meldung kostenlos -> stargames.com

schrauber · 24.09.2013, 19:19

Zitat:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
ShortcutTarget: BestCrypt Auto Open.lnk -> C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe (Jetico, Inc.)

Kennst du das?

juergen007 · 25.09.2013, 00:00

ja jetico s bestcrypt ist ok, hab ich schon ewig problemlos, kontainer encryption.
avg meldet auch keine Fehler soll ich mal combofix nehmen?
Thx

juergen007 · 25.09.2013, 16:59

ich nochmal

Also nochmal adwcleaner, JRT beide ohne befun und frst64

Frage wie krieg ich das serachgol weg und die anderen searchengines ?und wtf ist C:\Windows\Tasks\LyriXeeker-1-chromeinstaller.job ud das alles das muesste doch jrt weg kriegen?

chrome hab ich mit systensteuerung vorher deinstalliert aber dea sind reste..
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by juergi (administrator) on JUERGI-PC on 25-09-2013 17:45:01
Running from C:\Users\juergi\Desktop
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios)
HKCU\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKCU\...\Policies\Explorer: [NoThumbNailCache] 1
MountPoints2: {cb7303cc-f82f-11e2-9b92-806e6f6e6963} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs-x32: hplun.dll  [43520 2013-07-29] (Jetico, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A8583A5499CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default
FF NewTab: hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=9A028C89A53586CF&affID=119357&tt=240913_91213&tsp=5015
FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=9A028C89A53586CF&affID=119357&tt=240913_91213&tsp=5015
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit 

Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: info - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\Extensions\info@elime.be.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies)
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [78440 2013-07-29] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-16] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34408 2013-07-29] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37480 2013-07-29] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33896 2013-07-29] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25704 2013-07-29] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27752 2013-07-29] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30312 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51304 2013-07-29] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36968 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34408 2013-07-29] (Jetico, Inc.)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-07-29] (Jetico, Inc.)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [17472 2013-07-29] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-07-29] (Jetico, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-25 17:44 - 2013-09-25 17:44 - 01955802 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2013-09-25 17:35 - 2013-09-25 17:35 - 00000994 _____ C:\Users\juergi\Desktop\JRT.txt
2013-09-25 17:25 - 2013-09-24 17:13 - 01042066 _____ C:\Users\juergi\Desktop\adwcleaner(3).exe
2013-09-25 03:21 - 2013-09-25 03:21 - 00000000 ____D C:\Windows\Sun
2013-09-25 01:42 - 2013-09-25 01:42 - 01030038 _____ (Thisisu) C:\Users\juergi\Desktop\JRT(1).exe
2013-09-25 01:35 - 2013-09-25 01:35 - 00001098 _____ C:\DelFix.txt
2013-09-24 16:04 - 2013-09-25 17:28 - 00001912 _____ C:\Windows\Tasks\LyriXeeker-1-chromeinstaller.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001836 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001298 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001202 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001102 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job
2013-09-24 16:04 - 2013-09-24 16:10 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-09-24 16:04 - 2013-09-24 16:04 - 00004328 _____ C:\Windows\System32\Tasks\LyriXeeker-1-updater
2013-09-24 16:04 - 2013-09-24 16:04 - 00004232 _____ C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader
2013-09-24 16:04 - 2013-09-24 16:04 - 00004132 _____ C:\Windows\System32\Tasks\LyriXeeker-1-enabler
2013-09-24 16:04 - 2013-09-24 16:04 - 00002043 _____ C:\Users\juergi\Desktop\JDownloader.lnk
2013-09-24 16:04 - 2013-09-24 16:04 - 00000000 ____D C:\Program Files (x86)\LyriXeeker-1 
2013-09-23 20:07 - 2013-09-23 21:01 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Paranoia.Riskantes.Spiel.TS.LD.German.X264-AOE
2013-09-21 14:59 - 2013-09-21 14:59 - 00000000 ____D C:\ProgramData\Oracle
2013-09-21 14:53 - 2013-09-21 14:53 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-21 12:33 - 2013-09-21 15:11 - 00000000 ____D C:\javaECM

2013-09-18 10:30 - 2013-09-18 10:30 - 00001009 _____ C:\Users\juergi\Desktop\Free Alarm Clock.lnk
2013-09-18 10:30 - 2013-09-18 10:30 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
2013-09-16 17:27 - 2013-09-16 17:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Pamela
2013-09-16 17:27 - 2013-09-16 17:27 - 00176128 _____ (Scendix Software-Vertriebsges. mbH) C:\Windows\SysWOW64\RemoteControl.dll
2013-09-16 17:27 - 2013-09-16 17:27 - 00000985 _____ C:\Users\Public\Desktop\Pamela for Skype.lnk
2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Users\juergi\Documents\Pamela
2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Program Files (x86)\Pamela
2013-09-13 21:01 - 2013-09-13 21:01 - 01588264 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-13 20:59 - 2013-09-13 20:59 - 00000556 _____ C:\Windows\KB893803v2.log
2013-09-13 20:58 - 2013-09-24 16:04 - 00001886 _____ C:\Users\juergi\Desktop\Search.lnk
2013-09-13 13:34 - 2013-09-13 13:34 - 00000000 ____D C:\Windows 7 Loader
2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-09-12 08:59 - 2013-09-12 08:59 - 00000000 ____D C:\WakeupOnStandBy
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinPatrol
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-09-11 12:54 - 2013-09-11 12:54 - 00000000 ____D C:\Users\juergi\AppData\Roaming\dvdcss
2013-09-11 05:21 - 2013-09-11 05:21 - 00000000 ____D C:\juergen
2013-09-10 19:02 - 2013-09-10 18:39 - 00004217 _____ C:\Users\juergi\Documents\seffers240713.txt
2013-09-10 17:39 - 2013-09-10 17:39 - 00505253 _____ C:\Users\juergi\Documents\goslar3001.jpeg
2013-09-07 22:17 - 2013-09-07 22:14 - 16457319 _____ C:\Users\juergi\Desktop\portable-mumble.exe
2013-09-07 22:15 - 2013-09-07 22:15 - 00000588 _____ C:\Users\juergi\Desktop\OKiTALK.lnk
2013-09-05 16:03 - 2013-09-25 13:27 - 00000000 ____D C:\eclipse
2013-09-05 11:55 - 2013-09-25 01:35 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 11:52 - 2013-09-25 17:27 - 00000000 ____D C:\AdwCleaner
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-04 14:22 - 2013-09-04 14:21 - 00377856 _____ C:\Users\juergi\Desktop\gmer_2.1.19163.exe
2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable
2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk
2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-04 10:46 - 2013-09-24 00:26 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent
2013-08-28 09:44 - 2013-08-28 09:47 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 09:43 - 2013-08-28 09:46 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe
2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps
2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps

==================== One Month Modified Files and Folders =======

2013-09-25 17:44 - 2013-09-25 17:44 - 01955802 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2013-09-25 17:44 - 2013-07-12 02:55 - 00000000 ____D C:\dateien
2013-09-25 17:36 - 2009-04-22 11:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-25 17:36 - 2009-04-22 11:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-25 17:35 - 2013-09-25 17:35 - 00000994 _____ C:\Users\juergi\Desktop\JRT.txt
2013-09-25 17:34 - 2009-04-22 15:13 - 00696144 _____ C:\Windows\system32\perfh007.dat
2013-09-25 17:34 - 2009-04-22 15:13 - 00147386 _____ C:\Windows\system32\perfc007.dat
2013-09-25 17:34 - 2009-04-22 11:27 - 01611134 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 17:30 - 2013-07-30 19:32 - 00000000 ____D C:\ProgramData\MFAData
2013-09-25 17:28 - 2013-09-24 16:04 - 00001912 _____ C:\Windows\Tasks\LyriXeeker-1-chromeinstaller.job
2013-09-25 17:28 - 2013-09-24 16:04 - 00001836 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job
2013-09-25 17:28 - 2013-09-24 16:04 - 00001298 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job
2013-09-25 17:28 - 2013-09-24 16:04 - 00001202 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
2013-09-25 17:28 - 2013-09-24 16:04 - 00001102 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job
2013-09-25 17:28 - 2009-04-22 11:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-25 17:28 - 2009-04-22 11:05 - 00031022 _____ C:\Windows\setupact.log
2013-09-25 17:27 - 2013-09-05 11:52 - 00000000 ____D C:\AdwCleaner
2013-09-25 17:27 - 2013-07-29 10:46 - 01895748 _____ C:\Windows\WindowsUpdate.log
2013-09-25 13:27 - 2013-09-05 16:03 - 00000000 ____D C:\eclipse
2013-09-25 13:27 - 2013-08-04 00:58 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse
2013-09-25 06:19 - 2013-07-30 15:56 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc
2013-09-25 03:21 - 2013-09-25 03:21 - 00000000 ____D C:\Windows\Sun
2013-09-25 01:42 - 2013-09-25 01:42 - 01030038 _____ (Thisisu) C:\Users\juergi\Desktop\JRT(1).exe
2013-09-25 01:36 - 2013-08-15 02:52 - 00000000 ____D C:\Users\juergi\AppData\Local\Google
2013-09-25 01:36 - 2013-08-15 02:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-25 01:35 - 2013-09-25 01:35 - 00001098 _____ C:\DelFix.txt
2013-09-25 01:35 - 2013-09-05 11:55 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 19:44 - 2013-08-04 12:59 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype
2013-09-24 17:30 - 2013-07-29 12:38 - 00007372 _____ C:\Windows\PFRO.log
2013-09-24 17:13 - 2013-09-25 17:25 - 01042066 _____ C:\Users\juergi\Desktop\adwcleaner(3).exe
2013-09-24 16:10 - 2013-09-24 16:04 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-09-24 16:04 - 2013-09-24 16:04 - 00004328 _____ C:\Windows\System32\Tasks\LyriXeeker-1-updater
2013-09-24 16:04 - 2013-09-24 16:04 - 00004232 _____ C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader
2013-09-24 16:04 - 2013-09-24 16:04 - 00004132 _____ C:\Windows\System32\Tasks\LyriXeeker-1-enabler
2013-09-24 16:04 - 2013-09-24 16:04 - 00002043 _____ C:\Users\juergi\Desktop\JDownloader.lnk
2013-09-24 16:04 - 2013-09-24 16:04 - 00000000 ____D C:\Program Files (x86)\LyriXeeker-1
2013-09-24 16:04 - 2013-09-13 20:58 - 00001886 _____ C:\Users\juergi\Desktop\Search.lnk
2013-09-24 00:26 - 2013-09-04 10:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent
2013-09-21 15:11 - 2013-09-21 12:33 - 00000000 ____D C:\javaECM
2013-09-21 14:59 - 2013-09-21 14:59 - 00000000 ____D C:\ProgramData\Oracle
2013-09-21 14:53 - 2013-09-21 14:53 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-21 14:53 - 2013-08-13 13:05 - 00000000 ____D C:\Program Files\Java
2013-09-21 14:53 - 2013-08-04 00:35 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-21 14:53 - 2013-08-04 00:35 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll

2013-09-18 10:30 - 2013-09-18 10:30 - 00001009 _____ C:\Users\juergi\Desktop\Free Alarm Clock.lnk
2013-09-18 10:30 - 2013-09-18 10:30 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
2013-09-16 17:37 - 2013-09-16 17:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Pamela
2013-09-16 17:27 - 2013-09-16 17:27 - 00176128 _____ (Scendix Software-Vertriebsges. mbH) C:\Windows\SysWOW64\RemoteControl.dll
2013-09-16 17:27 - 2013-09-16 17:27 - 00000985 _____ C:\Users\Public\Desktop\Pamela for Skype.lnk
2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Users\juergi\Documents\Pamela
2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Program Files (x86)\Pamela
2013-09-13 21:01 - 2013-09-13 21:01 - 01588264 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-13 20:59 - 2013-09-13 20:59 - 00000556 _____ C:\Windows\KB893803v2.log
2013-09-13 19:20 - 2013-07-30 16:13 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Notepad++
2013-09-13 13:34 - 2013-09-13 13:34 - 00000000 ____D C:\Windows 7 Loader
2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-09-13 13:26 - 2013-07-30 19:35 - 00000987 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-12 08:59 - 2013-09-12 08:59 - 00000000 ____D C:\WakeupOnStandBy
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinPatrol
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-09-11 18:57 - 2013-07-30 16:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 18:57 - 2013-07-30 16:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 13:01 - 2009-04-22 09:16 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-11 12:54 - 2013-09-11 12:54 - 00000000 ____D C:\Users\juergi\AppData\Roaming\dvdcss
2013-09-11 05:21 - 2013-09-11 05:21 - 00000000 ____D C:\juergen
2013-09-10 18:39 - 2013-09-10 19:02 - 00004217 _____ C:\Users\juergi\Documents\seffers240713.txt
2013-09-10 17:39 - 2013-09-10 17:39 - 00505253 _____ C:\Users\juergi\Documents\goslar3001.jpeg
2013-09-07 22:15 - 2013-09-07 22:15 - 00000588 _____ C:\Users\juergi\Desktop\OKiTALK.lnk
2013-09-07 22:14 - 2013-09-07 22:17 - 16457319 _____ C:\Users\juergi\Desktop\portable-mumble.exe
2013-09-05 12:01 - 2013-07-29 11:01 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-05 12:01 - 2013-07-29 10:47 - 00001445 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-05 12:01 - 2013-07-29 10:47 - 00001411 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-04 14:21 - 2013-09-04 14:22 - 00377856 _____ C:\Users\juergi\Desktop\gmer_2.1.19163.exe
2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable
2013-09-04 14:17 - 2013-07-29 10:46 - 00000000 ____D C:\Users\juergi
2013-09-04 14:07 - 2013-07-30 19:35 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-04 13:41 - 2013-08-09 23:22 - 00000000 ____D C:\tmp
2013-09-04 13:37 - 2013-07-26 12:25 - 00000000 ____D C:\loader
2013-09-04 13:36 - 2013-08-25 02:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk
2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-02 18:47 - 2013-07-30 16:11 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinRAR
2013-09-02 14:47 - 2013-08-10 14:21 - 00007680 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-28 09:47 - 2013-08-28 09:44 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 09:46 - 2013-08-28 09:43 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe
2013-08-28 09:46 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Adobe
2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps
2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps
2013-08-26 08:16 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\juergi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2009-04-22 06:00] - [2009-04-22 07:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01

C:\Windows\System32\wininit.exe
[2009-04-22 05:59] - [2009-04-22 07:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365

C:\Windows\SysWOW64\wininit.exe
[2009-04-22 05:35] - [2009-04-22 07:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8

C:\Windows\explorer.exe
[2009-04-22 06:04] - [2009-04-22 07:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E

C:\Windows\SysWOW64\explorer.exe
[2009-04-22 05:40] - [2009-04-22 07:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED

C:\Windows\System32\svchost.exe
[2009-04-22 05:35] - [2009-04-22 07:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E

C:\Windows\SysWOW64\svchost.exe
[2009-04-22 05:16] - [2009-04-22 07:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC

C:\Windows\System32\services.exe
[2009-04-22 05:23] - [2009-04-22 07:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966

C:\Windows\System32\User32.dll
[2009-04-22 05:44] - [2009-04-22 07:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E

C:\Windows\SysWOW64\User32.dll
[2009-04-22 05:22] - [2009-04-22 07:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA

C:\Windows\System32\userinit.exe
[2009-04-22 05:57] - [2009-04-22 07:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC

C:\Windows\SysWOW64\userinit.exe
[2009-04-22 05:32] - [2009-04-22 07:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E

C:\Windows\System32\Drivers\volsnap.sys
[2009-04-22 05:23] - [2009-04-22 07:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603



LastRegBack: 2013-09-15 01:06

==================== End Of Log ============================

--- --- ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Ultimate x64
Ran by juergi on 25.09.2013 at 17:30:29,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411181156}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [Folder] C:\Users\juergi\AppData\Roaming\mozilla\firefox\profiles\s5bkhtd7.default\extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.09.2013 at 17:35:20,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber · 25.09.2013, 19:06

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

FF NewTab: hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=9A028C89A53586CF&affID=119357&tt=240913_91213&tsp=5015
FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=9A028C89A53586CF&affID=119357&tt=240913_91213&tsp=5015
S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
2013-09-24 16:04 - 2013-09-25 17:28 - 00001912 _____ C:\Windows\Tasks\LyriXeeker-1-chromeinstaller.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001836 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001298 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001202 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001102 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job
2013-09-24 16:04 - 2013-09-24 16:10 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-09-24 16:04 - 2013-09-24 16:04 - 00004328 _____ C:\Windows\System32\Tasks\LyriXeeker-1-updater
2013-09-24 16:04 - 2013-09-24 16:04 - 00004232 _____ C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader
2013-09-24 16:04 - 2013-09-24 16:04 - 00004132 _____ C:\Windows\System32\Tasks\LyriXeeker-1-enabler
2013-09-24 16:04 - 2013-09-24 16:04 - 00002043 _____ C:\Users\juergi\Desktop\JDownloader.lnk
2013-09-24 16:04 - 2013-09-24 16:04 - 00000000 ____D C:\Program Files (x86)\LyriXeeker-1

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

juergen007 · 25.09.2013, 19:58

O bitte

also ich sah noch, dass Lyrixsseeker eine Erweiterung in firefox ist, hab die deinstalliert, rebooted, ist aber nicht weg.

noch das GMER log, wenn s hilft.
avg ist weiter sauber

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2013
Ran by juergi at 2013-09-25 20:54:01 Run:1
Running from C:\Users\juergi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF NewTab: hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=9A028C89A53586CF&affID=119357&tt=240913_91213&tsp=5015
FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=9A028C89A53586CF&affID=119357&tt=240913_91213&tsp=5015
S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
2013-09-24 16:04 - 2013-09-25 17:28 - 00001912 _____ C:\Windows\Tasks\LyriXeeker-1-chromeinstaller.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001836 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001298 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001202 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
2013-09-24 16:04 - 2013-09-25 17:28 - 00001102 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job
2013-09-24 16:04 - 2013-09-24 16:10 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-09-24 16:04 - 2013-09-24 16:04 - 00004328 _____ C:\Windows\System32\Tasks\LyriXeeker-1-updater
2013-09-24 16:04 - 2013-09-24 16:04 - 00004232 _____ C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader
2013-09-24 16:04 - 2013-09-24 16:04 - 00004132 _____ C:\Windows\System32\Tasks\LyriXeeker-1-enabler
2013-09-24 16:04 - 2013-09-24 16:04 - 00002043 _____ C:\Users\juergi\Desktop\JDownloader.lnk
2013-09-24 16:04 - 2013-09-24 16:04 - 00000000 ____D C:\Program Files (x86)\LyriXeeker-1

*****************

Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
vToolbarUpdater15.4.0 => Service deleted successfully.
C:\Windows\Tasks\LyriXeeker-1-chromeinstaller.job => Moved successfully.
C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job => Moved successfully.
C:\Windows\Tasks\LyriXeeker-1-updater.job => Moved successfully.
C:\Windows\Tasks\LyriXeeker-1-codedownloader.job => Moved successfully.
C:\Windows\Tasks\LyriXeeker-1-enabler.job => Moved successfully.
C:\Program Files (x86)\JDownloader => Moved successfully.
C:\Windows\System32\Tasks\LyriXeeker-1-updater => Moved successfully.
C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader => Moved successfully.
C:\Windows\System32\Tasks\LyriXeeker-1-enabler => Moved successfully.
C:\Users\juergi\Desktop\JDownloader.lnk => Moved successfully.
C:\Program Files (x86)\LyriXeeker-1 => Moved successfully.

==== End of Fixlog ====

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-25 19:45:08
Windows 6.1.7100  x64 \Device\Harddisk0\DR0 -> \Device\00000071 OCZ-AGIL rev.2.15 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\juergi\AppData\Local\Temp\fgliqpob.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\ntoskrnl.exe!memcmp + 256                                                                                   fffff80002e95700 3 bytes [00, 78, FE]
.text   C:\Windows\system32\ntoskrnl.exe!memcmp + 261                                                                                   fffff80002e95705 14 bytes [A5, DF, 02, 00, B5, F3, FF, ...]

---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             000000007753149b 2 bytes JMP 76f56faa C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000077531650 2 bytes JMP 76f53bc3 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  000000007753165b 2 bytes JMP 76fd84dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2532] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17                 000000007753149b 2 bytes JMP 76f56faa C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2532] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20      0000000077531650 2 bytes JMP 76f53bc3 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2532] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31      000000007753165b 2 bytes JMP 76fd84dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                             000000007753149b 2 bytes JMP 76f56faa C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                  0000000077531650 2 bytes JMP 76f53bc3 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                  000000007753165b 2 bytes JMP 76fd84dc C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4028:3496]                                                                  000007fefad02b84
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4028:4084]                                                                  000007fef8365124

---- EOF - GMER 2.1 ----

--- --- ---

schrauber · 26.09.2013, 08:44

Frisches FRST log bitte. Immer noch Probleme?

juergen007 · 26.09.2013, 11:14

Ok das scheints erledigt zu haben Thx

Aber was sind Bamital & volsnap Check??
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by juergi (administrator) on JUERGI-PC on 26-09-2013 12:10:50
Running from C:\Users\juergi\Desktop
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\eclipse\eclipse.exe
(Oracle Corporation) c:\Program Files\Java\jre7\bin\javaw.exe
() F:\xampp-portable\xampp-control.exe
(Apache Software Foundation) f:\xampp-portable\apache\bin\httpd.exe
(Apache Software Foundation) F:\xampp-portable\apache\bin\httpd.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios)
HKCU\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKCU\...\Policies\Explorer: [NoThumbNailCache] 1
MountPoints2: {cb7303cc-f82f-11e2-9b92-806e6f6e6963} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs-x32: hplun.dll  [43520 2013-07-29] (Jetico, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A8583A5499CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: info - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\Extensions\info@elime.be.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies)
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [78440 2013-07-29] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-16] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34408 2013-07-29] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37480 2013-07-29] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33896 2013-07-29] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25704 2013-07-29] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27752 2013-07-29] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30312 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51304 2013-07-29] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36968 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34408 2013-07-29] (Jetico, Inc.)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-07-29] (Jetico, Inc.)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [17472 2013-07-29] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-07-29] (Jetico, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========


2013-09-25 20:26 - 2013-09-25 20:28 - 00000596 _____ C:\Users\juergi\Desktop\heoin.txt
2013-09-25 20:18 - 2013-09-25 20:19 - 00001451 _____ C:\Users\juergi\Desktop\Neues Textdokument.txt
2013-09-25 19:45 - 2013-09-25 19:45 - 00002958 _____ C:\Users\juergi\Desktop\gmer2509.txt
2013-09-25 18:02 - 2013-09-25 18:02 - 00448512 _____ (OldTimer Tools) C:\Users\juergi\Desktop\TFC.exe
2013-09-25 17:44 - 2013-09-25 17:44 - 01955802 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2013-09-25 17:25 - 2013-09-24 17:13 - 01042066 _____ C:\Users\juergi\Desktop\adwcleaner(3).exe
2013-09-25 03:21 - 2013-09-25 03:21 - 00000000 ____D C:\Windows\Sun
2013-09-25 01:42 - 2013-09-25 01:42 - 01030038 _____ (Thisisu) C:\Users\juergi\Desktop\JRT(1).exe
2013-09-25 01:35 - 2013-09-25 01:35 - 00001098 _____ C:\DelFix.txt
2013-09-21 14:59 - 2013-09-21 14:59 - 00000000 ____D C:\ProgramData\Oracle
2013-09-21 14:53 - 2013-09-21 14:53 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-21 12:33 - 2013-09-21 15:11 - 00000000 ____D C:\javaECM
2013-09-18 10:30 - 2013-09-18 10:30 - 00001009 _____ C:\Users\juergi\Desktop\Free Alarm Clock.lnk
2013-09-18 10:30 - 2013-09-18 10:30 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
2013-09-16 17:27 - 2013-09-16 17:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Pamela
2013-09-16 17:27 - 2013-09-16 17:27 - 00176128 _____ (Scendix Software-Vertriebsges. mbH) C:\Windows\SysWOW64\RemoteControl.dll
2013-09-16 17:27 - 2013-09-16 17:27 - 00000985 _____ C:\Users\Public\Desktop\Pamela for Skype.lnk
2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Users\juergi\Documents\Pamela
2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Program Files (x86)\Pamela
2013-09-13 21:01 - 2013-09-13 21:01 - 01588264 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-13 20:59 - 2013-09-13 20:59 - 00000556 _____ C:\Windows\KB893803v2.log
2013-09-13 20:58 - 2013-09-24 16:04 - 00001886 _____ C:\Users\juergi\Desktop\Search.lnk
2013-09-13 13:34 - 2013-09-13 13:34 - 00000000 ____D C:\Windows 7 Loader
2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-09-12 08:59 - 2013-09-12 08:59 - 00000000 ____D C:\WakeupOnStandBy
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinPatrol
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-09-11 12:54 - 2013-09-11 12:54 - 00000000 ____D C:\Users\juergi\AppData\Roaming\dvdcss
2013-09-11 05:21 - 2013-09-11 05:21 - 00000000 ____D C:\juergen
2013-09-10 19:02 - 2013-09-10 18:39 - 00004217 _____ C:\Users\juergi\Documents\seffers240713.txt
2013-09-10 17:39 - 2013-09-10 17:39 - 00505253 _____ C:\Users\juergi\Documents\goslar3001.jpeg
2013-09-07 22:17 - 2013-09-07 22:14 - 16457319 _____ C:\Users\juergi\Desktop\portable-mumble.exe
2013-09-07 22:15 - 2013-09-07 22:15 - 00000588 _____ C:\Users\juergi\Desktop\OKiTALK.lnk
2013-09-05 16:03 - 2013-09-26 11:56 - 00000000 ____D C:\eclipse
2013-09-05 11:55 - 2013-09-25 01:35 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 11:52 - 2013-09-25 17:27 - 00000000 ____D C:\AdwCleaner
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-04 14:22 - 2013-09-04 14:21 - 00377856 _____ C:\Users\juergi\Desktop\gmer_2.1.19163.exe
2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable
2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk
2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-04 10:46 - 2013-09-26 02:14 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent
2013-08-28 09:44 - 2013-08-28 09:47 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 09:43 - 2013-08-28 09:46 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe
2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps
2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps

==================== One Month Modified Files and Folders =======

2013-09-26 11:57 - 2009-04-22 11:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-26 11:57 - 2009-04-22 11:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-26 11:56 - 2013-09-05 16:03 - 00000000 ____D C:\eclipse
2013-09-26 11:56 - 2013-08-04 00:58 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse
2013-09-26 11:54 - 2013-07-30 19:32 - 00000000 ____D C:\ProgramData\MFAData
2013-09-26 11:53 - 2009-04-22 15:13 - 00696144 _____ C:\Windows\system32\perfh007.dat
2013-09-26 11:53 - 2009-04-22 15:13 - 00147386 _____ C:\Windows\system32\perfc007.dat
2013-09-26 11:53 - 2009-04-22 11:27 - 01611134 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-26 11:49 - 2009-04-22 11:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-26 11:49 - 2009-04-22 11:05 - 00031246 _____ C:\Windows\setupact.log
2013-09-26 02:25 - 2013-07-29 10:46 - 01947973 _____ C:\Windows\WindowsUpdate.log
2013-09-26 02:14 - 2013-09-04 10:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent
2013-09-25 20:28 - 2013-09-25 20:26 - 00000596 _____ C:\Users\juergi\Desktop\heoin.txt
2013-09-25 20:19 - 2013-09-25 20:18 - 00001451 _____ C:\Users\juergi\Desktop\Neues Textdokument.txt
2013-09-25 20:00 - 2013-07-29 12:38 - 00008340 _____ C:\Windows\PFRO.log
2013-09-25 19:45 - 2013-09-25 19:45 - 00002958 _____ C:\Users\juergi\Desktop\gmer2509.txt
2013-09-25 18:02 - 2013-09-25 18:02 - 00448512 _____ (OldTimer Tools) C:\Users\juergi\Desktop\TFC.exe
2013-09-25 17:44 - 2013-09-25 17:44 - 01955802 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2013-09-25 17:27 - 2013-09-05 11:52 - 00000000 ____D C:\AdwCleaner
2013-09-25 06:19 - 2013-07-30 15:56 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc
2013-09-25 03:21 - 2013-09-25 03:21 - 00000000 ____D C:\Windows\Sun
2013-09-25 01:42 - 2013-09-25 01:42 - 01030038 _____ (Thisisu) C:\Users\juergi\Desktop\JRT(1).exe
2013-09-25 01:36 - 2013-08-15 02:52 - 00000000 ____D C:\Users\juergi\AppData\Local\Google
2013-09-25 01:36 - 2013-08-15 02:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-25 01:35 - 2013-09-25 01:35 - 00001098 _____ C:\DelFix.txt
2013-09-25 01:35 - 2013-09-05 11:55 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 19:44 - 2013-08-04 12:59 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype
2013-09-24 17:13 - 2013-09-25 17:25 - 01042066 _____ C:\Users\juergi\Desktop\adwcleaner(3).exe
2013-09-24 16:04 - 2013-09-13 20:58 - 00001886 _____ C:\Users\juergi\Desktop\Search.lnk
2013-09-21 15:11 - 2013-09-21 12:33 - 00000000 ____D C:\javaECM
2013-09-21 14:59 - 2013-09-21 14:59 - 00000000 ____D C:\ProgramData\Oracle
2013-09-21 14:53 - 2013-09-21 14:53 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-21 14:53 - 2013-09-21 14:53 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-21 14:53 - 2013-08-13 13:05 - 00000000 ____D C:\Program Files\Java
2013-09-21 14:53 - 2013-08-04 00:35 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-21 14:53 - 2013-08-04 00:35 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-18 14:47 - 2013-09-18 14:40 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...White.House.Down.TS.LD.German.X264-AOE
2013-09-18 10:30 - 2013-09-18 10:30 - 00001009 _____ C:\Users\juergi\Desktop\Free Alarm Clock.lnk
2013-09-18 10:30 - 2013-09-18 10:30 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
2013-09-16 17:37 - 2013-09-16 17:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Pamela
2013-09-16 17:27 - 2013-09-16 17:27 - 00176128 _____ (Scendix Software-Vertriebsges. mbH) C:\Windows\SysWOW64\RemoteControl.dll
2013-09-16 17:27 - 2013-09-16 17:27 - 00000985 _____ C:\Users\Public\Desktop\Pamela for Skype.lnk
2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Users\juergi\Documents\Pamela
2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Program Files (x86)\Pamela
2013-09-13 21:01 - 2013-09-13 21:01 - 01588264 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-13 20:59 - 2013-09-13 20:59 - 00000556 _____ C:\Windows\KB893803v2.log
2013-09-13 19:20 - 2013-07-30 16:13 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Notepad++
2013-09-13 13:34 - 2013-09-13 13:34 - 00000000 ____D C:\Windows 7 Loader
2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-09-13 13:26 - 2013-07-30 19:35 - 00000987 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-12 08:59 - 2013-09-12 08:59 - 00000000 ____D C:\WakeupOnStandBy
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinPatrol
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-09-11 18:57 - 2013-07-30 16:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 18:57 - 2013-07-30 16:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 13:01 - 2009-04-22 09:16 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-11 12:54 - 2013-09-11 12:54 - 00000000 ____D C:\Users\juergi\AppData\Roaming\dvdcss
2013-09-11 05:21 - 2013-09-11 05:21 - 00000000 ____D C:\juergen
2013-09-10 18:39 - 2013-09-10 19:02 - 00004217 _____ C:\Users\juergi\Documents\seffers240713.txt
2013-09-10 17:39 - 2013-09-10 17:39 - 00505253 _____ C:\Users\juergi\Documents\goslar3001.jpeg
2013-09-07 22:15 - 2013-09-07 22:15 - 00000588 _____ C:\Users\juergi\Desktop\OKiTALK.lnk
2013-09-07 22:14 - 2013-09-07 22:17 - 16457319 _____ C:\Users\juergi\Desktop\portable-mumble.exe
2013-09-05 12:01 - 2013-07-29 11:01 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-05 12:01 - 2013-07-29 10:47 - 00001445 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-05 12:01 - 2013-07-29 10:47 - 00001411 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-04 14:21 - 2013-09-04 14:22 - 00377856 _____ C:\Users\juergi\Desktop\gmer_2.1.19163.exe
2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable
2013-09-04 14:17 - 2013-07-29 10:46 - 00000000 ____D C:\Users\juergi
2013-09-04 14:07 - 2013-07-30 19:35 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-04 13:41 - 2013-08-09 23:22 - 00000000 ____D C:\tmp
2013-09-04 13:37 - 2013-07-26 12:25 - 00000000 ____D C:\loader
2013-09-04 13:36 - 2013-08-25 02:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 10:56 - 2013-09-04 10:49 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Oblivion.German.AC3.BDRip.XviD-HP
2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk
2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-02 18:47 - 2013-07-30 16:11 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinRAR
2013-09-02 14:47 - 2013-08-10 14:21 - 00007680 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-28 09:47 - 2013-08-28 09:44 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 09:46 - 2013-08-28 09:43 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe
2013-08-28 09:46 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Adobe
2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps
2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2009-04-22 06:00] - [2009-04-22 07:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01

C:\Windows\System32\wininit.exe
[2009-04-22 05:59] - [2009-04-22 07:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365

C:\Windows\SysWOW64\wininit.exe
[2009-04-22 05:35] - [2009-04-22 07:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8

C:\Windows\explorer.exe
[2009-04-22 06:04] - [2009-04-22 07:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E

C:\Windows\SysWOW64\explorer.exe
[2009-04-22 05:40] - [2009-04-22 07:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED

C:\Windows\System32\svchost.exe
[2009-04-22 05:35] - [2009-04-22 07:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E

C:\Windows\SysWOW64\svchost.exe
[2009-04-22 05:16] - [2009-04-22 07:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC

C:\Windows\System32\services.exe
[2009-04-22 05:23] - [2009-04-22 07:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966

C:\Windows\System32\User32.dll
[2009-04-22 05:44] - [2009-04-22 07:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E

C:\Windows\SysWOW64\User32.dll
[2009-04-22 05:22] - [2009-04-22 07:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA

C:\Windows\System32\userinit.exe
[2009-04-22 05:57] - [2009-04-22 07:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC

C:\Windows\SysWOW64\userinit.exe
[2009-04-22 05:32] - [2009-04-22 07:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E

C:\Windows\System32\Drivers\volsnap.sys
[2009-04-22 05:23] - [2009-04-22 07:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603



LastRegBack: 2013-09-15 01:06

==================== End Of Log ============================

--- --- ---

schrauber · 26.09.2013, 12:50

Das sind spezielle Infektionen, die in dem bereich des Logs gecheckt werden. Aber alles gut.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

juergen007 · 21.01.2014, 12:43

huhu ich nochmal

noch danke für letzte Hilfen es lief recht sauber, w7 ultimate.
Jetzt stellte ich fest dass viele youtube videos nicht mehr laden, oder seehr langsam.
wollte frst64 starten aber AVG sagt dass ist viral.

hab das neuste von filepony geladen auch viral(MSIL2.ITN)
adwcleaner mit suchen und beheben gemacht fand einigen kleinkram jetzt clean.

frst64 ist iwie kaputt und youtube prob weiterhin.

mal avg deinstalliert und dann frst64 , siehe anhang.
immer noch youtube und evtl. andere streamings (oder flash) probleme, adobe flash hatte ich gerad upgedated.
Thx
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by juergi (administrator) on JUERGI-PC on 21-01-2014 12:26:25
Running from C:\Users\juergi\Desktop
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios)
HKCU\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKCU\...\Policies\Explorer: [NoThumbNailCache] 1
MountPoints2: {cb7303ca-f82f-11e2-9b92-806e6f6e6963} - NOTEPAD README.LRZ
MountPoints2: {cb7303cc-f82f-11e2-9b92-806e6f6e6963} - E:\LaunchU3.exe -a
AppInit_DLLs-x32: hplun.dll => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A8583A5499CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: easy Xdebug - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\Extensions\info@elime.be.xpi [2013-09-21]
FF Extension: Adblock Plus - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies)
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [78440 2013-07-29] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-16] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34408 2013-07-29] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37480 2013-07-29] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33896 2013-07-29] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25704 2013-07-29] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27752 2013-07-29] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30312 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51304 2013-07-29] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36968 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34408 2013-07-29] (Jetico, Inc.)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-07-29] (Jetico, Inc.)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [17472 2013-07-29] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-07-29] (Jetico, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 12:26 - 2014-01-21 12:26 - 02077184 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2014-01-21 12:26 - 2014-01-21 12:26 - 00009883 _____ C:\Users\juergi\Desktop\FRST.txt
2014-01-21 12:06 - 2014-01-21 12:06 - 01236282 _____ C:\Users\juergi\Desktop\adwcleaner.exe
2014-01-21 11:52 - 2014-01-21 11:52 - 00000000 ____D C:\ProgramData\McAfee
2014-01-18 11:06 - 2014-01-18 11:06 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 11:00 - 2014-01-18 11:00 - 00005373 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 11:00 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 11:00 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-18 11:00 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-18 11:00 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-18 09:54 - 2014-01-18 09:55 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Big.Bang.Theory.S07E02.Eine.Koerbchengroesse.mehr.GERMAN.DUBBED.WebHDRiP.x264-SOF
2013-12-31 20:27 - 2013-12-31 20:30 - 31354920 _____ C:\Users\juergi\Downloads\Auto Test Dezember 2013.rar

==================== One Month Modified Files and Folders =======

2014-01-21 12:26 - 2014-01-21 12:26 - 02077184 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2014-01-21 12:26 - 2014-01-21 12:26 - 00009883 _____ C:\Users\juergi\Desktop\FRST.txt
2014-01-21 12:26 - 2013-07-12 01:55 - 00000000 ____D C:\dateien
2014-01-21 12:24 - 2013-12-03 13:53 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 12:24 - 2013-10-01 16:00 - 00014616 _____ C:\Windows\setupact.log
2014-01-21 12:24 - 2013-07-30 18:32 - 00000000 ____D C:\ProgramData\MFAData
2014-01-21 12:24 - 2013-07-29 11:38 - 00032820 _____ C:\Windows\PFRO.log
2014-01-21 12:24 - 2009-04-22 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 12:23 - 2013-07-29 09:46 - 01765156 _____ C:\Windows\WindowsUpdate.log
2014-01-21 12:19 - 2009-04-22 10:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 12:19 - 2009-04-22 10:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 12:17 - 2009-04-22 14:13 - 00696144 _____ C:\Windows\system32\perfh007.dat
2014-01-21 12:17 - 2009-04-22 14:13 - 00147386 _____ C:\Windows\system32\perfc007.dat
2014-01-21 12:17 - 2009-04-22 10:27 - 01611134 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 12:11 - 2013-11-19 14:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 12:10 - 2013-09-13 19:58 - 00000561 _____ C:\Users\juergi\Desktop\Search.lnk
2014-01-21 12:10 - 2013-09-05 10:52 - 00000000 ____D C:\AdwCleaner
2014-01-21 12:06 - 2014-01-21 12:06 - 01236282 _____ C:\Users\juergi\Desktop\adwcleaner.exe
2014-01-21 12:04 - 2013-12-03 13:53 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 11:53 - 2013-08-28 08:43 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe
2014-01-21 11:52 - 2014-01-21 11:52 - 00000000 ____D C:\ProgramData\McAfee
2014-01-21 11:52 - 2013-11-19 14:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-21 11:52 - 2013-07-30 15:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-21 11:52 - 2013-07-30 15:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-21 00:09 - 2013-08-04 11:59 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype
2014-01-19 22:16 - 2013-09-04 09:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent
2014-01-19 21:55 - 2013-08-10 13:21 - 00021504 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-19 13:37 - 2013-08-03 23:58 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse
2014-01-18 21:49 - 2013-08-13 12:05 - 00000000 ____D C:\Program Files\Java
2014-01-18 20:35 - 2009-04-22 08:16 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-18 16:22 - 2013-10-29 23:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc
2014-01-18 11:06 - 2014-01-18 11:06 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 11:00 - 2014-01-18 11:00 - 00005373 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 11:00 - 2013-10-19 20:21 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 11:00 - 2013-09-21 13:59 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 10:09 - 2013-07-29 10:20 - 00000000 ____D C:\Users\juergi\AppData\Local\GHISLER
2014-01-18 09:55 - 2014-01-18 09:54 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Big.Bang.Theory.S07E02.Eine.Koerbchengroesse.mehr.GERMAN.DUBBED.WebHDRiP.x264-SOF
2014-01-12 22:22 - 2013-12-04 20:16 - 00000000 ____D C:\Users\juergi\Desktop\Mumble
2014-01-12 17:33 - 2013-07-30 15:13 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Notepad++
2013-12-31 20:30 - 2013-12-31 20:27 - 31354920 _____ C:\Users\juergi\Downloads\Auto Test Dezember 2013.rar
2013-12-22 13:15 - 2013-07-29 10:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\juergi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2009-04-22 05:00] - [2009-04-22 06:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01

C:\Windows\System32\wininit.exe
[2009-04-22 04:59] - [2009-04-22 06:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365

C:\Windows\SysWOW64\wininit.exe
[2009-04-22 04:35] - [2009-04-22 06:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8

C:\Windows\explorer.exe
[2009-04-22 05:04] - [2009-04-22 06:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E

C:\Windows\SysWOW64\explorer.exe
[2009-04-22 04:40] - [2009-04-22 06:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED

C:\Windows\System32\svchost.exe
[2009-04-22 04:35] - [2009-04-22 06:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E

C:\Windows\SysWOW64\svchost.exe
[2009-04-22 04:16] - [2009-04-22 06:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC

C:\Windows\System32\services.exe
[2009-04-22 04:23] - [2009-04-22 06:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966

C:\Windows\System32\User32.dll
[2009-04-22 04:44] - [2009-04-22 06:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E

C:\Windows\SysWOW64\User32.dll
[2009-04-22 04:22] - [2009-04-22 06:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA

C:\Windows\System32\userinit.exe
[2009-04-22 04:57] - [2009-04-22 06:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC

C:\Windows\SysWOW64\userinit.exe
[2009-04-22 04:32] - [2009-04-22 06:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E

C:\Windows\System32\rpcss.dll
[2009-04-22 05:08] - [2009-04-22 06:40] - 0510976 ____A (Microsoft Corporation) A5793D306C3878FF2A8EB978BB1126D5

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2009-04-22 04:23] - [2009-04-22 06:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603



LastRegBack: 2013-12-19 02:36

==================== End Of Log ============================

--- --- ---

schrauber · 22.01.2014, 09:08

Zitat:

C:\Windows\System32\rpcss.dll

Lass diese Datei bitte mal bei www.virustotal.com scannen.

juergen007 · 22.01.2014, 20:06

hi
wenn ich auf virustotal das öffnemenu öffne ercheinet das rcpss nicht wohl weil systemdatei, auch wen ich in ordnereigenschftaen den Punkt setze..
hab das kopiert nach c:\div\rcpsss.dll und da sagt virustotal keine fehler

schrauber · 23.01.2014, 16:24

Häh? Irgendwie kann ich deinem ersten Satz nit folgen

juergen007 · 24.01.2014, 12:19

ich konnte diese dll datei nicht uploaden deswegeb hab ich ne kopie gemacht und die nach virustotal geladen keine fehler

avg hab ich geloescht dafür kaspersky installiert aber nach 1 tag ist das abgelaufen..

diese störenden effekte scheinen weg k.A.
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by juergi (administrator) on JUERGI-PC on 24-01-2014 12:15:55
Running from C:\Users\juergi\Desktop
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(GRISOFT s.r.o.) C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
(Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(GRISOFT s.r.o.) C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [!AVG Anti-Spyware] - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312 2007-06-11] (GRISOFT s.r.o.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [340456 2009-10-20] (Kaspersky Lab)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios)
HKCU\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKCU\...\Policies\Explorer: [NoThumbNailCache] 1
MountPoints2: {cb7303ca-f82f-11e2-9b92-806e6f6e6963} - NOTEPAD README.LRZ
MountPoints2: {cb7303cc-f82f-11e2-9b92-806e6f6e6963} - E:\LaunchU3.exe -a
AppInit_DLLs-x32: hplun.dll => File Not Found
AppInit_DLLs-x32: ,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll [109072 2009-10-20] (Kaspersky Lab)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A8583A5499CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32:  - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\tmc5k2ll.default-1390314354418
FF user.js: detected! => C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\tmc5k2ll.default-1390314354418\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lightning Speed Dial - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\tmc5k2ll.default-1390314354418\Extensions\lightningnewtab@gmail.com [2014-01-24]
FF Extension: Extension_Protected - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\tmc5k2ll.default-1390314354418\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\tmc5k2ll.default-1390314354418\extensions\lightningnewtab@gmail.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [ext@flashenhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKCU\...\Firefox\Extensions: [{f7970ed7-0d82-4591-a646-47f600a44ac0}] - C:\Program Files (x86)\Re-markit\150.xpi

Chrome: 
=======
CHR DefaultSearchKeyword: nationzoom
CHR DefaultSearchProvider: nationzoom
CHR DefaultSearchURL: hxxp://www.nationzoom.com/web/?type=ds&ts=1390344414&from=amt&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (RightSurf) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjpgnlpolfpnebjjaciccmmjnmjfjkl [2014-01-23]
CHR Extension: (Google Wallet) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
CHR Extension: (Lightning speedDial) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-01-21]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 AVG Anti-Spyware Guard; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [340456 2009-10-20] (Kaspersky Lab)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [x]

==================== Drivers (Whitelisted) ====================

S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 AVG Anti-Spyware Driver; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys [12024 2007-05-30] ()
R1 AvgAsC64; C:\Windows\System32\DRIVERS\AvgAsC64.sys [14072 2007-05-30] (GRISOFT, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies)
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [78440 2013-07-29] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-16] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34408 2013-07-29] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37480 2013-07-29] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33896 2013-07-29] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25704 2013-07-29] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27752 2013-07-29] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30312 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51304 2013-07-29] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36968 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34408 2013-07-29] (Jetico, Inc.)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-07-29] (Jetico, Inc.)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [352784 2014-01-23] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-09-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [17472 2013-07-29] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-07-29] (Jetico, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 12:15 - 2014-01-24 12:15 - 00000000 ____D C:\Users\juergi\Desktop\FRST-OlderVersion
2014-01-23 17:22 - 2014-01-24 12:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-23 17:22 - 2014-01-23 17:27 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2014-01-23 17:22 - 2014-01-23 17:27 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2014-01-23 17:22 - 2014-01-23 17:22 - 00352784 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2014-01-23 17:22 - 2014-01-23 17:22 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2014-01-23 17:21 - 2014-01-23 17:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2014-01-23 17:19 - 2014-01-23 17:20 - 67291088 _____ (Kaspersky Lab) C:\Users\juergi\Downloads\kav9.0.0.736en.exe
2014-01-23 17:10 - 2014-01-23 17:22 - 946040116 _____ C:\Users\juergi\Downloads\Salt_2013-12-30_2215_274985(1).avi
2014-01-23 06:50 - 2014-01-23 07:16 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Operation.Walkuere.German.2008.AC3.DVDRiP.XViD.iNTERNAL-NTB
2014-01-23 04:03 - 2014-01-23 04:03 - 00001083 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\Users\juergi\AppData\Local\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\ProgramData\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-23 04:03 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-01-23 04:02 - 2014-01-23 04:03 - 10619688 _____ (VS Revo Group                                               ) C:\Users\juergi\Downloads\RevoUninProSetup (1).exe
2014-01-23 04:02 - 2014-01-23 04:02 - 10619688 _____ (VS Revo Group                                               ) C:\Users\juergi\Downloads\RevoUninProSetup.exe
2014-01-23 03:48 - 2014-01-23 03:48 - 00004996 _____ C:\Users\juergi\Desktop\JRT.txt
2014-01-23 03:43 - 2014-01-23 03:43 - 01037068 _____ (Thisisu) C:\Users\juergi\Downloads\JRT.exe
2014-01-23 03:39 - 2014-01-23 03:39 - 00001093 _____ C:\Users\juergi\Desktop\MyPC Backup.lnk
2014-01-23 03:38 - 2014-01-23 03:40 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2014-01-23 03:38 - 2014-01-23 03:38 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector
2014-01-23 03:38 - 2014-01-23 03:38 - 00003112 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-01-23 03:38 - 2014-01-23 03:38 - 00001207 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-01-23 03:38 - 2014-01-23 03:38 - 00001056 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2014-01-23 03:38 - 2013-12-27 18:10 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-01-23 03:38 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2014-01-23 03:37 - 2014-01-23 03:39 - 00000150 _____ C:\Users\juergi\AppData\Roaming\WB.CFG
2014-01-23 03:37 - 2014-01-23 03:37 - 00001123 _____ C:\Users\juergi\Desktop\PC Speed Maximizer.lnk
2014-01-23 03:37 - 2014-01-23 03:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\DigitalSites
2014-01-23 03:37 - 2014-01-23 03:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\0D0S1L2Z1P1B
2014-01-23 03:36 - 2014-01-23 03:36 - 00685888 _____ C:\Users\juergi\Downloads\ZipExtractorSetup.exe
2014-01-23 03:29 - 2014-01-23 03:58 - 1272954532 _____ C:\Users\juergi\Downloads\School_of_Rock_2013-12-31_2015_274985.avi
2014-01-22 20:13 - 2014-01-22 20:25 - 946040116 _____ C:\Users\juergi\Downloads\Salt_2013-12-30_2215_274985.avi
2014-01-22 16:30 - 2009-04-22 06:40 - 00510976 _____ (Microsoft Corporation) C:\rpcsss.dll
2014-01-22 00:48 - 2014-01-22 00:51 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E06.Gina.Zanetakos.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 23:54 - 2014-01-08 04:36 - 01037068 _____ (Thisisu) C:\Users\juergi\Desktop\JRT_NEW.exe
2014-01-21 23:47 - 2014-01-22 01:39 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 ____D C:\Users\juergi\AppData\Local\cache
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 ____D C:\Users\juergi\.android
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 _____ C:\Users\juergi\daemonprocess.txt
2014-01-21 23:46 - 2014-01-21 23:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-21 23:45 - 2014-01-21 23:45 - 00405032 _____ (Amônétízé Ltd) C:\Users\juergi\Downloads\FlashPlayersetup__4588_i280239144_il88.exe
2014-01-21 22:10 - 2014-01-21 23:37 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E04.The.Stewmaker.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:10 - 2014-01-21 22:36 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E03.Wujing.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:09 - 2014-01-22 00:00 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E04.Sommercamp.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 22:09 - 2014-01-21 22:38 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E01.Geldwaesche.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 22:09 - 2014-01-21 22:30 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E05.The.Courier.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:09 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E03.In.geheimer.Mission.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 17:33 - 2014-01-21 23:51 - 00001023 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-21 17:32 - 2014-01-21 17:33 - 37739976 _____ (Google Inc.) C:\Users\juergi\Downloads\ChromeStandalone32Setup(1).exe
2014-01-21 17:32 - 2014-01-21 17:32 - 37739976 _____ (Google Inc.) C:\Users\juergi\Downloads\ChromeStandalone32Setup.exe
2014-01-21 15:25 - 2014-01-21 15:25 - 00000000 ____D C:\Users\juergi\Desktop\Alte Firefox-Daten
2014-01-21 12:40 - 2014-01-23 03:57 - 00001202 _____ C:\Users\Public\Desktop\AVG Anti-Spyware.lnk
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Grisoft
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\ProgramData\Grisoft
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\Program Files (x86)\Grisoft
2014-01-21 12:40 - 2007-05-30 13:10 - 00014072 _____ (GRISOFT, s.r.o.) C:\Windows\system32\Drivers\AvgAsC64.sys
2014-01-21 12:26 - 2014-01-24 12:15 - 02077696 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2014-01-21 12:26 - 2014-01-24 12:15 - 00014239 _____ C:\Users\juergi\Desktop\FRST.txt
2014-01-21 12:06 - 2014-01-21 12:06 - 01236282 _____ C:\Users\juergi\Desktop\adwcleaner.exe
2014-01-21 11:52 - 2014-01-21 11:52 - 00000000 ____D C:\ProgramData\McAfee
2014-01-18 11:06 - 2014-01-18 11:06 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 11:00 - 2014-01-18 11:00 - 00005373 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 11:00 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 11:00 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-18 11:00 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-18 11:00 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-18 09:54 - 2014-01-18 09:55 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Big.Bang.Theory.S07E02.Eine.Koerbchengroesse.mehr.GERMAN.DUBBED.WebHDRiP.x264-SOF
2013-12-31 20:27 - 2013-12-31 20:30 - 31354920 _____ C:\Users\juergi\Downloads\Auto Test Dezember 2013.rar

==================== One Month Modified Files and Folders =======

2014-01-24 12:16 - 2014-01-21 12:26 - 00014239 _____ C:\Users\juergi\Desktop\FRST.txt
2014-01-24 12:15 - 2014-01-24 12:15 - 00000000 ____D C:\Users\juergi\Desktop\FRST-OlderVersion
2014-01-24 12:15 - 2014-01-21 12:26 - 02077696 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2014-01-24 12:15 - 2013-07-26 10:44 - 00000000 ____D C:\FRST
2014-01-24 12:13 - 2009-04-22 14:13 - 00696144 _____ C:\Windows\system32\perfh007.dat
2014-01-24 12:13 - 2009-04-22 14:13 - 00147386 _____ C:\Windows\system32\perfc007.dat
2014-01-24 12:13 - 2009-04-22 10:27 - 01611134 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-24 12:09 - 2014-01-23 17:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-24 12:08 - 2013-12-03 13:53 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-24 12:08 - 2013-10-01 16:00 - 00015792 _____ C:\Windows\setupact.log
2014-01-24 12:08 - 2009-04-22 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-23 21:54 - 2013-09-04 09:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent
2014-01-23 21:54 - 2013-07-29 09:46 - 01945991 _____ C:\Windows\WindowsUpdate.log
2014-01-23 21:53 - 2013-08-04 11:59 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype
2014-01-23 21:37 - 2013-11-19 14:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-23 21:04 - 2013-12-03 13:53 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-23 17:57 - 2013-08-04 11:59 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-23 17:57 - 2013-08-04 11:59 - 00000000 ____D C:\ProgramData\Skype
2014-01-23 17:27 - 2014-01-23 17:22 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat
2014-01-23 17:27 - 2014-01-23 17:22 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat
2014-01-23 17:22 - 2014-01-23 17:22 - 00352784 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2014-01-23 17:22 - 2014-01-23 17:22 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2014-01-23 17:22 - 2014-01-23 17:10 - 946040116 _____ C:\Users\juergi\Downloads\Salt_2013-12-30_2215_274985(1).avi
2014-01-23 17:21 - 2014-01-23 17:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2014-01-23 17:20 - 2014-01-23 17:19 - 67291088 _____ (Kaspersky Lab) C:\Users\juergi\Downloads\kav9.0.0.736en.exe
2014-01-23 17:06 - 2009-04-22 10:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-23 17:06 - 2009-04-22 10:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-23 16:58 - 2013-07-29 11:38 - 00034502 _____ C:\Windows\PFRO.log
2014-01-23 07:16 - 2014-01-23 06:50 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Operation.Walkuere.German.2008.AC3.DVDRiP.XViD.iNTERNAL-NTB
2014-01-23 04:03 - 2014-01-23 04:03 - 00001083 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\Users\juergi\AppData\Local\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\ProgramData\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:02 - 10619688 _____ (VS Revo Group                                               ) C:\Users\juergi\Downloads\RevoUninProSetup (1).exe
2014-01-23 04:02 - 2014-01-23 04:02 - 10619688 _____ (VS Revo Group                                               ) C:\Users\juergi\Downloads\RevoUninProSetup.exe
2014-01-23 04:02 - 2013-09-05 10:52 - 00000000 ____D C:\AdwCleaner
2014-01-23 03:58 - 2014-01-23 03:29 - 1272954532 _____ C:\Users\juergi\Downloads\School_of_Rock_2013-12-31_2015_274985.avi
2014-01-23 03:57 - 2014-01-21 12:40 - 00001202 _____ C:\Users\Public\Desktop\AVG Anti-Spyware.lnk
2014-01-23 03:48 - 2014-01-23 03:48 - 00004996 _____ C:\Users\juergi\Desktop\JRT.txt
2014-01-23 03:43 - 2014-01-23 03:43 - 01037068 _____ (Thisisu) C:\Users\juergi\Downloads\JRT.exe
2014-01-23 03:43 - 2013-09-27 10:46 - 01037068 _____ (Thisisu) C:\Users\juergi\Desktop\JRT.exe
2014-01-23 03:40 - 2014-01-23 03:38 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2014-01-23 03:39 - 2014-01-23 03:39 - 00001093 _____ C:\Users\juergi\Desktop\MyPC Backup.lnk
2014-01-23 03:39 - 2014-01-23 03:37 - 00000150 _____ C:\Users\juergi\AppData\Roaming\WB.CFG
2014-01-23 03:39 - 2013-07-29 09:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 03:38 - 2014-01-23 03:38 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector
2014-01-23 03:38 - 2014-01-23 03:38 - 00003112 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-01-23 03:38 - 2014-01-23 03:38 - 00001207 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-01-23 03:38 - 2014-01-23 03:38 - 00001056 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2014-01-23 03:37 - 2014-01-23 03:37 - 00001123 _____ C:\Users\juergi\Desktop\PC Speed Maximizer.lnk
2014-01-23 03:37 - 2014-01-23 03:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\DigitalSites
2014-01-23 03:37 - 2014-01-23 03:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\0D0S1L2Z1P1B
2014-01-23 03:36 - 2014-01-23 03:36 - 00685888 _____ C:\Users\juergi\Downloads\ZipExtractorSetup.exe
2014-01-22 20:25 - 2014-01-22 20:13 - 946040116 _____ C:\Users\juergi\Downloads\Salt_2013-12-30_2215_274985.avi
2014-01-22 01:40 - 2013-07-12 01:55 - 00000000 ____D C:\dateien
2014-01-22 01:39 - 2014-01-21 23:47 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-22 00:51 - 2014-01-22 00:48 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E06.Gina.Zanetakos.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-22 00:00 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E04.Sommercamp.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 23:51 - 2014-01-21 17:33 - 00001023 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-21 23:51 - 2013-07-29 10:01 - 00000803 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 23:51 - 2013-07-29 09:47 - 00000919 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 23:51 - 2013-07-29 09:47 - 00000851 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 ____D C:\Users\juergi\AppData\Local\cache
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 ____D C:\Users\juergi\.android
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 _____ C:\Users\juergi\daemonprocess.txt
2014-01-21 23:47 - 2013-07-29 09:46 - 00000000 ____D C:\Users\juergi
2014-01-21 23:46 - 2014-01-21 23:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-21 23:45 - 2014-01-21 23:45 - 00405032 _____ (Amônétízé Ltd) C:\Users\juergi\Downloads\FlashPlayersetup__4588_i280239144_il88.exe
2014-01-21 23:37 - 2014-01-21 22:10 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E04.The.Stewmaker.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:38 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E01.Geldwaesche.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 22:36 - 2014-01-21 22:10 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E03.Wujing.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:30 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E05.The.Courier.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:09 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E03.In.geheimer.Mission.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 17:33 - 2014-01-21 17:32 - 37739976 _____ (Google Inc.) C:\Users\juergi\Downloads\ChromeStandalone32Setup(1).exe
2014-01-21 17:33 - 2013-08-15 01:52 - 00000000 ____D C:\Users\juergi\AppData\Local\Google
2014-01-21 17:33 - 2013-08-15 01:52 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-21 17:32 - 2014-01-21 17:32 - 37739976 _____ (Google Inc.) C:\Users\juergi\Downloads\ChromeStandalone32Setup.exe
2014-01-21 17:25 - 2013-08-03 23:58 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse
2014-01-21 15:25 - 2014-01-21 15:25 - 00000000 ____D C:\Users\juergi\Desktop\Alte Firefox-Daten
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Grisoft
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\ProgramData\Grisoft
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\Program Files (x86)\Grisoft
2014-01-21 12:24 - 2013-07-30 18:32 - 00000000 ____D C:\ProgramData\MFAData
2014-01-21 12:10 - 2013-09-13 19:58 - 00000561 _____ C:\Users\juergi\Desktop\Search.lnk
2014-01-21 12:06 - 2014-01-21 12:06 - 01236282 _____ C:\Users\juergi\Desktop\adwcleaner.exe
2014-01-21 11:53 - 2013-08-28 08:43 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe
2014-01-21 11:52 - 2014-01-21 11:52 - 00000000 ____D C:\ProgramData\McAfee
2014-01-21 11:52 - 2013-11-19 14:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-21 11:52 - 2013-07-30 15:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-21 11:52 - 2013-07-30 15:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-19 21:55 - 2013-08-10 13:21 - 00021504 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-18 21:49 - 2013-08-13 12:05 - 00000000 ____D C:\Program Files\Java
2014-01-18 20:35 - 2009-04-22 08:16 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-18 16:22 - 2013-10-29 23:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc
2014-01-18 11:06 - 2014-01-18 11:06 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 11:00 - 2014-01-18 11:00 - 00005373 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 11:00 - 2013-10-19 20:21 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 11:00 - 2013-09-21 13:59 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 10:09 - 2013-07-29 10:20 - 00000000 ____D C:\Users\juergi\AppData\Local\GHISLER
2014-01-18 09:55 - 2014-01-18 09:54 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Big.Bang.Theory.S07E02.Eine.Koerbchengroesse.mehr.GERMAN.DUBBED.WebHDRiP.x264-SOF
2014-01-12 22:22 - 2013-12-04 20:16 - 00000000 ____D C:\Users\juergi\Desktop\Mumble
2014-01-12 17:33 - 2013-07-30 15:13 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Notepad++
2014-01-08 04:36 - 2014-01-21 23:54 - 01037068 _____ (Thisisu) C:\Users\juergi\Desktop\JRT_NEW.exe
2013-12-31 20:30 - 2013-12-31 20:27 - 31354920 _____ C:\Users\juergi\Downloads\Auto Test Dezember 2013.rar
2013-12-27 18:10 - 2014-01-23 03:38 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe

Some content of TEMP:
====================
C:\Users\juergi\AppData\Local\Temp\51894uninstall.exe
C:\Users\juergi\AppData\Local\Temp\BackupSetup.exe
C:\Users\juergi\AppData\Local\Temp\dlLogic.exe
C:\Users\juergi\AppData\Local\Temp\EnableExtDll.dll
C:\Users\juergi\AppData\Local\Temp\Quarantine.exe
C:\Users\juergi\AppData\Local\Temp\Sqlite3.dll
C:\Users\juergi\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2009-04-22 05:00] - [2009-04-22 06:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01

C:\Windows\System32\wininit.exe
[2009-04-22 04:59] - [2009-04-22 06:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365

C:\Windows\SysWOW64\wininit.exe
[2009-04-22 04:35] - [2009-04-22 06:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8

C:\Windows\explorer.exe
[2009-04-22 05:04] - [2009-04-22 06:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E

C:\Windows\SysWOW64\explorer.exe
[2009-04-22 04:40] - [2009-04-22 06:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED

C:\Windows\System32\svchost.exe
[2009-04-22 04:35] - [2009-04-22 06:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E

C:\Windows\SysWOW64\svchost.exe
[2009-04-22 04:16] - [2009-04-22 06:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC

C:\Windows\System32\services.exe
[2009-04-22 04:23] - [2009-04-22 06:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966

C:\Windows\System32\User32.dll
[2009-04-22 04:44] - [2009-04-22 06:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E

C:\Windows\SysWOW64\User32.dll
[2009-04-22 04:22] - [2009-04-22 06:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA

C:\Windows\System32\userinit.exe
[2009-04-22 04:57] - [2009-04-22 06:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC

C:\Windows\SysWOW64\userinit.exe
[2009-04-22 04:32] - [2009-04-22 06:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E

C:\Windows\System32\rpcss.dll
[2009-04-22 05:08] - [2009-04-22 06:40] - 0510976 ____A (Microsoft Corporation) A5793D306C3878FF2A8EB978BB1126D5

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2009-04-22 04:23] - [2009-04-22 06:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603



LastRegBack: 2013-12-19 02:36

==================== End Of Log ============================

--- --- ---

schrauber · 25.01.2014, 11:27

sauber. Also aktuell keine Probleme?

juergen007 · 26.01.2014, 15:25

ja scheint fast ok diverse casino pop ups noch adwcleaner und jrt finden nichts mehr
Ms esssentials findet auch nichts..
vleicht mozilla adblock installieren?
was ist flashenhancer??

Thx

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by juergi (administrator) on JUERGI-PC on 26-01-2014 15:23:56
Running from C:\Users\juergi\Desktop
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(GRISOFT s.r.o.) C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(GRISOFT s.r.o.) C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [!AVG Anti-Spyware] - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312 2007-06-11] (GRISOFT s.r.o.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios)
HKCU\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group)
HKCU\...\Policies\Explorer: [NoThumbNailCache] 1
MountPoints2: {cb7303ca-f82f-11e2-9b92-806e6f6e6963} - NOTEPAD README.LRZ
MountPoints2: {cb7303cc-f82f-11e2-9b92-806e6f6e6963} - E:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34A8583A5499CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32:  - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\tmc5k2ll.default-1390314354418
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lightning Speed Dial - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\tmc5k2ll.default-1390314354418\Extensions\lightningnewtab@gmail.com [2014-01-24]
FF Extension: Extension_Protected - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\tmc5k2ll.default-1390314354418\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\tmc5k2ll.default-1390314354418\extensions\lightningnewtab@gmail.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [ext@flashenhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKCU\...\Firefox\Extensions: [{f7970ed7-0d82-4591-a646-47f600a44ac0}] - C:\Program Files (x86)\Re-markit\150.xpi

Chrome: 
=======
CHR DefaultSearchKeyword: nationzoom
CHR DefaultSearchProvider: nationzoom
CHR DefaultSearchURL: hxxp://www.nationzoom.com/web/?type=ds&ts=1390344414&from=amt&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Wallet) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-01-21]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 AVG Anti-Spyware Guard; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT s.r.o.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [x]

==================== Drivers (Whitelisted) ====================

S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 AVG Anti-Spyware Driver; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys [12024 2007-05-30] ()
R1 AvgAsC64; C:\Windows\System32\DRIVERS\AvgAsC64.sys [14072 2007-05-30] (GRISOFT, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies)
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [78440 2013-07-29] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-16] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34408 2013-07-29] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37480 2013-07-29] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33896 2013-07-29] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25704 2013-07-29] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27752 2013-07-29] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30312 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51304 2013-07-29] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36968 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34408 2013-07-29] (Jetico, Inc.)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-07-29] (Jetico, Inc.)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [17472 2013-07-29] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-07-29] (Jetico, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 15:23 - 2014-01-26 15:23 - 00000000 ____D C:\Users\juergi\Desktop\FRST-OlderVersion
2014-01-25 16:43 - 2014-01-25 16:43 - 00000933 _____ C:\Users\Public\Desktop\Agent.lnk
2014-01-25 16:43 - 2014-01-25 16:43 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Forte
2014-01-25 16:43 - 2014-01-25 16:43 - 00000000 ____D C:\Program Files (x86)\Agent
2014-01-25 16:32 - 2014-01-25 16:32 - 00000768 _____ C:\Users\juergi\Desktop\JRT.txt
2014-01-25 16:03 - 2014-01-25 16:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-25 16:03 - 2014-01-25 16:03 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-25 16:03 - 2014-01-25 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-25 16:01 - 2014-01-25 16:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-25 16:00 - 2014-01-25 16:24 - 00000000 ____D C:\Users\juergi\Desktop\mbar
2014-01-25 16:00 - 2014-01-25 15:59 - 12589848 _____ (Malwarebytes Corp.) C:\Users\juergi\Desktop\mbar-1.07.0.1009.exe
2014-01-25 15:59 - 2014-01-25 15:59 - 12589848 _____ (Malwarebytes Corp.) C:\Users\juergi\Downloads\mbar-1.07.0.1009.exe
2014-01-24 19:36 - 2014-01-24 19:49 - 1055474860 _____ C:\Users\juergi\Downloads\Resident_Evil_Extinction_2014-01-01_0105_274985.avi
2014-01-24 13:41 - 2014-01-24 14:22 - 1455767506 _____ C:\Users\juergi\Downloads\Slumdog_Millionaer_2014-01-02_2015_274985.avi
2014-01-24 13:41 - 2014-01-24 14:12 - 989641362 _____ C:\Users\juergi\Downloads\Men_in_Black_II_2014-01-01_1635_274985.avi
2014-01-24 13:41 - 2014-01-24 14:09 - 1272954532 _____ C:\Users\juergi\Downloads\School_of_Rock_2013-12-31_2015_274985(1).avi
2014-01-24 12:45 - 2014-01-20 04:00 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-24 12:42 - 2014-01-24 12:42 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-24 12:41 - 2014-01-24 12:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-24 12:41 - 2014-01-24 12:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2014-01-24 12:24 - 2014-01-24 12:24 - 00000000 ____D C:\mse
2014-01-24 12:20 - 2014-01-24 12:22 - 24361353 _____ C:\Users\juergi\Downloads\MicrosoftSecurityEssentials-4.4.zip
2014-01-23 17:22 - 2014-01-24 19:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-23 17:19 - 2014-01-23 17:20 - 67291088 _____ (Kaspersky Lab) C:\Users\juergi\Downloads\kav9.0.0.736en.exe
2014-01-23 06:50 - 2014-01-23 07:16 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Operation.Walkuere.German.2008.AC3.DVDRiP.XViD.iNTERNAL-NTB
2014-01-23 04:03 - 2014-01-23 04:03 - 00001083 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\Users\juergi\AppData\Local\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\ProgramData\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-23 04:03 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-01-23 04:02 - 2014-01-23 04:03 - 10619688 _____ (VS Revo Group                                               ) C:\Users\juergi\Downloads\RevoUninProSetup (1).exe
2014-01-23 04:02 - 2014-01-23 04:02 - 10619688 _____ (VS Revo Group                                               ) C:\Users\juergi\Downloads\RevoUninProSetup.exe
2014-01-23 03:43 - 2014-01-23 03:43 - 01037068 _____ (Thisisu) C:\Users\juergi\Downloads\JRT.exe
2014-01-23 03:38 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2014-01-23 03:37 - 2014-01-23 03:39 - 00000150 _____ C:\Users\juergi\AppData\Roaming\WB.CFG
2014-01-23 03:37 - 2014-01-23 03:37 - 00001123 _____ C:\Users\juergi\Desktop\PC Speed Maximizer.lnk
2014-01-23 03:37 - 2014-01-23 03:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\DigitalSites
2014-01-23 03:36 - 2014-01-23 03:36 - 00685888 _____ C:\Users\juergi\Downloads\ZipExtractorSetup.exe
2014-01-22 20:13 - 2014-01-22 20:25 - 946040116 _____ C:\Users\juergi\Downloads\Salt_2013-12-30_2215_274985.avi
2014-01-22 16:30 - 2009-04-22 06:40 - 00510976 _____ (Microsoft Corporation) C:\rpcsss.dll
2014-01-22 00:48 - 2014-01-22 00:51 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E06.Gina.Zanetakos.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 23:54 - 2014-01-08 04:36 - 01037068 _____ (Thisisu) C:\Users\juergi\Desktop\JRT_NEW.exe
2014-01-21 23:47 - 2014-01-22 01:39 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 ____D C:\Users\juergi\AppData\Local\cache
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 ____D C:\Users\juergi\.android
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 _____ C:\Users\juergi\daemonprocess.txt
2014-01-21 23:46 - 2014-01-21 23:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-21 23:45 - 2014-01-21 23:45 - 00405032 _____ (Amônétízé Ltd) C:\Users\juergi\Downloads\FlashPlayersetup__4588_i280239144_il88.exe
2014-01-21 22:10 - 2014-01-21 23:37 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E04.The.Stewmaker.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:10 - 2014-01-21 22:36 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E03.Wujing.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:09 - 2014-01-22 00:00 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E04.Sommercamp.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 22:09 - 2014-01-21 22:38 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E01.Geldwaesche.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 22:09 - 2014-01-21 22:30 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E05.The.Courier.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:09 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E03.In.geheimer.Mission.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 17:33 - 2014-01-21 23:51 - 00001023 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-21 15:25 - 2014-01-21 15:25 - 00000000 ____D C:\Users\juergi\Desktop\Alte Firefox-Daten
2014-01-21 12:40 - 2014-01-23 03:57 - 00001202 _____ C:\Users\Public\Desktop\AVG Anti-Spyware.lnk
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Grisoft
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\ProgramData\Grisoft
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\Program Files (x86)\Grisoft
2014-01-21 12:40 - 2007-05-30 13:10 - 00014072 _____ (GRISOFT, s.r.o.) C:\Windows\system32\Drivers\AvgAsC64.sys
2014-01-21 12:26 - 2014-01-26 15:23 - 02078208 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2014-01-21 12:26 - 2014-01-26 15:23 - 00013101 _____ C:\Users\juergi\Desktop\FRST.txt
2014-01-21 12:06 - 2014-01-21 12:06 - 01236282 _____ C:\Users\juergi\Desktop\adwcleaner.exe
2014-01-21 11:52 - 2014-01-21 11:52 - 00000000 ____D C:\ProgramData\McAfee
2014-01-18 11:06 - 2014-01-18 11:06 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 11:00 - 2014-01-18 11:00 - 00005373 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 11:00 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 11:00 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-18 11:00 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-18 11:00 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-18 09:54 - 2014-01-18 09:55 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Big.Bang.Theory.S07E02.Eine.Koerbchengroesse.mehr.GERMAN.DUBBED.WebHDRiP.x264-SOF
2013-12-31 20:27 - 2013-12-31 20:30 - 31354920 _____ C:\Users\juergi\Downloads\Auto Test Dezember 2013.rar

==================== One Month Modified Files and Folders =======

2014-01-26 15:23 - 2014-01-26 15:23 - 00000000 ____D C:\Users\juergi\Desktop\FRST-OlderVersion
2014-01-26 15:23 - 2014-01-21 12:26 - 02078208 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2014-01-26 15:23 - 2014-01-21 12:26 - 00013101 _____ C:\Users\juergi\Desktop\FRST.txt
2014-01-26 15:23 - 2013-07-26 10:44 - 00000000 ____D C:\FRST
2014-01-26 15:23 - 2013-07-12 01:55 - 00000000 ____D C:\dateien
2014-01-26 15:20 - 2009-04-22 10:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 15:20 - 2009-04-22 10:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 15:16 - 2009-04-22 14:13 - 00696144 _____ C:\Windows\system32\perfh007.dat
2014-01-26 15:16 - 2009-04-22 14:13 - 00147386 _____ C:\Windows\system32\perfc007.dat
2014-01-26 15:16 - 2009-04-22 10:27 - 01611134 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-26 15:12 - 2013-12-03 13:53 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-26 15:12 - 2013-10-01 16:00 - 00016128 _____ C:\Windows\setupact.log
2014-01-26 15:12 - 2009-04-22 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 03:42 - 2013-07-29 09:46 - 02062334 _____ C:\Windows\WindowsUpdate.log
2014-01-26 03:41 - 2013-09-04 09:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent
2014-01-26 03:41 - 2013-08-04 11:59 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype
2014-01-26 03:37 - 2013-11-19 14:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 03:04 - 2013-12-03 13:53 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 18:25 - 2013-10-29 23:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc
2014-01-25 17:53 - 2013-08-03 23:58 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse
2014-01-25 17:49 - 2013-08-10 13:21 - 00026112 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-25 16:43 - 2014-01-25 16:43 - 00000933 _____ C:\Users\Public\Desktop\Agent.lnk
2014-01-25 16:43 - 2014-01-25 16:43 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Forte
2014-01-25 16:43 - 2014-01-25 16:43 - 00000000 ____D C:\Program Files (x86)\Agent
2014-01-25 16:32 - 2014-01-25 16:32 - 00000768 _____ C:\Users\juergi\Desktop\JRT.txt
2014-01-25 16:25 - 2013-09-05 10:52 - 00000000 ____D C:\AdwCleaner
2014-01-25 16:24 - 2014-01-25 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-25 16:24 - 2014-01-25 16:00 - 00000000 ____D C:\Users\juergi\Desktop\mbar
2014-01-25 16:03 - 2014-01-25 16:03 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-25 16:03 - 2014-01-25 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-25 16:01 - 2014-01-25 16:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-25 15:59 - 2014-01-25 16:00 - 12589848 _____ (Malwarebytes Corp.) C:\Users\juergi\Desktop\mbar-1.07.0.1009.exe
2014-01-25 15:59 - 2014-01-25 15:59 - 12589848 _____ (Malwarebytes Corp.) C:\Users\juergi\Downloads\mbar-1.07.0.1009.exe
2014-01-24 19:49 - 2014-01-24 19:36 - 1055474860 _____ C:\Users\juergi\Downloads\Resident_Evil_Extinction_2014-01-01_0105_274985.avi
2014-01-24 19:18 - 2014-01-23 17:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-24 19:08 - 2013-07-29 11:38 - 00034990 _____ C:\Windows\PFRO.log
2014-01-24 14:22 - 2014-01-24 13:41 - 1455767506 _____ C:\Users\juergi\Downloads\Slumdog_Millionaer_2014-01-02_2015_274985.avi
2014-01-24 14:12 - 2014-01-24 13:41 - 989641362 _____ C:\Users\juergi\Downloads\Men_in_Black_II_2014-01-01_1635_274985.avi
2014-01-24 14:09 - 2014-01-24 13:41 - 1272954532 _____ C:\Users\juergi\Downloads\School_of_Rock_2013-12-31_2015_274985(1).avi
2014-01-24 12:42 - 2014-01-24 12:42 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-24 12:41 - 2014-01-24 12:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-24 12:41 - 2014-01-24 12:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2014-01-24 12:24 - 2014-01-24 12:24 - 00000000 ____D C:\mse
2014-01-24 12:22 - 2014-01-24 12:20 - 24361353 _____ C:\Users\juergi\Downloads\MicrosoftSecurityEssentials-4.4.zip
2014-01-23 17:57 - 2013-08-04 11:59 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-23 17:57 - 2013-08-04 11:59 - 00000000 ____D C:\ProgramData\Skype
2014-01-23 17:20 - 2014-01-23 17:19 - 67291088 _____ (Kaspersky Lab) C:\Users\juergi\Downloads\kav9.0.0.736en.exe
2014-01-23 07:16 - 2014-01-23 06:50 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Operation.Walkuere.German.2008.AC3.DVDRiP.XViD.iNTERNAL-NTB
2014-01-23 04:03 - 2014-01-23 04:03 - 00001083 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\Users\juergi\AppData\Local\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\ProgramData\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:03 - 00000000 ____D C:\Program Files\VS Revo Group
2014-01-23 04:03 - 2014-01-23 04:02 - 10619688 _____ (VS Revo Group                                               ) C:\Users\juergi\Downloads\RevoUninProSetup (1).exe
2014-01-23 04:02 - 2014-01-23 04:02 - 10619688 _____ (VS Revo Group                                               ) C:\Users\juergi\Downloads\RevoUninProSetup.exe
2014-01-23 03:57 - 2014-01-21 12:40 - 00001202 _____ C:\Users\Public\Desktop\AVG Anti-Spyware.lnk
2014-01-23 03:43 - 2014-01-23 03:43 - 01037068 _____ (Thisisu) C:\Users\juergi\Downloads\JRT.exe
2014-01-23 03:43 - 2013-09-27 10:46 - 01037068 _____ (Thisisu) C:\Users\juergi\Desktop\JRT.exe
2014-01-23 03:39 - 2014-01-23 03:37 - 00000150 _____ C:\Users\juergi\AppData\Roaming\WB.CFG
2014-01-23 03:39 - 2013-07-29 09:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 03:37 - 2014-01-23 03:37 - 00001123 _____ C:\Users\juergi\Desktop\PC Speed Maximizer.lnk
2014-01-23 03:37 - 2014-01-23 03:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\DigitalSites
2014-01-23 03:36 - 2014-01-23 03:36 - 00685888 _____ C:\Users\juergi\Downloads\ZipExtractorSetup.exe
2014-01-22 20:25 - 2014-01-22 20:13 - 946040116 _____ C:\Users\juergi\Downloads\Salt_2013-12-30_2215_274985.avi
2014-01-22 01:39 - 2014-01-21 23:47 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-22 00:51 - 2014-01-22 00:48 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E06.Gina.Zanetakos.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-22 00:00 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E04.Sommercamp.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 23:51 - 2014-01-21 17:33 - 00001023 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-21 23:51 - 2013-07-29 10:01 - 00000803 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 23:51 - 2013-07-29 09:47 - 00000919 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 23:51 - 2013-07-29 09:47 - 00000851 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 ____D C:\Users\juergi\AppData\Local\cache
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 ____D C:\Users\juergi\.android
2014-01-21 23:47 - 2014-01-21 23:47 - 00000000 _____ C:\Users\juergi\daemonprocess.txt
2014-01-21 23:47 - 2013-07-29 09:46 - 00000000 ____D C:\Users\juergi
2014-01-21 23:46 - 2014-01-21 23:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-21 23:45 - 2014-01-21 23:45 - 00405032 _____ (Amônétízé Ltd) C:\Users\juergi\Downloads\FlashPlayersetup__4588_i280239144_il88.exe
2014-01-21 23:37 - 2014-01-21 22:10 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E04.The.Stewmaker.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:38 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E01.Geldwaesche.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 22:36 - 2014-01-21 22:10 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E03.Wujing.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:30 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Blacklist.S01E05.The.Courier.GERMAN.DUBBED.WS.WEBRip.x264-TVP
2014-01-21 22:09 - 2014-01-21 22:09 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Closer.S07E03.In.geheimer.Mission.German.Dubbed.HDTV.XviD-TCPA
2014-01-21 17:33 - 2013-08-15 01:52 - 00000000 ____D C:\Users\juergi\AppData\Local\Google
2014-01-21 17:33 - 2013-08-15 01:52 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-21 15:25 - 2014-01-21 15:25 - 00000000 ____D C:\Users\juergi\Desktop\Alte Firefox-Daten
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Grisoft
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\ProgramData\Grisoft
2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\Program Files (x86)\Grisoft
2014-01-21 12:24 - 2013-07-30 18:32 - 00000000 ____D C:\ProgramData\MFAData
2014-01-21 12:10 - 2013-09-13 19:58 - 00000561 _____ C:\Users\juergi\Desktop\Search.lnk
2014-01-21 12:06 - 2014-01-21 12:06 - 01236282 _____ C:\Users\juergi\Desktop\adwcleaner.exe
2014-01-21 11:53 - 2013-08-28 08:43 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe
2014-01-21 11:52 - 2014-01-21 11:52 - 00000000 ____D C:\ProgramData\McAfee
2014-01-21 11:52 - 2013-11-19 14:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-21 11:52 - 2013-07-30 15:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-21 11:52 - 2013-07-30 15:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-20 04:00 - 2014-01-24 12:45 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 21:49 - 2013-08-13 12:05 - 00000000 ____D C:\Program Files\Java
2014-01-18 20:35 - 2009-04-22 08:16 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-18 11:06 - 2014-01-18 11:06 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 11:06 - 2014-01-18 11:06 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 11:00 - 2014-01-18 11:00 - 00005373 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 11:00 - 2013-10-19 20:21 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 11:00 - 2013-09-21 13:59 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 10:09 - 2013-07-29 10:20 - 00000000 ____D C:\Users\juergi\AppData\Local\GHISLER
2014-01-18 09:55 - 2014-01-18 09:54 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Big.Bang.Theory.S07E02.Eine.Koerbchengroesse.mehr.GERMAN.DUBBED.WebHDRiP.x264-SOF
2014-01-12 22:22 - 2013-12-04 20:16 - 00000000 ____D C:\Users\juergi\Desktop\Mumble
2014-01-12 17:33 - 2013-07-30 15:13 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Notepad++
2014-01-08 04:36 - 2014-01-21 23:54 - 01037068 _____ (Thisisu) C:\Users\juergi\Desktop\JRT_NEW.exe
2013-12-31 20:30 - 2013-12-31 20:27 - 31354920 _____ C:\Users\juergi\Downloads\Auto Test Dezember 2013.rar

Some content of TEMP:
====================
C:\Users\juergi\AppData\Local\Temp\51894uninstall.exe
C:\Users\juergi\AppData\Local\Temp\BackupSetup.exe
C:\Users\juergi\AppData\Local\Temp\dlLogic.exe
C:\Users\juergi\AppData\Local\Temp\EnableExtDll.dll
C:\Users\juergi\AppData\Local\Temp\Quarantine.exe
C:\Users\juergi\AppData\Local\Temp\Sqlite3.dll
C:\Users\juergi\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2009-04-22 05:00] - [2009-04-22 06:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01

C:\Windows\System32\wininit.exe
[2009-04-22 04:59] - [2009-04-22 06:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365

C:\Windows\SysWOW64\wininit.exe
[2009-04-22 04:35] - [2009-04-22 06:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8

C:\Windows\explorer.exe
[2009-04-22 05:04] - [2009-04-22 06:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E

C:\Windows\SysWOW64\explorer.exe
[2009-04-22 04:40] - [2009-04-22 06:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED

C:\Windows\System32\svchost.exe
[2009-04-22 04:35] - [2009-04-22 06:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E

C:\Windows\SysWOW64\svchost.exe
[2009-04-22 04:16] - [2009-04-22 06:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC

C:\Windows\System32\services.exe
[2009-04-22 04:23] - [2009-04-22 06:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966

C:\Windows\System32\User32.dll
[2009-04-22 04:44] - [2009-04-22 06:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E

C:\Windows\SysWOW64\User32.dll
[2009-04-22 04:22] - [2009-04-22 06:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA

C:\Windows\System32\userinit.exe
[2009-04-22 04:57] - [2009-04-22 06:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC

C:\Windows\SysWOW64\userinit.exe
[2009-04-22 04:32] - [2009-04-22 06:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E

C:\Windows\System32\rpcss.dll
[2009-04-22 05:08] - [2009-04-22 06:40] - 0510976 ____A (Microsoft Corporation) A5793D306C3878FF2A8EB978BB1126D5

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2009-04-22 04:23] - [2009-04-22 06:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603



LastRegBack: 2013-12-19 02:36

==================== End Of Log ============================

--- --- ---

26.09.2013, 08:44	#81
schrauber /// the machine /// TB-Ausbilder	meldung kostenlos -> stargames.com Frisches FRST log bitte. Immer noch Probleme? __________________ --> meldung kostenlos -> stargames.com

23.01.2014, 16:24	#87
schrauber /// the machine /// TB-Ausbilder	meldung kostenlos -> stargames.com Häh? Irgendwie kann ich deinem ersten Satz nit folgen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

25.01.2014, 11:27	#89
schrauber /// the machine /// TB-Ausbilder	meldung kostenlos -> stargames.com sauber. Also aktuell keine Probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

meldung kostenlos -> stargames.com

Plagegeister aller Art und deren Bekämpfung: meldung kostenlos -> stargames.com