GVU-Trojaner auf Win7 - frst.txt erstellt

mave1745 · 15.07.2013, 12:35

Hallo liebe Helfer,

der Trojaner legt mein System lahm (Einblendung einer Seite mit vielen "interpol-Logos" im Hintergrund. Schreibe von einem anderen Notebook.

Habe Farbar's Recovery Tool drüberlaufen lassen und folgenden Inhalt bekommen:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by SYSTEM on 15-07-2013 13:03:33
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [StarMoneyRunEntry] - "C:\Program Files (x86)\StarMoney Business 4.0 Commerzbank-Edition\app\oflagent.exe" [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [facemoods] - "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I [362200 2011-09-05] (facemoods.com)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SearchSettings] - "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1302336 2013-06-07] (Spigot, Inc.)
HKU\Martin\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-25] (Google Inc.)
HKU\Martin\...\Winlogon: [Shell] explorer.exe,C:\Users\Martin\AppData\Roaming\cache.dat [123392 2011-11-17] () <==== ATTENTION 
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk
ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [506288 2011-02-08] (REINER SCT)
S2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
S2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1250160 2010-05-31] (Sony Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2010-11-27] (REINER SCT)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 13:02 - 2013-07-15 13:02 - 00000000 ____D C:\FRST
2013-07-15 11:28 - 2013-07-15 11:59 - 00000004 _____ C:\Users\Martin\AppData\Roaming\cache.ini
2013-07-12 07:03 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 07:03 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 07:03 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 07:03 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 07:03 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 07:03 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 07:03 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 07:03 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 07:03 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 07:03 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 07:03 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 07:03 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 07:03 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 07:03 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 07:03 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 07:03 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 07:03 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 07:03 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 07:03 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 07:03 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 07:03 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 07:03 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 16:41 - 2013-07-12 07:49 - 01888281 _____ C:\Users\Martin\Desktop\Screenshots_Sampling.pptx
2013-07-11 14:57 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 14:57 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 14:57 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 14:57 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 14:57 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 14:57 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 14:57 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 11:07 - 2013-07-10 09:00 - 00379904 _____ C:\Users\Martin\Desktop\AAA_Rechnungsuebersicht.xls
2013-07-04 11:23 - 2013-07-04 11:23 - 00000000 ____R C:\Users\Martin\Desktop\AAARechnungsueÂbersicht_2013.xls
2013-06-28 09:33 - 2013-06-28 09:33 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-28 09:33 - 2013-06-28 09:33 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-28 09:33 - 2013-06-28 09:33 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-24 20:25 - 2013-06-24 20:25 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-24 20:25 - 2013-06-24 20:25 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-24 20:25 - 2013-06-24 20:25 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-24 20:25 - 2013-06-24 20:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-06-17 11:37 - 2013-06-17 11:37 - 00000000 ____D C:\Program Files (x86)\pdfforge Toolbar
2013-06-17 11:37 - 2013-06-17 11:37 - 00000000 ____D C:\Program Files (x86)\Application Updater

==================== One Month Modified Files and Folders =======

2013-07-15 13:02 - 2013-07-15 13:02 - 00000000 ____D C:\FRST
2013-07-15 11:59 - 2013-07-15 11:28 - 00000004 _____ C:\Users\Martin\AppData\Roaming\cache.ini
2013-07-15 11:59 - 2011-03-09 23:39 - 01471819 _____ C:\Windows\WindowsUpdate.log
2013-07-15 11:58 - 2009-07-14 05:51 - 00082692 _____ C:\Windows\setupact.log
2013-07-15 11:57 - 2009-07-14 05:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 11:57 - 2009-07-14 05:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 11:51 - 2012-07-09 08:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-15 11:51 - 2010-11-25 12:06 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 11:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 11:33 - 2010-11-25 12:06 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 11:28 - 2013-05-21 14:21 - 00000000 ___HD C:\ProgramData\ArcSoft
2013-07-15 11:28 - 2010-10-12 18:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-15 11:22 - 2012-11-17 13:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 09:44 - 2011-03-18 12:16 - 00000000 ____D C:\PRIVAT
2013-07-14 15:28 - 2010-11-25 12:06 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-14 15:28 - 2010-11-25 12:06 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 14:51 - 2011-03-09 23:42 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4FAF9545-A1D1-430C-9B64-7C341B55FC87}
2013-07-12 07:49 - 2013-07-11 16:41 - 01888281 _____ C:\Users\Martin\Desktop\Screenshots_Sampling.pptx
2013-07-12 07:35 - 2010-11-25 20:39 - 00654400 _____ C:\Windows\System32\perfh007.dat
2013-07-12 07:35 - 2010-11-25 20:39 - 00130240 _____ C:\Windows\System32\perfc007.dat
2013-07-12 07:35 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-12 07:28 - 2009-07-14 05:45 - 00580824 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 07:26 - 2010-10-12 23:58 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 07:26 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 07:26 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 07:04 - 2011-03-31 07:08 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 09:00 - 2013-07-09 11:07 - 00379904 _____ C:\Users\Martin\Desktop\AAA_Rechnungsuebersicht.xls
2013-07-09 13:39 - 2011-03-14 20:06 - 00002112 _____ C:\Users\Martin\Desktop\security.key
2013-07-09 09:07 - 2011-03-14 20:06 - 00004131 _____ C:\Users\Martin\Desktop\security2.key
2013-07-09 09:07 - 2011-03-14 20:06 - 00002112 _____ C:\Users\Martin\Desktop\security.bak
2013-07-09 09:03 - 2011-03-14 20:06 - 00004131 _____ C:\Users\Martin\Desktop\security2.bak
2013-07-05 08:41 - 2011-03-18 12:29 - 00000000 ____D C:\FIRMA
2013-07-04 11:23 - 2013-07-04 11:23 - 00000000 ____R C:\Users\Martin\Desktop\AAARechnungsueÂbersicht_2013.xls
2013-07-04 11:18 - 2011-03-18 20:41 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2013-07-04 08:39 - 2011-03-25 10:38 - 00021504 _____ C:\Users\Martin\Desktop\To Do's.xls
2013-07-03 08:37 - 2011-03-26 14:49 - 00016657 _____ C:\Users\Martin\Sti_Trace.log
2013-06-28 09:33 - 2013-06-28 09:33 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-28 09:33 - 2013-06-28 09:33 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-28 09:33 - 2013-06-28 09:33 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-28 09:33 - 2013-03-14 10:15 - 00189936 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-06-28 09:33 - 2011-03-11 12:35 - 01030952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-28 09:33 - 2011-03-11 12:35 - 00378944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-26 10:49 - 2012-05-22 12:51 - 00000000 ___RD C:\Users\Martin\Dropbox
2013-06-26 10:49 - 2012-05-22 12:50 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Dropbox
2013-06-26 10:48 - 2012-05-22 12:51 - 00001026 _____ C:\Users\Martin\Desktop\Dropbox.lnk
2013-06-24 20:25 - 2013-06-24 20:25 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-24 20:25 - 2013-06-24 20:25 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-24 20:25 - 2013-06-24 20:25 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-24 20:25 - 2013-06-24 20:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-06-17 11:37 - 2013-06-17 11:37 - 00000000 ____D C:\Program Files (x86)\pdfforge Toolbar
2013-06-17 11:37 - 2013-06-17 11:37 - 00000000 ____D C:\Program Files (x86)\Application Updater

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-17 16:26:37
Restore point made on: 2013-06-21 09:43:32
Restore point made on: 2013-06-26 09:59:46
Restore point made on: 2013-07-02 09:19:26
Restore point made on: 2013-07-09 08:27:14
Restore point made on: 2013-07-12 06:57:51
Restore point made on: 2013-07-15 11:28:53

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3950.1 MB
Available physical RAM: 3267.38 MB
Total Pagefile: 3948.25 MB
Available Pagefile: 3254.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:452.18 GB) (Free:333.41 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:13.48 GB) (Free:0.75 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.97 GB) (Free:0.96 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 997147F0)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 994 MB) (Disk ID: 6E652072)
Partition 1: (Not Active) - (Size=811 GB) - (Type=6E)
Partition 2: (Not Active) - (Size=468 GB) - (Type=FF)
Partition 3: (Not Active) - (Size=80 GB) - (Type=74)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)


LastRegBack: 2013-07-03 14:55

==================== End Of Log ============================

--- --- ---

Könnt ihr mir bitte durch den Dschungel helfen?

VIELEN DANK

schrauber · 15.07.2013, 12:44

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Martin\...\Winlogon: [Shell] explorer.exe,C:\Users\Martin\AppData\Roaming\cache.dat [123392 2011-11-17] () <==== ATTENTION 
2013-07-15 11:28 - 2013-07-15 11:59 - 00000004 _____ C:\Users\Martin\AppData\Roaming\cache.ini
C:\Users\Martin\AppData\Roaming\cache.dat

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

neu booten, freuen

mave1745 · 15.07.2013, 13:02

hallo schrauber!

danke für die schnelle hilfe! hier díe fixlog.txt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2013
Ran by SYSTEM at 2013-07-15 13:59:48 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKU\Martin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Martin\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\Martin\AppData\Roaming\cache.dat => Moved successfully.

==== End of Fixlog ====

Bin gespannt, wie es weiter geht :-)

nach dem Booten geht es soweit wieder! DANKE!!

was empfiehlt sich, um den Plagegeist ganz loszuwerden?

schrauber · 15.07.2013, 13:23

Kontrollscans im normalen Windows

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

mave1745 · 15.07.2013, 14:32

hi schrauber,

so, alles gemacht! hier die unterschiedlichen Logdateien:

ADWCLEANER

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.305 - Datei am 15/07/2013 um 14:55:11 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Martin - NOTEBOOKMARTIN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Application Updater
Gestoppt & Gelöscht : Partner Service

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\facemoods.com
Ordner Gelöscht : C:\Program Files (x86)\pdfforge Toolbar
Ordner Gelöscht : C:\Program Files (x86)\WiseConvert_2.1
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\WiseConvert_2.1
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WiseConvert_2.1
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ECCE0073-A837-45A2-95B9-600420505F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ECCE0073-A837-45A2-95B9-600420505F7E}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3208938
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E50B7E38-622C-4B2D-9C27-8EA71952741A}
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\WiseConvert_2.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E50B7E38-622C-4B2D-9C27-8EA71952741A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ECCE0073-A837-45A2-95B9-600420505F7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{008091DD-07B9-4832-A5A7-AE2B0069F8ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9470DF27-B78C-4D9F-9545-E312F33F476C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECCE0073-A837-45A2-95B9-600420505F7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_2.1 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ECCE0073-A837-45A2-95B9-600420505F7E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ECCE0073-A837-45A2-95B9-600420505F7E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ECCE0073-A837-45A2-95B9-600420505F7E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{ECCE0073-A837-45A2-95B9-600420505F7E}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.24] : icon_url = "hxxp://facemoods.com/favicon.ico",
Gelöscht [l.27] : keyword = "facemoods.com",
Gelöscht [l.30] : search_url = "hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4",
Gelöscht [l.2022] : homepage = "hxxp://start.facemoods.com/?a=ironto",
Gelöscht [l.2225] : urls_to_restore_on_startup = [ "hxxp://start.facemoods.com/?a=ironto" ]

*************************

AdwCleaner[S1].txt - [21202 octets] - [15/07/2013 14:55:11]

########## EOF - C:\AdwCleaner[S1].txt - [21263 octets] ##########

--- --- ---

[/CODE]

JUNKWARE REMOVAL

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by Martin on 15.07.2013 at 15:17:22,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.07.2013 at 15:23:36,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FARBARS FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by Martin (administrator) on 15-07-2013 15:27:08
Running from C:\Users\Martin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxeccoms.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 4.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-25] (Google Inc.)
MountPoints2: {c744ae9c-4e78-11e0-afc6-544249fd956f} - E:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {c744aea7-4e78-11e0-afc6-544249fd956f} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {ef19a7bf-9bd8-11e0-8b1b-c0cb38f5cfb5} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [StarMoneyRunEntry] - "C:\Program Files (x86)\StarMoney Business 4.0 Commerzbank-Edition\app\oflagent.exe" [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [] -  [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk
ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3B91FF26-546E-46D1-B524-D759FA1AEFF8} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {C930032F-8AFC-40CA-8BA9-6F5BD24D82F8} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {E046BB5F-4ED4-448C-8CB1-63DFD405E71B} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {F7E0D734-D5B2-4290-9DF2-061E2ED14137} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 139.7.30.126 139.7.30.125

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (facemoods) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (facemoods) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [506288 2011-02-08] (REINER SCT)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1250160 2010-05-31] (Sony Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2010-11-27] (REINER SCT)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 15:23 - 2013-07-15 15:23 - 00000626 _____ C:\Users\Martin\Desktop\JRT.txt
2013-07-15 15:17 - 2013-07-15 15:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-15 14:55 - 2013-07-15 14:55 - 00021263 _____ C:\Users\Martin\Desktop\AdwCleaner[S1].txt
2013-07-15 14:33 - 2013-07-15 14:33 - 01777839 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2013-07-15 14:32 - 2013-07-15 14:32 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Martin\Desktop\JRT.exe
2013-07-15 14:31 - 2013-07-15 14:31 - 00662345 _____ C:\Users\Martin\Desktop\adwcleaner.exe
2013-07-15 14:02 - 2013-07-15 14:02 - 00000000 ____D C:\FRST
2013-07-12 08:03 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 08:03 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 08:03 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 08:03 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 08:03 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 08:03 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 08:03 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 08:03 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 08:03 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 17:41 - 2013-07-12 08:49 - 01888281 _____ C:\Users\Martin\Desktop\Screenshots_Sampling.pptx
2013-07-11 15:57 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:57 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:57 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 15:57 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:57 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 15:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 15:57 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 12:07 - 2013-07-10 10:00 - 00379904 _____ C:\Users\Martin\Desktop\AAA_Rechnungsuebersicht.xls
2013-07-04 12:23 - 2013-07-04 12:23 - 00000000 ____R C:\Users\Martin\Desktop\AAARechnungsueÂbersicht_2013.xls
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

==================== One Month Modified Files and Folders =======

2013-07-15 15:23 - 2013-07-15 15:23 - 00000626 _____ C:\Users\Martin\Desktop\JRT.txt
2013-07-15 15:22 - 2012-11-17 14:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 15:17 - 2013-07-15 15:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-15 15:06 - 2010-11-25 13:06 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 15:05 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 15:05 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 14:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 14:57 - 2009-07-14 06:51 - 00082804 _____ C:\Windows\setupact.log
2013-07-15 14:56 - 2011-03-10 00:39 - 01515831 _____ C:\Windows\WindowsUpdate.log
2013-07-15 14:55 - 2013-07-15 14:55 - 00021263 _____ C:\Users\Martin\Desktop\AdwCleaner[S1].txt
2013-07-15 14:33 - 2013-07-15 14:33 - 01777839 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2013-07-15 14:33 - 2010-11-25 13:06 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 14:32 - 2013-07-15 14:32 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Martin\Desktop\JRT.exe
2013-07-15 14:31 - 2013-07-15 14:31 - 00662345 _____ C:\Users\Martin\Desktop\adwcleaner.exe
2013-07-15 14:10 - 2010-11-25 21:39 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-15 14:10 - 2010-11-25 21:39 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-15 14:10 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 14:02 - 2013-07-15 14:02 - 00000000 ____D C:\FRST
2013-07-15 12:51 - 2012-07-09 09:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-15 12:28 - 2013-05-21 15:21 - 00000000 ___HD C:\ProgramData\ArcSoft
2013-07-15 12:28 - 2011-03-10 00:42 - 00000000 ___RD C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-15 12:28 - 2011-03-10 00:42 - 00000000 ___RD C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-15 12:28 - 2010-10-12 19:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-15 10:44 - 2011-03-18 13:16 - 00000000 ____D C:\PRIVAT
2013-07-14 16:28 - 2010-11-25 13:06 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-14 16:28 - 2010-11-25 13:06 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 15:51 - 2011-03-10 00:42 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4FAF9545-A1D1-430C-9B64-7C341B55FC87}
2013-07-12 08:49 - 2013-07-11 17:41 - 01888281 _____ C:\Users\Martin\Desktop\Screenshots_Sampling.pptx
2013-07-12 08:28 - 2009-07-14 06:45 - 00580824 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 08:26 - 2010-10-13 00:58 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 08:26 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 08:26 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 08:04 - 2011-03-31 08:08 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 10:00 - 2013-07-09 12:07 - 00379904 _____ C:\Users\Martin\Desktop\AAA_Rechnungsuebersicht.xls
2013-07-09 14:39 - 2011-03-14 21:06 - 00002112 _____ C:\Users\Martin\Desktop\security.key
2013-07-09 10:07 - 2011-03-14 21:06 - 00004131 _____ C:\Users\Martin\Desktop\security2.key
2013-07-09 10:07 - 2011-03-14 21:06 - 00002112 _____ C:\Users\Martin\Desktop\security.bak
2013-07-09 10:03 - 2011-03-14 21:06 - 00004131 _____ C:\Users\Martin\Desktop\security2.bak
2013-07-05 09:41 - 2011-03-18 13:29 - 00000000 ____D C:\FIRMA
2013-07-04 12:23 - 2013-07-04 12:23 - 00000000 ____R C:\Users\Martin\Desktop\AAARechnungsueÂbersicht_2013.xls
2013-07-04 12:18 - 2011-03-18 21:41 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2013-07-04 09:39 - 2011-03-25 11:38 - 00021504 _____ C:\Users\Martin\Desktop\To Do's.xls
2013-07-03 09:37 - 2011-03-26 15:49 - 00016657 _____ C:\Users\Martin\Sti_Trace.log
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-28 10:33 - 2013-03-14 11:15 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-06-28 10:33 - 2011-03-11 13:35 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-28 10:33 - 2011-03-11 13:35 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-26 11:49 - 2012-05-22 13:51 - 00000000 ___RD C:\Users\Martin\Dropbox
2013-06-26 11:49 - 2012-05-22 13:50 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Dropbox
2013-06-26 11:48 - 2012-05-22 13:51 - 00001026 _____ C:\Users\Martin\Desktop\Dropbox.lnk
2013-06-26 11:48 - 2012-05-22 13:50 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 15:55

==================== End Of Log ============================

--- --- ---

FARBARS ADDITION

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by Martin at 2013-07-15 15:27:46
Running from C:\Users\Martin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32)
ABBYY FineReader for ScanSnap (TM) 4.1 (x32 Version: 8.02.380.7259)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0)
Adobe Premiere Elements 8.0 (x32 Version: 8.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Alps Pointing-device for VAIO
Apple Application Support (x32 Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.115)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.21.368)
ATI Catalyst Install Manager (Version: 3.0.750.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
be Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28)
Bonjour (Version: 3.0.0.10)
CardMinder (x32 Version: V4.1L10)
CardMinder V4.1 (x32 Version: 4.1.10.1)
Catalyst Control Center Core Implementation (x32 Version: 2010.0209.16.306)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0209.16.306)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0209.16.306)
Catalyst Control Center Graphics Light (x32 Version: 2010.0209.16.306)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0209.16.306)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0209.16.306)
Catalyst Control Center InstallProxy (x32 Version: 2010.0209.16.306)
Catalyst Control Center Localization All (x32 Version: 2010.0209.16.306)
CCC Help Chinese Standard (x32 Version: 2010.0209.0015.306)
CCC Help Chinese Traditional (x32 Version: 2010.0209.0015.306)
CCC Help Czech (x32 Version: 2010.0209.0015.306)
CCC Help Danish (x32 Version: 2010.0209.0015.306)
CCC Help Dutch (x32 Version: 2010.0209.0015.306)
CCC Help English (x32 Version: 2010.0209.0015.306)
CCC Help Finnish (x32 Version: 2010.0209.0015.306)
CCC Help French (x32 Version: 2010.0209.0015.306)
CCC Help German (x32 Version: 2010.0209.0015.306)
CCC Help Greek (x32 Version: 2010.0209.0015.306)
CCC Help Hungarian (x32 Version: 2010.0209.0015.306)
CCC Help Italian (x32 Version: 2010.0209.0015.306)
CCC Help Japanese (x32 Version: 2010.0209.0015.306)
CCC Help Korean (x32 Version: 2010.0209.0015.306)
CCC Help Norwegian (x32 Version: 2010.0209.0015.306)
CCC Help Polish (x32 Version: 2010.0209.0015.306)
CCC Help Portuguese (x32 Version: 2010.0209.0015.306)
CCC Help Russian (x32 Version: 2010.0209.0015.306)
CCC Help Spanish (x32 Version: 2010.0209.0015.306)
CCC Help Swedish (x32 Version: 2010.0209.0015.306)
CCC Help Thai (x32 Version: 2010.0209.0015.306)
CCC Help Turkish (x32 Version: 2010.0209.0015.306)
ccc-core-static (x32 Version: 2010.0209.16.306)
ccc-utility64 (Version: 2010.0209.16.306)
CDBurnerXP (x32 Version: 4.5.0.3661)
Corel Shell Extension - 64Bit (Version: 14.0)
Corel WinDVD (x32 Version: 10.0.5.297)
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.2)
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Lang DE (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 (x32 Version: 14.2)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (x32 Version: 1.1)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (x32)
CorelDRAW(R) Graphics Suite X4 (x32)
cyberJack Base Components (x32 Version: 6.9.10)
Dropbox (HKCU Version: 2.0.22)
Evernote (x32 Version: 3.5.4.2224)
FileZilla Client 3.3.5.1 (x32 Version: 3.3.5.1)
FoxTab PDF Converter (HKCU)
FoxTab PDF Creator (HKCU)
Google Chrome (x32 Version: 28.0.1500.72)
Google Drive (x32 Version: 1.10.4769.632)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
GOTO_PPL (x32 Version: 1.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
iTunes (Version: 10.6.3.25)
Java Auto Updater (x32 Version: 2.0.2.1)
Java(TM) 6 Update 20 (64-bit) (Version: 6.0.200)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
Junk Mail filter update (x32 Version: 14.0.8117.416)
MailStore Home 8.0.2.8361 (x32 Version: 8.0.2.8361)
Media Gallery (Version: 1.3.0)
Media Gallery (x32 Version: 1.3.0.06230)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.202)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
PDFCreator (x32 Version: 1.2.3)
pdfforge Toolbar v7.2 (x32 Version: 7.2)
PMB (x32 Version: 5.3.00.06040)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00)
QuickTime (x32 Version: 7.69.80.9)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6098)
Remote Play mit PlayStation®3 (x32 Version: 1.0.2.06210)
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210)
Remote-Tastatur mit PlayStation 3 (x32 Version: 1.0.2.06170)
ScanSnap (x32 Version: 5.0.21.1)
ScanSnap Manager (x32 Version: V5.0L21)
ScanSnap Organizer (x32 Version: 4.1.11.3)
ScanSnap Organizer (x32 Version: V4.1L11)
Skype™ 4.2 (x32 Version: 4.2.152)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090)
StarMoney (x32 Version: 2.0)
StarMoney Business 4.0 Commerzbank-Edition (x32 Version: 4.0)
Total Commander 64-bit (Remove or Repair) (Version: 8.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VAIO - Media Gallery (x32 Version: 1.3.0.06230)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.3.00.06040)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180)
VAIO Care (x32 Version: 6.2.2.07150)
VAIO Control Center (x32 Version: 4.3.0.05310)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240)
VAIO DVD Menu Data (x32 Version: 2.2.00.05120)
VAIO Gate Default (x32 Version: 2.2.0.07020)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230)
VAIO Media plus (Version: 2.1.0)
VAIO Media plus (x32 Version: 2.1.0.18210)
VAIO Media plus Opening Movie (x32 Version: 2.1.0.13220)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040)
VAIO Quick Web Access (x32 Version: 1.3.4.2)
VAIO Sample Contents (x32 Version: 1.3.0.06041)
VAIO screensaver (x32 Version: 1.0.0.0)
VAIO Smart Network (x32 Version: 3.3.0.06080)
VAIO Update (x32 Version: 5.2.0.05310)
VAIO-Handbuch (x32 Version: 1.1.0.05280)
VAIO-Support für Übertragungen (x32 Version: 1.2.0.06230)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69)
WIDCOMM Bluetooth Software (Version: 6.3.0.5600)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)

==================== Restore Points  =========================

17-06-2013 15:26:27 Windows Update
21-06-2013 08:43:13 Windows Update
26-06-2013 08:59:31 Windows Update
02-07-2013 08:19:04 Windows Update
09-07-2013 07:26:55 Windows Update
12-07-2013 05:57:29 Windows Update
15-07-2013 10:28:34 Installed Connect Service

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02A99457-1C88-43FF-AC8E-9932108CC1C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25] (Google Inc.)
Task: {100CB707-86B1-45CF-A6C3-7CEAB9E22ACB} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {1521D2C6-C63E-4328-B298-19061A2D677F} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: {1E99CAE0-9DA6-4D66-B9A6-F04D33A00795} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {2F854EF1-3EB5-4AF2-9CBD-5901774B2810} - System32\Tasks\{23A0671B-C666-4C21-82C6-4A1733CB1311} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2011-09-29] (pdfforge  hxxp://www.pdfforge.org/)
Task: {33E18BE4-41AD-4884-BAB2-50C2E41D346F} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {43896CBE-3C15-4E88-877A-57FB0F40CAD6} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe No File
Task: {4577FB38-4DCB-4D9E-B853-4600AF388B3B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {52F584E6-0191-4054-9601-B179F9958353} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe No File
Task: {5436FC34-8908-4ACA-A73D-DAFED056F743} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe No File
Task: {57DC34A2-B14B-4BA2-9FE7-AB5BD3994C48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25] (Google Inc.)
Task: {63680D5E-6474-45F1-BA7D-67DD728307DB} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe [2010-05-26] (Sony Corporation)
Task: {6490CD26-EF22-4FD4-8604-027F61F6F705} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-05-31] (Sony Corporation)
Task: {70BA4999-31AD-4A5A-97F1-FF27183B9E97} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2010-07-15] (Sony Corporation)
Task: {71DF0C41-2815-408C-96B0-2928114D958F} - System32\Tasks\{F3037CF5-6C40-4F10-9E9B-A8CA8649CF83} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2011-09-29] (pdfforge  hxxp://www.pdfforge.org/)
Task: {7FDA4A68-0F29-4C65-AF71-67DBBE129686} - System32\Tasks\User_Feed_Synchronization-{4FAF9545-A1D1-430C-9B64-7C341B55FC87} => C:\Windows\system32\msfeedssync.exe [2013-03-11] (Microsoft Corporation)
Task: {86920D5D-FB1F-4E02-8AB1-258A7204BA07} - System32\Tasks\{53F8B507-88DD-48B1-9584-BBE7EDE53BAE} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2011-09-29] (pdfforge  hxxp://www.pdfforge.org/)
Task: {8DEA0DE7-70DE-48C7-824E-D2D3EAE5600D} - System32\Tasks\User_Feed_Synchronization-{0E626F3C-8A24-4FFB-84FD-07195C3D7244} => C:\Windows\system32\msfeedssync.exe [2013-03-11] (Microsoft Corporation)
Task: {8EC1E84D-2458-45F6-825C-847894C1D5BB} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {B19B6ACC-B5B2-49C0-A06F-8BB6848E7E5C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {B2D6153E-8BCA-4B36-B02C-256CA4A1DD10} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {BC430D45-369A-437F-B87D-2D49BD46004D} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: {E9C3516D-C04A-43CA-8E5C-91800D60CBE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EDE26D82-E6BA-4BDC-82F5-ED9BE2FC0A33} - System32\Tasks\{6AA8F5FA-36CE-4046-9198-C195BC669E38} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2011-09-29] (pdfforge  hxxp://www.pdfforge.org/)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/12/2013 01:59:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1459 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (03/20/2013 07:38:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 161 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/20/2013 06:03:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3690 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (03/13/2013 02:24:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 116 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/13/2013 02:22:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4794 seconds with 2400 seconds of active time.  This session ended with a crash.

Error: (07/04/2012 05:06:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12997 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (06/11/2012 11:22:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10522 seconds with 9780 seconds of active time.  This session ended with a crash.

Error: (06/06/2012 03:23:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 809 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (05/27/2012 07:08:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1087 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (04/20/2012 07:47:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 59 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3950.1 MB
Available physical RAM: 2220.32 MB
Total Pagefile: 7898.38 MB
Available Pagefile: 5860.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:452.18 GB) (Free:332.43 GB) NTFS (Disk=0 Partition=3)
Drive e: () (Removable) (Total:3.73 GB) (Free:3.59 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 997147F0)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

So, hoffentlich nerve ich dich damit ein letztes mal ...

DANKE

schrauber · 15.07.2013, 18:57

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

So jetzt sollten wir durch sein. ein frisches FRST log bitte. Noch Probleme?

mave1745 · 16.07.2013, 11:42

hi schrauber,

hier das erste logfile von ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3caaefaea5101c4a81d75d8d42bdb655
# engine=14412
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-16 10:26:36
# local_time=2013-07-16 12:26:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 419748 150680268 0 0
# compatibility_mode=5893 16776573 100 94 7770 125600246 0 0
# scanned=117691
# found=1
# cleaned=0
# scan_time=3037
sh=E6B4C783AAA3583790329B5B7B1BAF5ABB185646 ft=1 fh=44008cfed96448c6 vn="a variant of Win32/Kryptik.BFUV trojan" ac=I fn="C:\FRST\Quarantine\cache.dat"

und hier das zweite von SECURITYCHECK

Code:

ATTFilter

14  Results of screen317's Security Check version 0.99.69  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 20  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 27.0.1453.116  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 StarMoney Business 4.0 Commerzbank-Edition ouservice StarMoneyOnlineUpdate.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und das frische FRST.log folgt sogleich

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by Martin (administrator) on 16-07-2013 12:38:54
Running from C:\Users\Martin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxeccoms.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 4.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-25] (Google Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex [514952 2013-06-12] (Adobe Systems Incorporated)
MountPoints2: {c744ae9c-4e78-11e0-afc6-544249fd956f} - E:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {c744aea7-4e78-11e0-afc6-544249fd956f} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {ef19a7bf-9bd8-11e0-8b1b-c0cb38f5cfb5} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [StarMoneyRunEntry] - "C:\Program Files (x86)\StarMoney Business 4.0 Commerzbank-Edition\app\oflagent.exe" [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [] -  [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk
ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3B91FF26-546E-46D1-B524-D759FA1AEFF8} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {C930032F-8AFC-40CA-8BA9-6F5BD24D82F8} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {E046BB5F-4ED4-448C-8CB1-63DFD405E71B} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {F7E0D734-D5B2-4290-9DF2-061E2ED14137} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (facemoods) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (facemoods) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [506288 2011-02-08] (REINER SCT)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1250160 2010-05-31] (Sony Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2010-11-27] (REINER SCT)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 11:33 - 2013-07-16 11:33 - 02347384 _____ (ESET) C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe
2013-07-16 11:33 - 2013-07-16 11:33 - 00891022 _____ C:\Users\Martin\Desktop\SecurityCheck.exe
2013-07-15 21:44 - 2013-07-15 21:44 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 20:08 - 2013-07-15 20:08 - 00034064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lhacm.acm
2013-07-15 20:08 - 2013-07-15 20:08 - 00000978 _____ C:\Users\Martin\Desktop\Teamspeak 2 RC2.lnk
2013-07-15 20:08 - 2013-07-15 20:08 - 00000000 ____D C:\Users\Martin\AppData\Roaming\teamspeak2
2013-07-15 20:08 - 2013-07-15 20:08 - 00000000 ____D C:\Program Files (x86)\Teamspeak2_RC2
2013-07-15 15:36 - 2013-07-15 15:36 - 01527912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-15 15:17 - 2013-07-15 15:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-15 14:55 - 2013-07-15 14:55 - 00021263 _____ C:\Users\Martin\Desktop\AdwCleaner[S1].txt
2013-07-15 14:33 - 2013-07-15 14:33 - 01777839 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2013-07-15 14:32 - 2013-07-15 14:32 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Martin\Desktop\JRT.exe
2013-07-15 14:31 - 2013-07-15 14:31 - 00662345 _____ C:\Users\Martin\Desktop\adwcleaner.exe
2013-07-15 14:02 - 2013-07-15 14:02 - 00000000 ____D C:\FRST
2013-07-12 08:03 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 08:03 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 08:03 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 08:03 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 08:03 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 08:03 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 08:03 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 08:03 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 08:03 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 08:03 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 08:03 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 08:03 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 15:57 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:57 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:57 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 15:57 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:57 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 15:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 15:57 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 12:07 - 2013-07-10 10:00 - 00379904 _____ C:\Users\Martin\Desktop\AAA_Rechnungsuebersicht.xls
2013-07-04 12:23 - 2013-07-04 12:23 - 00000000 ____R C:\Users\Martin\Desktop\AAARechnungsueÂbersicht_2013.xls
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

==================== One Month Modified Files and Folders =======

2013-07-16 12:33 - 2010-11-25 13:06 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-16 12:22 - 2012-11-17 14:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 11:49 - 2011-03-10 00:39 - 01604579 _____ C:\Windows\WindowsUpdate.log
2013-07-16 11:33 - 2013-07-16 11:33 - 02347384 _____ (ESET) C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe
2013-07-16 11:33 - 2013-07-16 11:33 - 00891022 _____ C:\Users\Martin\Desktop\SecurityCheck.exe
2013-07-16 10:18 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 10:18 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 10:10 - 2012-07-09 09:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-16 10:09 - 2010-11-25 13:06 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-16 10:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 10:09 - 2009-07-14 06:51 - 00083308 _____ C:\Windows\setupact.log
2013-07-15 21:47 - 2013-07-15 21:44 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 21:42 - 2010-11-25 21:39 - 00657948 _____ C:\Windows\system32\perfh007.dat
2013-07-15 21:42 - 2010-11-25 21:39 - 00131288 _____ C:\Windows\system32\perfc007.dat
2013-07-15 21:42 - 2009-07-14 07:13 - 01529558 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 21:16 - 2011-03-25 11:38 - 00021504 _____ C:\Users\Martin\Desktop\To Do's.xls
2013-07-15 20:08 - 2013-07-15 20:08 - 00034064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lhacm.acm
2013-07-15 20:08 - 2013-07-15 20:08 - 00000978 _____ C:\Users\Martin\Desktop\Teamspeak 2 RC2.lnk
2013-07-15 20:08 - 2013-07-15 20:08 - 00000000 ____D C:\Users\Martin\AppData\Roaming\teamspeak2
2013-07-15 20:08 - 2013-07-15 20:08 - 00000000 ____D C:\Program Files (x86)\Teamspeak2_RC2
2013-07-15 16:41 - 2011-03-10 00:42 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4FAF9545-A1D1-430C-9B64-7C341B55FC87}
2013-07-15 15:36 - 2013-07-15 15:36 - 01527912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-15 15:17 - 2013-07-15 15:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-15 14:55 - 2013-07-15 14:55 - 00021263 _____ C:\Users\Martin\Desktop\AdwCleaner[S1].txt
2013-07-15 14:33 - 2013-07-15 14:33 - 01777839 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2013-07-15 14:32 - 2013-07-15 14:32 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Martin\Desktop\JRT.exe
2013-07-15 14:31 - 2013-07-15 14:31 - 00662345 _____ C:\Users\Martin\Desktop\adwcleaner.exe
2013-07-15 14:02 - 2013-07-15 14:02 - 00000000 ____D C:\FRST
2013-07-15 12:28 - 2013-05-21 15:21 - 00000000 ___HD C:\ProgramData\ArcSoft
2013-07-15 12:28 - 2011-03-10 00:42 - 00000000 ___RD C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-15 12:28 - 2011-03-10 00:42 - 00000000 ___RD C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-15 12:28 - 2010-10-12 19:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-15 10:44 - 2011-03-18 13:16 - 00000000 ____D C:\PRIVAT
2013-07-14 16:28 - 2010-11-25 13:06 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-14 16:28 - 2010-11-25 13:06 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 08:28 - 2009-07-14 06:45 - 00580824 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 08:26 - 2010-10-13 00:58 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 08:26 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 08:26 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 10:00 - 2013-07-09 12:07 - 00379904 _____ C:\Users\Martin\Desktop\AAA_Rechnungsuebersicht.xls
2013-07-09 14:39 - 2011-03-14 21:06 - 00002112 _____ C:\Users\Martin\Desktop\security.key
2013-07-09 10:07 - 2011-03-14 21:06 - 00004131 _____ C:\Users\Martin\Desktop\security2.key
2013-07-09 10:07 - 2011-03-14 21:06 - 00002112 _____ C:\Users\Martin\Desktop\security.bak
2013-07-09 10:03 - 2011-03-14 21:06 - 00004131 _____ C:\Users\Martin\Desktop\security2.bak
2013-07-05 09:41 - 2011-03-18 13:29 - 00000000 ____D C:\FIRMA
2013-07-04 12:23 - 2013-07-04 12:23 - 00000000 ____R C:\Users\Martin\Desktop\AAARechnungsueÂbersicht_2013.xls
2013-07-04 12:18 - 2011-03-18 21:41 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2013-07-03 09:37 - 2011-03-26 15:49 - 00016657 _____ C:\Users\Martin\Sti_Trace.log
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-28 10:33 - 2013-06-28 10:33 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-28 10:33 - 2013-03-14 11:15 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-06-28 10:33 - 2011-03-11 13:35 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-28 10:33 - 2011-03-11 13:35 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-26 11:49 - 2012-05-22 13:51 - 00000000 ___RD C:\Users\Martin\Dropbox
2013-06-26 11:49 - 2012-05-22 13:50 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Dropbox
2013-06-26 11:48 - 2012-05-22 13:51 - 00001026 _____ C:\Users\Martin\Desktop\Dropbox.lnk
2013-06-26 11:48 - 2012-05-22 13:50 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-24 21:25 - 2013-06-24 21:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-06-24 00:57 - 2011-03-31 08:08 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 15:55

==================== End Of Log ============================

--- --- ---

so, lieber SCHRAUBER. jetzt hoffe ich, dass das System wieder sauber ist ...

LG

mave1745

schrauber · 16.07.2013, 12:12

Java, Flash und Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

mave1745 · 17.07.2013, 09:06

hey schrauber,

habe alle deine anweisungen befolgt und werde ab jetzt auf systemsicherheit achten.

du warst mir eine extreme hilfe! besten dank dafür! und auch für die geschwindigkeit deiner antworten.

super, dass es euch im netz gibt. DANKE

wünsche dir einen schönen tag

mave1745

schrauber · 17.07.2013, 09:50

Gern Geschehen

17.07.2013, 09:50	#10
schrauber /// the machine /// TB-Ausbilder	GVU-Trojaner auf Win7 - frst.txt erstellt Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

GVU-Trojaner auf Win7 - frst.txt erstellt

Log-Analyse und Auswertung: GVU-Trojaner auf Win7 - frst.txt erstellt