18 - 2013-06-29 10:18 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-06-29 10:17 - 2013-06-29 10:17 - 02347384 ____A (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-28 23:33 - 2013-06-27 04:29 - 00000000 ____D C:\Users\xxx\AppData\Roaming\.minecraft
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 20:00 - 2013-06-28 20:00 - 00000000 ____D C:\JRT
2013-06-28 19:56 - 2013-06-28 19:56 - 00000909 ____A C:\AdwCleaner[S2].txt
2013-06-28 19:52 - 2013-06-28 19:52 - 00003298 ____A C:\AdwCleaner[S1].txt
2013-06-28 19:24 - 2013-06-28 19:24 - 00019980 ____A C:\ComboFix.txt
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\Qoobox
2013-06-28 19:24 - 2013-06-28 19:07 - 00000000 ____D C:\ComboFix
2013-06-28 19:22 - 2013-06-28 19:07 - 00000000 ____D C:\Windows\erdnt
2013-06-28 19:16 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-28 11:13 - 2013-06-28 11:13 - 00000000 ____D C:\FRST
2013-06-28 11:12 - 2013-06-28 11:12 - 01933484 ____A (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-06-28 09:22 - 2013-06-28 09:22 - 00005407 ____A C:\Users\xxx\Desktop\GmerAnhang.7z
2013-06-28 09:14 - 2013-03-02 14:37 - 00000000 ____D C:\Users\xxx\Desktop\Systemüberprüfung
2013-06-28 04:30 - 2013-06-28 04:30 - 00275432 ____A C:\Windows\Minidump\062813-25303-01.dmp
2013-06-28 04:30 - 2013-03-30 19:07 - 00000000 ____D C:\Windows\Minidump
2013-06-28 04:29 - 2013-03-30 19:07 - 351309356 ____A C:\Windows\MEMORY.DMP
2013-06-27 21:58 - 2013-06-27 21:58 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:58 - 2013-06-26 19:22 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 21:58 - 2013-04-24 15:09 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 21:58 - 2013-04-24 15:09 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 18:10 - 2013-06-27 18:10 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-27 18:10 - 2013-06-27 18:10 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-27 18:10 - 2013-06-27 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-27 18:10 - 2013-02-08 14:06 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-27 18:10 - 2013-02-08 14:06 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-27 18:08 - 2013-06-27 18:07 - 31714216 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586.exe
2013-06-27 17:55 - 2013-02-08 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 04:29 - 2013-06-27 04:29 - 00263186 ____A C:\Users\xxx\Desktop\Minecraft.exe
2013-06-27 03:57 - 2013-04-12 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 03:57 - 2013-02-08 14:05 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-26 22:00 - 2013-05-24 20:45 - 00000000 ____D C:\Users\xxx\Desktop\DevPro
2013-06-22 09:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 21:19 - 2013-06-19 21:19 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-19 21:18 - 2013-06-19 21:17 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 21:16 - 2013-06-19 21:16 - 00903592 ____A (Oracle Corporation) C:\Users\xxx\Downloads\jxpiinstall.exe
2013-06-19 20:54 - 2013-03-22 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-19 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-19 20:30 - 2010-11-21 08:50 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-19 20:30 - 2010-11-21 08:50 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-19 20:30 - 2009-07-14 07:13 - 01518986 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 20:16 - 2013-06-19 20:16 - 03270960 ____A (Secunia) C:\Users\xxx\Downloads\PSISetup7009.exe
2013-06-18 20:04 - 2013-05-25 18:39 - 00000000 ____D C:\Users\xxx\Desktop\TCG_A
2013-06-16 17:31 - 2013-02-16 01:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-06-16 16:30 - 2013-06-16 16:30 - 00000000 ____D C:\Windows\de
2013-06-16 16:29 - 2013-06-16 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-16 16:28 - 2013-02-16 01:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-16 16:27 - 2013-06-16 16:27 - 00000197 ____A C:\Windows\DirectX.log
2013-06-16 16:25 - 2013-06-16 16:20 - 142602520 ____A (Microsoft Corporation) C:\Users\xxx\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-06-14 00:19 - 2013-03-02 05:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-14 00:19 - 2013-02-08 14:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 22:14 - 2013-02-05 19:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:45 - 2013-02-04 21:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-24 20:33
==================== End Of Log ============================
Addition Log Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013 Ran by xxx at 2013-06-29 15:37:48 Running from C:\Users\xxx\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122) AMD OverDrive (x32 Version: 3.2.2.0452) Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.18) ATI Catalyst Install Manager (Version: 3.0.732.0) Auslogics Disk Defrag (x32 Version: 3.6) avast! Free Antivirus (x32 Version: 8.0.1489.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Full New (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Light (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0614.2131.36800) Catalyst Control Center HydraVision Full (x32 Version: 2009.0614.2131.36800) Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Localization All (x32 Version: 2009.0614.2131.36800) CCC Help Chinese Standard (x32 Version: 2009.0614.2130.36800) CCC Help Chinese Traditional (x32 Version: 2009.0614.2130.36800) CCC Help Czech (x32 Version: 2009.0614.2130.36800) CCC Help Danish (x32 Version: 2009.0614.2130.36800) CCC Help Dutch (x32 Version: 2009.0614.2130.36800) CCC Help English (x32 Version: 2009.0614.2130.36800) CCC Help Finnish (x32 Version: 2009.0614.2130.36800) CCC Help French (x32 Version: 2009.0614.2130.36800) CCC Help German (x32 Version: 2009.0614.2130.36800) CCC Help Greek (x32 Version: 2009.0614.2130.36800) CCC Help Hungarian (x32 Version: 2009.0614.2130.36800) CCC Help Italian (x32 Version: 2009.0614.2130.36800) CCC Help Japanese (x32 Version: 2009.0614.2130.36800) CCC Help Korean (x32 Version: 2009.0614.2130.36800) CCC Help Norwegian (x32 Version: 2009.0614.2130.36800) CCC Help Polish (x32 Version: 2009.0614.2130.36800) CCC Help Portuguese (x32 Version: 2009.0614.2130.36800) CCC Help Russian (x32 Version: 2009.0614.2130.36800) CCC Help Spanish (x32 Version: 2009.0614.2130.36800) CCC Help Swedish (x32 Version: 2009.0614.2130.36800) CCC Help Thai (x32 Version: 2009.0614.2130.36800) CCC Help Turkish (x32 Version: 2009.0614.2130.36800) ccc-core-static (x32 Version: 2009.0614.2131.36800) ccc-utility64 (Version: 2009.0614.2131.36800) D3DX10 (x32 Version: 15.4.2368.0902) Fotogalerie (x32 Version: 16.4.3508.0205) HydraVision (x32 Version: 4.2.108.0) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Movie Maker (x32 Version: 16.4.3508.0205) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Photo Common (x32 Version: 16.4.3508.0205) Photo Gallery (x32 Version: 16.4.3508.0205) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5880) Revo Uninstaller 1.94 (x32 Version: 1.94) Secunia PSI (3.0.0.7009) (x32 Version: 3.0.0.7009) Skype™ 6.5 (x32 Version: 6.5.158) swMSM (x32 Version: 12.0.0.1) TeamSpeak 3 Client (HKCU Version: 3.0.10.1) TurboV (x32 Version: 1.02.05) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Windows Live Communications Platform (x32 Version: 16.4.3508.0205) Windows Live Essentials (x32 Version: 16.4.3508.0205) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3508.0205) Windows Live Messenger (x32 Version: 16.4.3508.0205) Windows Live Photo Common (x32 Version: 16.4.3508.0205) Windows Live PIMT Platform (x32 Version: 16.4.3508.0205) Windows Live SOXE (x32 Version: 16.4.3508.0205) Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205) Windows Live UX Platform (x32 Version: 16.4.3508.0205) Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205) ==================== Restore Points ========================= 19-06-2013 18:16:12 Revo Uninstaller's restore point - Secunia PSI (3.0.0.6005) 19-06-2013 18:28:14 Windows Update 19-06-2013 18:44:52 Windows Update 19-06-2013 18:45:01 Revo Uninstaller's restore point - Secunia PSI (3.0.0.7009) 19-06-2013 18:59:57 Windows Update 19-06-2013 19:17:11 Installed Java 7 Update 25 19-06-2013 19:18:47 Removed Java 7 Update 21 (64-bit) 25-06-2013 16:11:57 Windows Update 27-06-2013 16:08:45 Removed Java 7 Update 25 27-06-2013 16:09:58 Installed Java 7 Update 25 29-06-2013 04:34:33 Windows Update ==================== Hosts content: ========================== 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 aconti.net 127.0.0.1 secure.aconti.net 127.0.0.1 www.aconti.net #[Dialer.Aconti] 127.0.0.1 csh.actiondesk.com 127.0.0.1 www.activemeter.com #[Tracking.Cookie] 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] 127.0.0.1 cms.ad2click.nl 127.0.0.1 ad2games.com 127.0.0.1 ads.ad2games.com 127.0.0.1 content.ad20.net 127.0.0.1 core.ad20.net 127.0.0.1 banner.ad.nu There are more than 1000 lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {02C9BA4F-42AC-45BF-AFC9-DD5D3D475C58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {145BDAD6-66C6-4E4E-A087-928E969C11AE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {2A889B86-5664-46B2-9EFE-864B53292EBD} - System32\Tasks\ASUS\i-Setup203735 => C:\Windows\AMD_Chipset_V307320_Windows7\AsusSetup.exe [2013-02-07] (ASUSTek) Task: {AB561088-A822-47F0-B05E-6DFD95E74C4A} - System32\Tasks\ASUS\i-Setup205132 => C:\Windows\AMD_Chipset_V307320_Windows7\AsusSetup.exe [2013-02-07] (ASUSTek) Task: {CF3BA66B-6CFB-43B3-9902-6E5CA599271B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {D7B33AC5-B255-4902-9371-AA31F96FE7DC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {E00A506D-365D-480A-B43B-E5E12F43D780} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= Name: D-Link DWA-547 RangeBooster N650 Desktop Adapter Description: D-Link DWA-547 RangeBooster N650 Desktop Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: D-Link Corporation Service: athr Problem: : Your computer's system firmware does not include enough information to properly configure and use this device. To use this device, contact your computer manufacturer to obtain a firmware or BIOS update. (Code 35) Resolution: The Multiprocessor System (MPS) table, which stores the resource assignments for the BIOS, is missing an entry for your device and needs to be updated. Obtain a new BIOS from the system vendor. ==================== Event log errors: ========================= Application errors: ================== Error: (06/29/2013 03:35:16 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: winlogon.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79fa6 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000020a4a ID des fehlerhaften Prozesses: 0x260 Startzeit der fehlerhaften Anwendung: 0xwinlogon.exe0 Pfad der fehlerhaften Anwendung: winlogon.exe1 Pfad des fehlerhaften Moduls: winlogon.exe2 Berichtskennung: winlogon.exe3 Error: (06/29/2013 02:53:54 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 11:35:39 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/29/2013 10:20:27 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/29/2013 10:20:24 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/29/2013 10:20:24 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/29/2013 10:17:22 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/29/2013 09:42:33 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 06:31:35 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/29/2013 03:16:02 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/29/2013 03:16:01 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/29/2013 02:56:28 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/29/2013 02:56:28 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/29/2013 02:56:27 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/29/2013 02:56:26 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/29/2013 02:43:47 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/29/2013 02:43:47 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/29/2013 02:43:46 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (06/29/2013 02:39:54 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= Error: (06/29/2013 03:35:16 PM) (Source: Application Error)(User: ) Description: winlogon.exe6.1.7601.175144ce79fa6ntdll.dll6.1.7601.177254ec4aa8ec00000050000000000020a4a26001ce74c7771a5867C:\Windows\system32\winlogon.exeC:\Windows\SYSTEM32\ntdll.dllbb665d17-e0c0-11e2-9679-00248ca77df0 Error: (06/29/2013 02:53:54 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 11:35:39 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (06/29/2013 10:20:27 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe Error: (06/29/2013 10:20:24 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe Error: (06/29/2013 10:20:24 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe Error: (06/29/2013 10:17:22 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe Error: (06/29/2013 09:42:33 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 06:31:35 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 3839.18 MB Available physical RAM: 2491.91 MB Total Pagefile: 7676.54 MB Available Pagefile: 6195.75 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:197.12 GB) NTFS (Disk=0 Partition=2) Drive d: () (Fixed) (Total:76.69 GB) (Free:9.92 GB) NTFS (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 47F55653) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 77 GB) (Disk ID: 275D275C) Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
| Themen zu FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?} |
| adobe, adobe flash player, anschluss, antivirus, asus, autorun, avast, bereit, bho, explorer, firefox, flash player, format, helper, log, logfile, microsoft, mozilla, object, plug-in, programme, realtek, registry, scan, secunia psi, software, windows, winlogon |
Linear-Darstellung
