Hallo Leute,

als Neuling in diesem Forum möchte ich Euch grüßen!

Seit einigen Tagen habe ich das Problem, dass wenn ich ganz normal im Internet unterwegs bin, sich plötzlich im Hintergrund ein neues Fenster aufmacht mit: ism.sitescout.com !

Habe bereits alles versucht außer dem Bereinigungsprogramm: "Spyhunter", da mir dieses von anderen Seiten, davon abgeraten wurde. So bin ich auf Eure Seite gestoßen und erhoffe mir von Euch Hilfe, da ich selbst zu den eher bezeichneten Anfängern gehöre. Daher wäre es super, wenn mir derjenige der mir zurückantwortet, nicht mit fachmännischen Vorgehensweisen oder Ausdrücken kommt!

Vielen Dank Euch schon mal im Voraus!!

MfG
Ecksperts

(aber vorsicht, ist`cool man!! )

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST.txt
FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by Ecksperts (administrator) on 21-07-2013 19:07:44
Running from C:\Users\Ecksperts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KUP07ZC
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Ecksperts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KUP07ZC\FRST64[1].exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2013-06-26] (IncrediMail, Ltd.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-12-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-19] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-19] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-19] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default
FF Homepage: hxxp://www.google.de/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ghostery - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\firefox@ghostery.com
FF Extension: Yahoo! Toolbar - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: clearConsole - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\clearConsole@penzil.com.xpi
FF Extension: ftdownloader3 - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\ftdownloader3@ftdownloader.com.xpi
FF Extension: jid0-hjoQNmABq6jg91jHpQyvgJUouUP - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack.xpi
FF Extension: nbthemes - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\nbthemes@narutoboards.xpi
FF Extension: torntv2 - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\torntv2@torntv.com.xpi
FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [videoraptor-firefox-surf-and-catch-extension@audials.com] C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\
FF Extension: Videoraptor Firefox Surf and Catch Plugin - C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-19] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-13] (Kaspersky Lab ZAO)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-05-24] ()
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-11-28] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-19] (Avira Operations GmbH & Co. KG)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2009-01-23] (Brother Industries Ltd.)
R3 FET5A64; C:\Windows\System32\DRIVERS\fet5a64.sys [49024 2006-09-18] (VIA Technologies, Inc.              )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1418112 2007-04-03] (Philips Semiconductors GmbH)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
R3 cpuz134; \??\C:\Users\ECKSPE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 gfiark; system32\drivers\gfiark.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-21 16:37 - 2013-07-21 16:40 - 00000162 _____ C:\Windows\Reimage.ini
2013-07-21 00:36 - 2013-07-21 00:36 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Panasonic
2013-07-21 00:33 - 2013-07-21 00:36 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Lumix Bildbearbeitg
2013-07-21 00:32 - 2013-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\ISL
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\Users\ECKSPE~1\AppData\Local\{B96D1B84-189C-4535-8C31-7517D6A8D074}
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-21 00:27 - 2005-06-01 04:10 - 00495616 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2013-07-21 00:27 - 2005-06-01 03:10 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2013-07-21 00:27 - 2005-06-01 00:30 - 00000097 _____ C:\Windows\SysWOW64\PICSDK.ini
2013-07-21 00:27 - 2005-06-01 00:20 - 00111932 _____ C:\Windows\SysWOW64\EPPICPrinterDB.dat
2013-07-21 00:27 - 2005-06-01 00:10 - 00073728 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2013-07-21 00:27 - 2004-03-03 06:10 - 00114688 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2013-07-21 00:27 - 2004-03-03 06:10 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2013-07-21 00:27 - 2004-03-03 06:10 - 00031053 _____ C:\Windows\SysWOW64\EPPICPattern131.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00027417 _____ C:\Windows\SysWOW64\EPPICPattern121.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00026154 _____ C:\Windows\SysWOW64\EPPICPattern1.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00024903 _____ C:\Windows\SysWOW64\EPPICPattern3.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00021390 _____ C:\Windows\SysWOW64\EPPICPattern5.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00020148 _____ C:\Windows\SysWOW64\EPPICPattern2.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00013732 _____ C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00011811 _____ C:\Windows\SysWOW64\EPPICPattern4.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00006442 _____ C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006335 _____ C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006122 _____ C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006103 _____ C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00005817 _____ C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00005436 _____ C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00004943 _____ C:\Windows\SysWOW64\EPPICPattern6.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00002889 _____ C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00002426 _____ C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00001146 _____ C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001136 _____ C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001120 _____ C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001107 _____ C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001104 _____ C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2013-07-21 00:26 - 2013-07-21 00:28 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-07-21 00:26 - 2005-03-07 19:44 - 00045056 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Windows\SysWOW64\PhDi2.sys
2013-07-20 19:45 - 2013-07-20 19:45 - 00000000 ____D C:\Users\Ecksperts\Desktop\Sergej_Hamm
2013-07-20 19:38 - 2013-07-20 19:42 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 01:16 - 2013-07-19 01:16 - 00004437 _____ C:\AdwCleaner[S17].txt
2013-07-19 01:14 - 2013-07-19 01:15 - 00004224 _____ C:\AdwCleaner[R17].txt
2013-07-19 01:11 - 2013-07-19 01:11 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Avira
2013-07-19 01:07 - 2013-07-19 01:35 - 00001901 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-19 01:06 - 2013-07-19 01:01 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-19 01:06 - 2013-07-19 01:01 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-19 01:06 - 2013-07-19 01:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-18 08:52 - 2013-07-21 16:24 - 00154151 _____ C:\Windows\WindowsUpdate.log
2013-07-18 08:48 - 2013-07-19 01:18 - 00081850 _____ C:\Windows\PFRO.log
2013-07-18 01:23 - 2013-07-19 01:35 - 00000000 ____D C:\ProgramData\Avira
2013-07-17 22:12 - 2013-07-17 22:12 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-17 22:11 - 2013-07-18 08:48 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\FRST
2013-07-16 21:05 - 2013-07-16 21:05 - 00003825 _____ C:\AdwCleaner[S16].txt
2013-07-16 21:04 - 2013-07-16 21:05 - 00003618 _____ C:\AdwCleaner[R16].txt
2013-07-16 20:59 - 2013-07-16 21:00 - 00005378 _____ C:\AdwCleaner[S15].txt
2013-07-16 20:59 - 2013-07-16 20:59 - 00005159 _____ C:\AdwCleaner[R15].txt
2013-07-16 20:58 - 2013-07-16 20:58 - 00662345 _____ C:\Users\Ecksperts\Desktop\AdwCleaner.exe
2013-07-13 19:03 - 2013-07-13 19:05 - 37257216 _____ C:\Windows\system32\config\COMPONENTS.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00180224 _____ C:\Windows\system32\config\DEFAULT.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00057344 _____ C:\Windows\system32\config\SAM.rhk
2013-07-13 19:00 - 2013-07-13 19:03 - 65347584 _____ C:\Windows\system32\config\SOFTWARE.rhk
2013-07-13 19:00 - 2013-07-13 19:00 - 00024576 _____ C:\Windows\system32\config\SECURITY.rhk
2013-07-13 08:50 - 2013-07-13 08:50 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 12:46 - 2013-07-12 13:11 - 00000000 ____D C:\Users\Ecksperts\Desktop\Neuer Ordner (4)
2013-07-07 06:31 - 2013-07-07 06:33 - 00000000 __SHD C:\WISE_DISKSCRUBTEMP_NTFS
2013-07-05 20:18 - 2013-07-05 20:18 - 00004033 _____ C:\AdwCleaner[S14].txt
2013-07-05 20:17 - 2013-07-05 20:18 - 00003832 _____ C:\AdwCleaner[R14].txt
2013-07-01 21:59 - 2013-07-01 22:00 - 00003844 _____ C:\AdwCleaner[S13].txt
2013-07-01 21:59 - 2013-07-01 21:59 - 00003643 _____ C:\AdwCleaner[R13].txt
2013-06-30 18:35 - 2013-06-30 18:35 - 00003513 _____ C:\AdwCleaner[S12].txt
2013-06-30 18:34 - 2013-06-30 18:35 - 00003301 _____ C:\AdwCleaner[R12].txt
2013-06-30 12:06 - 2013-06-30 12:21 - 00000000 ____D C:\ProgramData\eSafe
2013-06-30 12:06 - 2013-06-30 12:12 - 00010792 _____ C:\AdwCleaner[S11].txt
2013-06-30 12:05 - 2013-06-30 12:06 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-06-30 12:04 - 2013-06-30 12:05 - 00010846 _____ C:\AdwCleaner[R11].txt
2013-06-30 12:04 - 2013-06-30 12:04 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-26 17:18 - 2013-06-26 17:18 - 00000000 ____D C:\Program Files (x86)\IncrediMail
2013-06-26 10:47 - 2013-06-26 11:10 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-26 10:47 - 2013-06-26 11:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-26 08:48 - 2013-07-11 21:00 - 00000394 _____ C:\Windows\Tasks\RegTask.job
2013-06-26 08:48 - 2013-06-26 10:28 - 00000000 ____D C:\Program Files (x86)\RegTask
2013-06-26 08:48 - 2013-06-26 10:27 - 00000000 ____D C:\ProgramData\RegTask
2013-06-26 08:48 - 2013-06-26 10:11 - 00003602 _____ C:\Windows\System32\Tasks\RegTask
2013-06-25 20:06 - 2013-07-16 20:40 - 00000000 ____D C:\Program Files (x86)\mozilla firefox

==================== One Month Modified Files and Folders =======

2013-07-21 19:03 - 2012-02-02 13:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-21 18:14 - 2006-11-02 17:22 - 00003264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 18:14 - 2006-11-02 17:22 - 00003264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 16:40 - 2013-07-21 16:37 - 00000162 _____ C:\Windows\Reimage.ini
2013-07-21 16:24 - 2013-07-18 08:52 - 00154151 _____ C:\Windows\WindowsUpdate.log
2013-07-21 16:19 - 2012-02-02 11:49 - 00109816 _____ C:\Users\ECKSPE~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 16:18 - 2013-05-26 11:59 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Wise Care 365
2013-07-21 16:14 - 2006-11-02 17:21 - 00400320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 00:36 - 2013-07-21 00:36 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Panasonic
2013-07-21 00:36 - 2013-07-21 00:33 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Lumix Bildbearbeitg
2013-07-21 00:36 - 2012-02-04 17:11 - 00000888 _____ C:\Windows\BRWMARK.INI
2013-07-21 00:32 - 2013-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\ISL
2013-07-21 00:32 - 2012-02-03 00:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\Users\ECKSPE~1\AppData\Local\{B96D1B84-189C-4535-8C31-7517D6A8D074}
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-21 00:28 - 2013-07-21 00:26 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-07-20 19:45 - 2013-07-20 19:45 - 00000000 ____D C:\Users\Ecksperts\Desktop\Sergej_Hamm
2013-07-20 19:42 - 2013-07-20 19:38 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 01:35 - 2013-07-19 01:07 - 00001901 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-19 01:35 - 2013-07-18 01:23 - 00000000 ____D C:\ProgramData\Avira
2013-07-19 01:18 - 2013-07-18 08:48 - 00081850 _____ C:\Windows\PFRO.log
2013-07-19 01:16 - 2013-07-19 01:16 - 00004437 _____ C:\AdwCleaner[S17].txt
2013-07-19 01:16 - 2013-02-24 13:01 - 00019433 _____ C:\Windows\DeleteOnReboot.bat
2013-07-19 01:15 - 2013-07-19 01:14 - 00004224 _____ C:\AdwCleaner[R17].txt
2013-07-19 01:11 - 2013-07-19 01:11 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Avira
2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-19 01:01 - 2013-07-19 01:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-19 01:01 - 2013-07-19 01:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-19 01:01 - 2013-07-19 01:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-18 08:48 - 2013-07-17 22:11 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-07-18 01:58 - 2006-11-02 17:42 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 01:57 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 22:12 - 2013-07-17 22:12 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\FRST
2013-07-17 19:18 - 2013-05-26 15:58 - 00000420 _____ C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2013-07-17 13:30 - 2012-11-28 02:28 - 00002641 _____ C:\Users\Ecksperts\Desktop\Microsoft Word 2010.lnk
2013-07-16 21:05 - 2013-07-16 21:05 - 00003825 _____ C:\AdwCleaner[S16].txt
2013-07-16 21:05 - 2013-07-16 21:04 - 00003618 _____ C:\AdwCleaner[R16].txt
2013-07-16 21:00 - 2013-07-16 20:59 - 00005378 _____ C:\AdwCleaner[S15].txt
2013-07-16 20:59 - 2013-07-16 20:59 - 00005159 _____ C:\AdwCleaner[R15].txt
2013-07-16 20:58 - 2013-07-16 20:58 - 00662345 _____ C:\Users\Ecksperts\Desktop\AdwCleaner.exe
2013-07-16 20:57 - 2013-04-22 13:19 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Cleaner
2013-07-16 20:54 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files\CCleaner
2013-07-16 20:40 - 2013-06-25 20:06 - 00000000 ____D C:\Program Files (x86)\mozilla firefox
2013-07-15 12:14 - 2013-03-22 22:17 - 00000474 _____ C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2013-07-14 12:00 - 2013-05-26 12:06 - 00000410 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2013-07-13 19:05 - 2013-07-13 19:03 - 37257216 _____ C:\Windows\system32\config\COMPONENTS.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00180224 _____ C:\Windows\system32\config\DEFAULT.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00057344 _____ C:\Windows\system32\config\SAM.rhk
2013-07-13 19:03 - 2013-07-13 19:00 - 65347584 _____ C:\Windows\system32\config\SOFTWARE.rhk
2013-07-13 19:00 - 2013-07-13 19:00 - 00024576 _____ C:\Windows\system32\config\SECURITY.rhk
2013-07-13 18:00 - 2012-02-02 12:28 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 14:45 - 2012-02-02 17:28 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Uwe & Ildiko
2013-07-13 08:50 - 2013-07-13 08:50 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 08:50 - 2012-02-02 12:28 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 13:11 - 2013-07-12 12:46 - 00000000 ____D C:\Users\Ecksperts\Desktop\Neuer Ordner (4)
2013-07-12 12:57 - 2013-05-01 14:57 - 00000000 ____D C:\Users\Ecksperts\Desktop\Anzeigen
2013-07-12 12:54 - 2013-04-30 18:10 - 00000000 ____D C:\Users\Ecksperts\Desktop\Beckmannplatz
2013-07-12 09:18 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 01:00 - 2012-11-27 23:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 21:00 - 2013-06-26 08:48 - 00000394 _____ C:\Windows\Tasks\RegTask.job
2013-07-07 06:33 - 2013-07-07 06:31 - 00000000 __SHD C:\WISE_DISKSCRUBTEMP_NTFS
2013-07-06 18:11 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\Help
2013-07-05 20:18 - 2013-07-05 20:18 - 00004033 _____ C:\AdwCleaner[S14].txt
2013-07-05 20:18 - 2013-07-05 20:17 - 00003832 _____ C:\AdwCleaner[R14].txt
2013-07-01 22:00 - 2013-07-01 21:59 - 00003844 _____ C:\AdwCleaner[S13].txt
2013-07-01 21:59 - 2013-07-01 21:59 - 00003643 _____ C:\AdwCleaner[R13].txt
2013-06-30 18:35 - 2013-06-30 18:35 - 00003513 _____ C:\AdwCleaner[S12].txt
2013-06-30 18:35 - 2013-06-30 18:34 - 00003301 _____ C:\AdwCleaner[R12].txt
2013-06-30 18:30 - 2012-02-04 12:20 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\BOM
2013-06-30 12:21 - 2013-06-30 12:06 - 00000000 ____D C:\ProgramData\eSafe
2013-06-30 12:12 - 2013-06-30 12:06 - 00010792 _____ C:\AdwCleaner[S11].txt
2013-06-30 12:12 - 2012-02-02 11:49 - 00000913 _____ C:\Users\Ecksperts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-06-30 12:12 - 2012-02-02 11:49 - 00000913 _____ C:\Users\Ecksperts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-06-30 12:06 - 2013-06-30 12:05 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-06-30 12:05 - 2013-06-30 12:04 - 00010846 _____ C:\AdwCleaner[R11].txt
2013-06-30 12:05 - 2011-06-11 02:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-06-30 12:05 - 2011-06-11 02:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-06-30 12:04 - 2013-06-30 12:04 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-26 17:18 - 2013-06-26 17:18 - 00000000 ____D C:\Program Files (x86)\IncrediMail
2013-06-26 11:10 - 2013-06-26 10:47 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-26 11:10 - 2013-06-26 10:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-26 10:28 - 2013-06-26 08:48 - 00000000 ____D C:\Program Files (x86)\RegTask
2013-06-26 10:27 - 2013-06-26 08:48 - 00000000 ____D C:\ProgramData\RegTask
2013-06-26 10:11 - 2013-06-26 08:48 - 00003602 _____ C:\Windows\System32\Tasks\RegTask
2013-06-24 00:57 - 2006-11-02 14:35 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-21 16:25

==================== End Of Log ============================
         

--- --- ---

--- --- ---


Hallo Schrauber,

da haben wir schon das erste Problem: " Welche Webseite meinst Du und was ist Addition.txt??

Fragen über Fragen!!

MfG
Ecksperts

Einfach die Logs in Codetags posten

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

[AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.300 - Datei am 21/07/2013 um 22:44:05 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Benutzer : Ecksperts - ECKSPERTS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ecksperts\Desktop\Desktop\adwcleaner_2.3.0.0(2).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\foxydeal.sqlite
Gelöscht mit Neustart : C:\Program Files (x86)\AddLyrics
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\Program Files (x86)\Desk 365
Gelöscht mit Neustart : C:\Program Files (x86)\Gophoto.it
Gelöscht mit Neustart : C:\Program Files (x86)\Optimizer Pro
Gelöscht mit Neustart : C:\Program Files (x86)\SweetIM
Gelöscht mit Neustart : C:\Program Files (x86)\sweetpacks bundle uninstaller
Gelöscht mit Neustart : C:\Program Files (x86)\TornTV.com
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Gelöscht mit Neustart : C:\ProgramData\eSafe
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365
Gelöscht mit Neustart : C:\ProgramData\SweetIM
Gelöscht mit Neustart : C:\ProgramData\Tarma Installer
Gelöscht mit Neustart : C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\jetpack
Gelöscht mit Neustart : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Gelöscht mit Neustart : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Gelöscht mit Neustart : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18639

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Ecksperts\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R10].txt - [2674 octets] - [24/05/2013 00:23:08]
AdwCleaner[R11].txt - [10846 octets] - [30/06/2013 12:04:16]
AdwCleaner[R12].txt - [3301 octets] - [30/06/2013 18:34:36]
AdwCleaner[R13].txt - [3643 octets] - [01/07/2013 21:59:13]
AdwCleaner[R14].txt - [3832 octets] - [05/07/2013 20:17:44]
AdwCleaner[R15].txt - [5159 octets] - [16/07/2013 20:59:16]
AdwCleaner[R16].txt - [3618 octets] - [16/07/2013 21:04:43]
AdwCleaner[R17].txt - [4224 octets] - [19/07/2013 01:14:33]
AdwCleaner[R18].txt - [4007 octets] - [21/07/2013 22:43:16]
AdwCleaner[R6].txt - [11175 octets] - [14/05/2013 13:41:53]
AdwCleaner[R7].txt - [2218 octets] - [14/05/2013 13:54:13]
AdwCleaner[R8].txt - [2617 octets] - [14/05/2013 20:18:56]
AdwCleaner[R9].txt - [3054 octets] - [24/05/2013 00:10:46]
AdwCleaner[S10].txt - [2845 octets] - [24/05/2013 00:23:41]
AdwCleaner[S11].txt - [10792 octets] - [30/06/2013 12:06:28]
AdwCleaner[S12].txt - [3513 octets] - [30/06/2013 18:35:09]
AdwCleaner[S13].txt - [3844 octets] - [01/07/2013 21:59:49]
AdwCleaner[S14].txt - [4033 octets] - [05/07/2013 20:18:25]
AdwCleaner[S15].txt - [5378 octets] - [16/07/2013 20:59:50]
AdwCleaner[S16].txt - [3825 octets] - [16/07/2013 21:05:11]
AdwCleaner[S17].txt - [4437 octets] - [19/07/2013 01:16:16]
AdwCleaner[S18].txt - [3812 octets] - [21/07/2013 22:44:05]
AdwCleaner[S6].txt - [10987 octets] - [14/05/2013 13:43:24]
AdwCleaner[S7].txt - [2376 octets] - [14/05/2013 13:54:53]
AdwCleaner[S8].txt - [2781 octets] - [14/05/2013 20:19:43]
AdwCleaner[S9].txt - [3242 octets] - [24/05/2013 00:12:24]

########## EOF - C:\AdwCleaner[S18].txt - [4114 octets] ##########
         

--- --- ---
][/CODE]

Hallo Schrauber,

kannst Du mir eigentlich einen Tipp geben, wie ich mich zukünftig vor solch einer Bedrohung schützen kann?

Jetzt schon mal danke für Deine Mühen!!

MfG
Ecksperts

Hallo schrauber,

anbei nochmals nach Aktualisierung der Software "awl Cleaner" das neueste Ergebnis nach erfolgtem Löschvorgang mittels "awl Cleaner":

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.306 - Datei am 22/07/2013 um 01:10:11 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Benutzer : Ecksperts - ECKSPERTS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ecksperts\Desktop\Desktop\adwcleaner06.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\foxydeal.sqlite
Gelöscht mit Neustart : C:\Program Files (x86)\AddLyrics
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\Wondershare
Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\Program Files (x86)\Desk 365
Gelöscht mit Neustart : C:\Program Files (x86)\Gophoto.it
Gelöscht mit Neustart : C:\Program Files (x86)\optimizer pro
Gelöscht mit Neustart : C:\Program Files (x86)\RegClean Pro
Gelöscht mit Neustart : C:\Program Files (x86)\SweetIM
Gelöscht mit Neustart : C:\Program Files (x86)\sweetpacks bundle uninstaller
Gelöscht mit Neustart : C:\Program Files (x86)\TornTV.com
Gelöscht mit Neustart : C:\Program Files (x86)\WebCake
Gelöscht mit Neustart : C:\Program Files (x86)\Wondershare
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Gelöscht mit Neustart : C:\ProgramData\eSafe
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365
Gelöscht mit Neustart : C:\ProgramData\SweetIM
Gelöscht mit Neustart : C:\ProgramData\Tarma Installer
Gelöscht mit Neustart : C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\jetpack
Gelöscht mit Neustart : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Gelöscht mit Neustart : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Gelöscht mit Neustart : C:\Windows\SysWOW64\ARFC
Gelöscht mit Neustart : C:\Windows\SysWOW64\jmdp
Gelöscht mit Neustart : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18639

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Ecksperts\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R10].txt - [2674 octets] - [24/05/2013 00:23:08]
AdwCleaner[R11].txt - [10846 octets] - [30/06/2013 12:04:16]
AdwCleaner[R12].txt - [3301 octets] - [30/06/2013 18:34:36]
AdwCleaner[R13].txt - [3643 octets] - [01/07/2013 21:59:13]
AdwCleaner[R14].txt - [3832 octets] - [05/07/2013 20:17:44]
AdwCleaner[R15].txt - [5159 octets] - [16/07/2013 20:59:16]
AdwCleaner[R16].txt - [3618 octets] - [16/07/2013 21:04:43]
AdwCleaner[R17].txt - [4224 octets] - [19/07/2013 01:14:33]
AdwCleaner[R18].txt - [4007 octets] - [21/07/2013 22:43:16]
AdwCleaner[R19].txt - [4288 octets] - [22/07/2013 01:08:56]
AdwCleaner[R6].txt - [11175 octets] - [14/05/2013 13:41:53]
AdwCleaner[R7].txt - [2218 octets] - [14/05/2013 13:54:13]
AdwCleaner[R8].txt - [2617 octets] - [14/05/2013 20:18:56]
AdwCleaner[R9].txt - [3054 octets] - [24/05/2013 00:10:46]
AdwCleaner[S10].txt - [2845 octets] - [24/05/2013 00:23:41]
AdwCleaner[S11].txt - [10792 octets] - [30/06/2013 12:06:28]
AdwCleaner[S12].txt - [3513 octets] - [30/06/2013 18:35:09]
AdwCleaner[S13].txt - [3844 octets] - [01/07/2013 21:59:49]
AdwCleaner[S14].txt - [4033 octets] - [05/07/2013 20:18:25]
AdwCleaner[S15].txt - [5378 octets] - [16/07/2013 20:59:50]
AdwCleaner[S16].txt - [3825 octets] - [16/07/2013 21:05:11]
AdwCleaner[S17].txt - [4437 octets] - [19/07/2013 01:16:16]
AdwCleaner[S18].txt - [4184 octets] - [21/07/2013 22:44:05]
AdwCleaner[S19].txt - [4129 octets] - [22/07/2013 01:10:11]
AdwCleaner[S6].txt - [10987 octets] - [14/05/2013 13:43:24]
AdwCleaner[S7].txt - [2376 octets] - [14/05/2013 13:54:53]
AdwCleaner[S8].txt - [2781 octets] - [14/05/2013 20:19:43]
AdwCleaner[S9].txt - [3242 octets] - [24/05/2013 00:12:24]

########## EOF - C:\AdwCleaner[S19].txt - [4431 octets] ##########
         

Hoffe es kann Dir helfen!!

MfG
Ecksperts

JRT und FRST fehlt noch

Hallo Schrauber,

wenn die FRST das Ergebnis des Laufs über das Softwareprogramm: Farbar's Recovery Scan Tool ist, dann habe ich Dir diese doch bereits gestern 19:16 Uhr zukommen lassen, als FRST.txt
FRST Logfile:

Meinst Du diese? Und was bedeutet "JRT" und wie erhalte ich diese?!

MfG
Ecksperts

und ich hab gestern 22 Uhr neue Instruktionen gepostet:

AdwCleaner
Junkware removal Tool (JRT)
Frisches FRST logfile

Hallo Schrauber,

hier erst einmal das Ergebnis aus dem Lauf von "Junkware removal Tool (JRT)"

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.0 (07.21.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Ecksperts on 22.07.2013 at 15:48:57,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a0b10ebe-4e51-4cae-949b-e6b9e7d68cea}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Ecksperts\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\desk 365"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed maximizer"
Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed up"
Successfully deleted: [Folder] "C:\Program Files (x86)\regclean pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetpacks bundle uninstaller"
Successfully deleted: [Folder] "C:\Program Files (x86)\webcake"
Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\wondershare"
Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"
Successfully deleted: [Folder] "C:\Windows\syswow64\jmdp"



~~~ FireFox

Successfully deleted: [File] "C:\Users\Ecksperts\AppData\Roaming\mozilla\firefox\profiles\aj0e891s.default\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack.xpi" 
Successfully deleted: [File] "C:\Users\Ecksperts\AppData\Roaming\mozilla\firefox\profiles\aj0e891s.default\extensions\ftdownloader3@ftdownloader.com.xpi" 
Successfully deleted: [Folder] C:\Users\Ecksperts\AppData\Roaming\mozilla\firefox\profiles\aj0e891s.default\jetpack
Emptied folder: C:\Users\Ecksperts\AppData\Roaming\mozilla\firefox\profiles\aj0e891s.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2013 at 15:58:48,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Hallo Schrauber,

hier nun das Ergebnis nach erfolgtem Durchlauf und anschließendem Löschvorgang von "adw Cleaner". Hoffe es passt?!

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.306 - Datei am 22/07/2013 um 16:04:54 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Benutzer : Ecksperts - ECKSPERTS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ecksperts\Desktop\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\foxydeal.sqlite
Gelöscht mit Neustart : C:\Program Files (x86)\AddLyrics
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Program Files (x86)\Gophoto.it
Gelöscht mit Neustart : C:\Program Files (x86)\TornTV.com
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365
Gelöscht mit Neustart : C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\jetpack
Gelöscht mit Neustart : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Gelöscht mit Neustart : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Gelöscht mit Neustart : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18639

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Ecksperts\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R10].txt - [2674 octets] - [24/05/2013 00:23:08]
AdwCleaner[R11].txt - [10846 octets] - [30/06/2013 12:04:16]
AdwCleaner[R12].txt - [3301 octets] - [30/06/2013 18:34:36]
AdwCleaner[R13].txt - [3643 octets] - [01/07/2013 21:59:13]
AdwCleaner[R14].txt - [3832 octets] - [05/07/2013 20:17:44]
AdwCleaner[R15].txt - [5159 octets] - [16/07/2013 20:59:16]
AdwCleaner[R16].txt - [3618 octets] - [16/07/2013 21:04:43]
AdwCleaner[R17].txt - [4224 octets] - [19/07/2013 01:14:33]
AdwCleaner[R18].txt - [4007 octets] - [21/07/2013 22:43:16]
AdwCleaner[R19].txt - [4288 octets] - [22/07/2013 01:08:56]
AdwCleaner[R20].txt - [3474 octets] - [22/07/2013 16:04:20]
AdwCleaner[R6].txt - [11175 octets] - [14/05/2013 13:41:53]
AdwCleaner[R7].txt - [2218 octets] - [14/05/2013 13:54:13]
AdwCleaner[R8].txt - [2617 octets] - [14/05/2013 20:18:56]
AdwCleaner[R9].txt - [3054 octets] - [24/05/2013 00:10:46]
AdwCleaner[S10].txt - [2845 octets] - [24/05/2013 00:23:41]
AdwCleaner[S11].txt - [10792 octets] - [30/06/2013 12:06:28]
AdwCleaner[S12].txt - [3513 octets] - [30/06/2013 18:35:09]
AdwCleaner[S13].txt - [3844 octets] - [01/07/2013 21:59:49]
AdwCleaner[S14].txt - [4033 octets] - [05/07/2013 20:18:25]
AdwCleaner[S15].txt - [5378 octets] - [16/07/2013 20:59:50]
AdwCleaner[S16].txt - [3825 octets] - [16/07/2013 21:05:11]
AdwCleaner[S17].txt - [4437 octets] - [19/07/2013 01:16:16]
AdwCleaner[S18].txt - [4184 octets] - [21/07/2013 22:44:05]
AdwCleaner[S19].txt - [4501 octets] - [22/07/2013 01:10:11]
AdwCleaner[S20].txt - [3219 octets] - [22/07/2013 16:04:54]
AdwCleaner[S6].txt - [10987 octets] - [14/05/2013 13:43:24]
AdwCleaner[S7].txt - [2376 octets] - [14/05/2013 13:54:53]
AdwCleaner[S8].txt - [2781 octets] - [14/05/2013 20:19:43]
AdwCleaner[S9].txt - [3242 octets] - [24/05/2013 00:12:24]

########## EOF - C:\AdwCleaner[S20].txt - [3521 octets] ##########
         

Supi, jetzt ein frisches FRST log bitte.

Hallo Schrauber,

bitte schön, aber was ist ein "frisches FRST log", und wie erstelle ich das?

Denke bitte daran, dass Du es mit einem Laien zu tun hast!!

MfG
Ecksperts

Ganz am Anfang hast Du mit dem Tool FRST einen Scan gemacht. Jetzt nochmal nen neuen Scan machen und das Log posten

Hallo Schrauber,

hier das Ergebnis. Hoffe es ist das korrekte?!

MfG
Ecksperts


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by Ecksperts (administrator) on 22-07-2013 21:56:30
Running from C:\Users\Ecksperts\Desktop\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Farbar) C:\Users\Ecksperts\Desktop\Desktop\FRST64(3).exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2013-06-26] (IncrediMail, Ltd.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-12-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-19] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-19] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-19] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-19] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default
FF Homepage: hxxp://www.google.de/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ghostery - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\firefox@ghostery.com
FF Extension: Yahoo! Toolbar - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: clearConsole - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\clearConsole@penzil.com.xpi
FF Extension: nbthemes - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\nbthemes@narutoboards.xpi
FF Extension: torntv2 - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\torntv2@torntv.com.xpi
FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [videoraptor-firefox-surf-and-catch-extension@audials.com] C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\
FF Extension: Videoraptor Firefox Surf and Catch Plugin - C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-19] (Avira Operations GmbH & Co. KG)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-13] (Kaspersky Lab ZAO)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-05-24] ()
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-11-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-19] (Avira Operations GmbH & Co. KG)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2009-01-23] (Brother Industries Ltd.)
R3 FET5A64; C:\Windows\System32\DRIVERS\fet5a64.sys [49024 2006-09-18] (VIA Technologies, Inc.              )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1418112 2007-04-03] (Philips Semiconductors GmbH)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 cpuz134; \??\C:\Users\ECKSPE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 gfiark; system32\drivers\gfiark.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-22 16:04 - 2013-07-22 16:05 - 00003591 _____ C:\AdwCleaner[S20].txt
2013-07-22 16:04 - 2013-07-22 16:04 - 00003474 _____ C:\AdwCleaner[R20].txt
2013-07-22 15:58 - 2013-07-22 15:58 - 00004602 _____ C:\Users\Ecksperts\Desktop\JRT.txt
2013-07-22 15:48 - 2013-07-22 15:48 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 01:10 - 2013-07-22 01:10 - 00004501 _____ C:\AdwCleaner[S19].txt
2013-07-22 01:08 - 2013-07-22 01:09 - 00004288 _____ C:\AdwCleaner[R19].txt
2013-07-22 01:08 - 2013-07-22 01:08 - 00666633 _____ C:\Users\Ecksperts\Desktop\adwcleaner06.exe
2013-07-21 22:44 - 2013-07-21 22:44 - 00004184 _____ C:\AdwCleaner[S18].txt
2013-07-21 22:43 - 2013-07-21 22:43 - 00004007 _____ C:\AdwCleaner[R18].txt
2013-07-21 16:37 - 2013-07-21 16:40 - 00000162 _____ C:\Windows\Reimage.ini
2013-07-21 00:36 - 2013-07-21 00:36 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Panasonic
2013-07-21 00:33 - 2013-07-21 00:36 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Lumix Bildbearbeitg
2013-07-21 00:32 - 2013-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\ISL
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\Users\ECKSPE~1\AppData\Local\{B96D1B84-189C-4535-8C31-7517D6A8D074}
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-21 00:27 - 2005-06-01 04:10 - 00495616 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2013-07-21 00:27 - 2005-06-01 03:10 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2013-07-21 00:27 - 2005-06-01 00:30 - 00000097 _____ C:\Windows\SysWOW64\PICSDK.ini
2013-07-21 00:27 - 2005-06-01 00:20 - 00111932 _____ C:\Windows\SysWOW64\EPPICPrinterDB.dat
2013-07-21 00:27 - 2005-06-01 00:10 - 00073728 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2013-07-21 00:27 - 2004-03-03 06:10 - 00114688 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2013-07-21 00:27 - 2004-03-03 06:10 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2013-07-21 00:27 - 2004-03-03 06:10 - 00031053 _____ C:\Windows\SysWOW64\EPPICPattern131.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00027417 _____ C:\Windows\SysWOW64\EPPICPattern121.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00026154 _____ C:\Windows\SysWOW64\EPPICPattern1.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00024903 _____ C:\Windows\SysWOW64\EPPICPattern3.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00021390 _____ C:\Windows\SysWOW64\EPPICPattern5.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00020148 _____ C:\Windows\SysWOW64\EPPICPattern2.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00013732 _____ C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00011811 _____ C:\Windows\SysWOW64\EPPICPattern4.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00006442 _____ C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006335 _____ C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006122 _____ C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006103 _____ C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00005817 _____ C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00005436 _____ C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00004943 _____ C:\Windows\SysWOW64\EPPICPattern6.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00002889 _____ C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00002426 _____ C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00001146 _____ C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001136 _____ C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001120 _____ C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001107 _____ C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001104 _____ C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2013-07-21 00:26 - 2013-07-21 00:28 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-07-21 00:26 - 2005-03-07 19:44 - 00045056 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Windows\SysWOW64\PhDi2.sys
2013-07-20 19:45 - 2013-07-20 19:45 - 00000000 ____D C:\Users\Ecksperts\Desktop\Sergej_Hamm
2013-07-20 19:38 - 2013-07-20 19:42 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 01:16 - 2013-07-19 01:16 - 00004437 _____ C:\AdwCleaner[S17].txt
2013-07-19 01:14 - 2013-07-19 01:15 - 00004224 _____ C:\AdwCleaner[R17].txt
2013-07-19 01:11 - 2013-07-19 01:11 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Avira
2013-07-19 01:07 - 2013-07-19 01:35 - 00001901 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-19 01:06 - 2013-07-19 01:01 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-19 01:06 - 2013-07-19 01:01 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-19 01:06 - 2013-07-19 01:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-18 08:52 - 2013-07-22 16:14 - 00183362 _____ C:\Windows\WindowsUpdate.log
2013-07-18 08:48 - 2013-07-19 01:18 - 00081850 _____ C:\Windows\PFRO.log
2013-07-18 01:23 - 2013-07-19 01:35 - 00000000 ____D C:\ProgramData\Avira
2013-07-17 22:12 - 2013-07-17 22:12 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-17 22:11 - 2013-07-18 08:48 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\FRST
2013-07-16 21:05 - 2013-07-16 21:05 - 00003825 _____ C:\AdwCleaner[S16].txt
2013-07-16 21:04 - 2013-07-16 21:05 - 00003618 _____ C:\AdwCleaner[R16].txt
2013-07-16 20:59 - 2013-07-16 21:00 - 00005378 _____ C:\AdwCleaner[S15].txt
2013-07-16 20:59 - 2013-07-16 20:59 - 00005159 _____ C:\AdwCleaner[R15].txt
2013-07-13 19:03 - 2013-07-13 19:05 - 37257216 _____ C:\Windows\system32\config\COMPONENTS.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00180224 _____ C:\Windows\system32\config\DEFAULT.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00057344 _____ C:\Windows\system32\config\SAM.rhk
2013-07-13 19:00 - 2013-07-13 19:03 - 65347584 _____ C:\Windows\system32\config\SOFTWARE.rhk
2013-07-13 19:00 - 2013-07-13 19:00 - 00024576 _____ C:\Windows\system32\config\SECURITY.rhk
2013-07-13 08:50 - 2013-07-13 08:50 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 12:46 - 2013-07-12 13:11 - 00000000 ____D C:\Users\Ecksperts\Desktop\Neuer Ordner (4)
2013-07-07 06:31 - 2013-07-07 06:33 - 00000000 __SHD C:\WISE_DISKSCRUBTEMP_NTFS
2013-07-05 20:18 - 2013-07-05 20:18 - 00004033 _____ C:\AdwCleaner[S14].txt
2013-07-05 20:17 - 2013-07-05 20:18 - 00003832 _____ C:\AdwCleaner[R14].txt
2013-07-01 21:59 - 2013-07-01 22:00 - 00003844 _____ C:\AdwCleaner[S13].txt
2013-07-01 21:59 - 2013-07-01 21:59 - 00003643 _____ C:\AdwCleaner[R13].txt
2013-06-30 18:35 - 2013-06-30 18:35 - 00003513 _____ C:\AdwCleaner[S12].txt
2013-06-30 18:34 - 2013-06-30 18:35 - 00003301 _____ C:\AdwCleaner[R12].txt
2013-06-30 12:06 - 2013-06-30 12:12 - 00010792 _____ C:\AdwCleaner[S11].txt
2013-06-30 12:04 - 2013-06-30 12:05 - 00010846 _____ C:\AdwCleaner[R11].txt
2013-06-26 17:18 - 2013-06-26 17:18 - 00000000 ____D C:\Program Files (x86)\IncrediMail
2013-06-26 10:47 - 2013-06-26 11:10 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-26 10:47 - 2013-06-26 11:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-26 08:48 - 2013-07-11 21:00 - 00000394 _____ C:\Windows\Tasks\RegTask.job
2013-06-26 08:48 - 2013-06-26 10:28 - 00000000 ____D C:\Program Files (x86)\RegTask
2013-06-26 08:48 - 2013-06-26 10:27 - 00000000 ____D C:\ProgramData\RegTask
2013-06-26 08:48 - 2013-06-26 10:11 - 00003602 _____ C:\Windows\System32\Tasks\RegTask
2013-06-25 20:06 - 2013-07-16 20:40 - 00000000 ____D C:\Program Files (x86)\mozilla firefox

==================== One Month Modified Files and Folders =======

2013-07-22 21:17 - 2012-02-02 13:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-22 20:06 - 2006-11-02 17:22 - 00003264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 20:06 - 2006-11-02 17:22 - 00003264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 16:21 - 2013-07-18 08:52 - 00183362 _____ C:\Windows\WindowsUpdate.log
2013-07-22 16:09 - 2013-05-26 11:59 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Wise Care 365
2013-07-22 16:05 - 2013-07-22 16:04 - 00003591 _____ C:\AdwCleaner[S20].txt
2013-07-22 16:05 - 2013-02-24 13:01 - 00022480 _____ C:\Windows\DeleteOnReboot.bat
2013-07-22 16:04 - 2013-07-22 16:04 - 00003474 _____ C:\AdwCleaner[R20].txt
2013-07-22 15:58 - 2013-07-22 15:58 - 00004602 _____ C:\Users\Ecksperts\Desktop\JRT.txt
2013-07-22 15:48 - 2013-07-22 15:48 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 01:10 - 2013-07-22 01:10 - 00004501 _____ C:\AdwCleaner[S19].txt
2013-07-22 01:09 - 2013-07-22 01:08 - 00004288 _____ C:\AdwCleaner[R19].txt
2013-07-22 01:08 - 2013-07-22 01:08 - 00666633 _____ C:\Users\Ecksperts\Desktop\adwcleaner06.exe
2013-07-21 22:44 - 2013-07-21 22:44 - 00004184 _____ C:\AdwCleaner[S18].txt
2013-07-21 22:43 - 2013-07-21 22:43 - 00004007 _____ C:\AdwCleaner[R18].txt
2013-07-21 16:40 - 2013-07-21 16:37 - 00000162 _____ C:\Windows\Reimage.ini
2013-07-21 16:19 - 2012-02-02 11:49 - 00109816 _____ C:\Users\ECKSPE~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 16:14 - 2006-11-02 17:21 - 00400320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 00:36 - 2013-07-21 00:36 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Panasonic
2013-07-21 00:36 - 2013-07-21 00:33 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Lumix Bildbearbeitg
2013-07-21 00:36 - 2012-02-04 17:11 - 00000888 _____ C:\Windows\BRWMARK.INI
2013-07-21 00:32 - 2013-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\ISL
2013-07-21 00:32 - 2012-02-03 00:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\Users\ECKSPE~1\AppData\Local\{B96D1B84-189C-4535-8C31-7517D6A8D074}
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-21 00:28 - 2013-07-21 00:26 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-07-20 19:45 - 2013-07-20 19:45 - 00000000 ____D C:\Users\Ecksperts\Desktop\Sergej_Hamm
2013-07-20 19:42 - 2013-07-20 19:38 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 01:35 - 2013-07-19 01:07 - 00001901 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-19 01:35 - 2013-07-18 01:23 - 00000000 ____D C:\ProgramData\Avira
2013-07-19 01:18 - 2013-07-18 08:48 - 00081850 _____ C:\Windows\PFRO.log
2013-07-19 01:16 - 2013-07-19 01:16 - 00004437 _____ C:\AdwCleaner[S17].txt
2013-07-19 01:15 - 2013-07-19 01:14 - 00004224 _____ C:\AdwCleaner[R17].txt
2013-07-19 01:11 - 2013-07-19 01:11 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Avira
2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-19 01:01 - 2013-07-19 01:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-19 01:01 - 2013-07-19 01:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-19 01:01 - 2013-07-19 01:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-18 08:48 - 2013-07-17 22:11 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-07-18 01:58 - 2006-11-02 17:42 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 01:57 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 22:12 - 2013-07-17 22:12 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\FRST
2013-07-17 19:18 - 2013-05-26 15:58 - 00000420 _____ C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2013-07-17 13:30 - 2012-11-28 02:28 - 00002641 _____ C:\Users\Ecksperts\Desktop\Microsoft Word 2010.lnk
2013-07-16 21:05 - 2013-07-16 21:05 - 00003825 _____ C:\AdwCleaner[S16].txt
2013-07-16 21:05 - 2013-07-16 21:04 - 00003618 _____ C:\AdwCleaner[R16].txt
2013-07-16 21:00 - 2013-07-16 20:59 - 00005378 _____ C:\AdwCleaner[S15].txt
2013-07-16 20:59 - 2013-07-16 20:59 - 00005159 _____ C:\AdwCleaner[R15].txt
2013-07-16 20:57 - 2013-04-22 13:19 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Cleaner
2013-07-16 20:54 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files\CCleaner
2013-07-16 20:40 - 2013-06-25 20:06 - 00000000 ____D C:\Program Files (x86)\mozilla firefox
2013-07-15 12:14 - 2013-03-22 22:17 - 00000474 _____ C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2013-07-14 12:00 - 2013-05-26 12:06 - 00000410 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2013-07-13 19:05 - 2013-07-13 19:03 - 37257216 _____ C:\Windows\system32\config\COMPONENTS.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00180224 _____ C:\Windows\system32\config\DEFAULT.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00057344 _____ C:\Windows\system32\config\SAM.rhk
2013-07-13 19:03 - 2013-07-13 19:00 - 65347584 _____ C:\Windows\system32\config\SOFTWARE.rhk
2013-07-13 19:00 - 2013-07-13 19:00 - 00024576 _____ C:\Windows\system32\config\SECURITY.rhk
2013-07-13 18:00 - 2012-02-02 12:28 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 14:45 - 2012-02-02 17:28 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Uwe & Ildiko
2013-07-13 08:50 - 2013-07-13 08:50 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 08:50 - 2012-02-02 12:28 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 13:11 - 2013-07-12 12:46 - 00000000 ____D C:\Users\Ecksperts\Desktop\Neuer Ordner (4)
2013-07-12 12:57 - 2013-05-01 14:57 - 00000000 ____D C:\Users\Ecksperts\Desktop\Anzeigen
2013-07-12 12:54 - 2013-04-30 18:10 - 00000000 ____D C:\Users\Ecksperts\Desktop\Beckmannplatz
2013-07-12 09:18 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 01:00 - 2012-11-27 23:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 21:00 - 2013-06-26 08:48 - 00000394 _____ C:\Windows\Tasks\RegTask.job
2013-07-07 06:33 - 2013-07-07 06:31 - 00000000 __SHD C:\WISE_DISKSCRUBTEMP_NTFS
2013-07-06 18:11 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\Help
2013-07-05 20:18 - 2013-07-05 20:18 - 00004033 _____ C:\AdwCleaner[S14].txt
2013-07-05 20:18 - 2013-07-05 20:17 - 00003832 _____ C:\AdwCleaner[R14].txt
2013-07-01 22:00 - 2013-07-01 21:59 - 00003844 _____ C:\AdwCleaner[S13].txt
2013-07-01 21:59 - 2013-07-01 21:59 - 00003643 _____ C:\AdwCleaner[R13].txt
2013-06-30 18:35 - 2013-06-30 18:35 - 00003513 _____ C:\AdwCleaner[S12].txt
2013-06-30 18:35 - 2013-06-30 18:34 - 00003301 _____ C:\AdwCleaner[R12].txt
2013-06-30 18:30 - 2012-02-04 12:20 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\BOM
2013-06-30 12:12 - 2013-06-30 12:06 - 00010792 _____ C:\AdwCleaner[S11].txt
2013-06-30 12:12 - 2012-02-02 11:49 - 00000913 _____ C:\Users\Ecksperts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-06-30 12:12 - 2012-02-02 11:49 - 00000913 _____ C:\Users\Ecksperts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-06-30 12:05 - 2013-06-30 12:04 - 00010846 _____ C:\AdwCleaner[R11].txt
2013-06-30 12:05 - 2011-06-11 02:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-06-30 12:05 - 2011-06-11 02:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-06-26 17:18 - 2013-06-26 17:18 - 00000000 ____D C:\Program Files (x86)\IncrediMail
2013-06-26 11:10 - 2013-06-26 10:47 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-26 11:10 - 2013-06-26 10:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-26 10:28 - 2013-06-26 08:48 - 00000000 ____D C:\Program Files (x86)\RegTask
2013-06-26 10:27 - 2013-06-26 08:48 - 00000000 ____D C:\ProgramData\RegTask
2013-06-26 10:11 - 2013-06-26 08:48 - 00003602 _____ C:\Windows\System32\Tasks\RegTask
2013-06-24 00:57 - 2006-11-02 14:35 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-22 16:13

==================== End Of Log ============================
         

--- --- ---

Perfekt


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und nochmal ein frisches FRST log bitte. Noch Probleme?

Halo Schrauber,

bin leider jetzt erst wieder dazu gekommen, meine neuesten Mails abzufragen. Hier anbei nochmals die oder das neueste "FRST log"! Aber nach wie vor stellt sich mir die Frage, wie ich mich zukünftig vor solchen Angriffen schützen kann????????????????


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by Ecksperts (administrator) on 23-07-2013 16:26:34
Running from C:\Users\Ecksperts\Desktop\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Farbar) C:\Users\Ecksperts\Desktop\Desktop\FRST64(4).exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2013-06-26] (IncrediMail, Ltd.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-12-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-19] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-19] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-19] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default
FF Homepage: hxxp://www.google.de/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ghostery - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\firefox@ghostery.com
FF Extension: Yahoo! Toolbar - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: clearConsole - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\clearConsole@penzil.com.xpi
FF Extension: nbthemes - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\nbthemes@narutoboards.xpi
FF Extension: torntv2 - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\torntv2@torntv.com.xpi
FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [videoraptor-firefox-surf-and-catch-extension@audials.com] C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\
FF Extension: Videoraptor Firefox Surf and Catch Plugin - C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-19] (Avira Operations GmbH & Co. KG)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-13] (Kaspersky Lab ZAO)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-05-24] ()
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-11-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-19] (Avira Operations GmbH & Co. KG)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2009-01-23] (Brother Industries Ltd.)
R3 FET5A64; C:\Windows\System32\DRIVERS\fet5a64.sys [49024 2006-09-18] (VIA Technologies, Inc.              )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1418112 2007-04-03] (Philips Semiconductors GmbH)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 cpuz134; \??\C:\Users\ECKSPE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 gfiark; system32\drivers\gfiark.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-22 16:04 - 2013-07-22 16:05 - 00003591 _____ C:\AdwCleaner[S20].txt
2013-07-22 16:04 - 2013-07-22 16:04 - 00003474 _____ C:\AdwCleaner[R20].txt
2013-07-22 16:03 - 2013-07-22 16:03 - 00666633 _____ C:\Users\Ecksperts\Desktop\adwcleaner.exe
2013-07-22 15:58 - 2013-07-22 15:58 - 00004602 _____ C:\Users\Ecksperts\Desktop\JRT.txt
2013-07-22 15:48 - 2013-07-22 15:48 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 01:10 - 2013-07-22 01:10 - 00004501 _____ C:\AdwCleaner[S19].txt
2013-07-22 01:08 - 2013-07-22 01:09 - 00004288 _____ C:\AdwCleaner[R19].txt
2013-07-21 22:44 - 2013-07-21 22:44 - 00004184 _____ C:\AdwCleaner[S18].txt
2013-07-21 22:43 - 2013-07-21 22:43 - 00004007 _____ C:\AdwCleaner[R18].txt
2013-07-21 16:37 - 2013-07-21 16:40 - 00000162 _____ C:\Windows\Reimage.ini
2013-07-21 00:36 - 2013-07-21 00:36 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Panasonic
2013-07-21 00:33 - 2013-07-21 00:36 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Lumix Bildbearbeitg
2013-07-21 00:32 - 2013-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\ISL
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\Users\ECKSPE~1\AppData\Local\{B96D1B84-189C-4535-8C31-7517D6A8D074}
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-21 00:27 - 2005-06-01 04:10 - 00495616 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2013-07-21 00:27 - 2005-06-01 03:10 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2013-07-21 00:27 - 2005-06-01 00:30 - 00000097 _____ C:\Windows\SysWOW64\PICSDK.ini
2013-07-21 00:27 - 2005-06-01 00:20 - 00111932 _____ C:\Windows\SysWOW64\EPPICPrinterDB.dat
2013-07-21 00:27 - 2005-06-01 00:10 - 00073728 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2013-07-21 00:27 - 2004-03-03 06:10 - 00114688 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2013-07-21 00:27 - 2004-03-03 06:10 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2013-07-21 00:27 - 2004-03-03 06:10 - 00031053 _____ C:\Windows\SysWOW64\EPPICPattern131.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00027417 _____ C:\Windows\SysWOW64\EPPICPattern121.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00026154 _____ C:\Windows\SysWOW64\EPPICPattern1.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00024903 _____ C:\Windows\SysWOW64\EPPICPattern3.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00021390 _____ C:\Windows\SysWOW64\EPPICPattern5.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00020148 _____ C:\Windows\SysWOW64\EPPICPattern2.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00013732 _____ C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00011811 _____ C:\Windows\SysWOW64\EPPICPattern4.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00006442 _____ C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006335 _____ C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006122 _____ C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00006103 _____ C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00005817 _____ C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00005436 _____ C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00004943 _____ C:\Windows\SysWOW64\EPPICPattern6.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00002889 _____ C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00002426 _____ C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2013-07-21 00:27 - 2004-03-03 06:10 - 00001146 _____ C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001136 _____ C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001120 _____ C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001107 _____ C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2013-07-21 00:27 - 2004-03-03 06:10 - 00001104 _____ C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2013-07-21 00:26 - 2013-07-21 00:28 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-07-21 00:26 - 2005-03-07 19:44 - 00045056 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Windows\SysWOW64\PhDi2.sys
2013-07-20 19:45 - 2013-07-20 19:45 - 00000000 ____D C:\Users\Ecksperts\Desktop\Sergej_Hamm
2013-07-20 19:38 - 2013-07-20 19:42 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 01:16 - 2013-07-19 01:16 - 00004437 _____ C:\AdwCleaner[S17].txt
2013-07-19 01:14 - 2013-07-19 01:15 - 00004224 _____ C:\AdwCleaner[R17].txt
2013-07-19 01:11 - 2013-07-19 01:11 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Avira
2013-07-19 01:07 - 2013-07-19 01:35 - 00001901 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-19 01:06 - 2013-07-19 01:01 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-19 01:06 - 2013-07-19 01:01 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-19 01:06 - 2013-07-19 01:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-18 08:52 - 2013-07-23 10:38 - 00197506 _____ C:\Windows\WindowsUpdate.log
2013-07-18 08:48 - 2013-07-19 01:18 - 00081850 _____ C:\Windows\PFRO.log
2013-07-18 01:23 - 2013-07-19 01:35 - 00000000 ____D C:\ProgramData\Avira
2013-07-17 22:12 - 2013-07-17 22:12 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-17 22:11 - 2013-07-18 08:48 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\FRST
2013-07-16 21:05 - 2013-07-16 21:05 - 00003825 _____ C:\AdwCleaner[S16].txt
2013-07-16 21:04 - 2013-07-16 21:05 - 00003618 _____ C:\AdwCleaner[R16].txt
2013-07-16 20:59 - 2013-07-16 21:00 - 00005378 _____ C:\AdwCleaner[S15].txt
2013-07-16 20:59 - 2013-07-16 20:59 - 00005159 _____ C:\AdwCleaner[R15].txt
2013-07-13 19:03 - 2013-07-13 19:05 - 37257216 _____ C:\Windows\system32\config\COMPONENTS.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00180224 _____ C:\Windows\system32\config\DEFAULT.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00057344 _____ C:\Windows\system32\config\SAM.rhk
2013-07-13 19:00 - 2013-07-13 19:03 - 65347584 _____ C:\Windows\system32\config\SOFTWARE.rhk
2013-07-13 19:00 - 2013-07-13 19:00 - 00024576 _____ C:\Windows\system32\config\SECURITY.rhk
2013-07-13 08:50 - 2013-07-13 08:50 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 12:46 - 2013-07-12 13:11 - 00000000 ____D C:\Users\Ecksperts\Desktop\Neuer Ordner (4)
2013-07-07 06:31 - 2013-07-07 06:33 - 00000000 __SHD C:\WISE_DISKSCRUBTEMP_NTFS
2013-07-05 20:18 - 2013-07-05 20:18 - 00004033 _____ C:\AdwCleaner[S14].txt
2013-07-05 20:17 - 2013-07-05 20:18 - 00003832 _____ C:\AdwCleaner[R14].txt
2013-07-01 21:59 - 2013-07-01 22:00 - 00003844 _____ C:\AdwCleaner[S13].txt
2013-07-01 21:59 - 2013-07-01 21:59 - 00003643 _____ C:\AdwCleaner[R13].txt
2013-06-30 18:35 - 2013-06-30 18:35 - 00003513 _____ C:\AdwCleaner[S12].txt
2013-06-30 18:34 - 2013-06-30 18:35 - 00003301 _____ C:\AdwCleaner[R12].txt
2013-06-30 12:06 - 2013-06-30 12:12 - 00010792 _____ C:\AdwCleaner[S11].txt
2013-06-30 12:04 - 2013-06-30 12:05 - 00010846 _____ C:\AdwCleaner[R11].txt
2013-06-26 17:18 - 2013-06-26 17:18 - 00000000 ____D C:\Program Files (x86)\IncrediMail
2013-06-26 10:47 - 2013-06-26 11:10 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-26 10:47 - 2013-06-26 11:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-26 08:48 - 2013-07-11 21:00 - 00000394 _____ C:\Windows\Tasks\RegTask.job
2013-06-26 08:48 - 2013-06-26 10:28 - 00000000 ____D C:\Program Files (x86)\RegTask
2013-06-26 08:48 - 2013-06-26 10:27 - 00000000 ____D C:\ProgramData\RegTask
2013-06-26 08:48 - 2013-06-26 10:11 - 00003602 _____ C:\Windows\System32\Tasks\RegTask
2013-06-25 20:06 - 2013-07-16 20:40 - 00000000 ____D C:\Program Files (x86)\mozilla firefox

==================== One Month Modified Files and Folders =======

2013-07-23 16:23 - 2013-07-18 08:52 - 00197506 _____ C:\Windows\WindowsUpdate.log
2013-07-23 16:19 - 2012-02-02 13:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-23 16:17 - 2013-05-26 11:59 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Wise Care 365
2013-07-23 16:15 - 2006-11-02 17:22 - 00003264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 16:15 - 2006-11-02 17:22 - 00003264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 16:05 - 2013-07-22 16:04 - 00003591 _____ C:\AdwCleaner[S20].txt
2013-07-22 16:05 - 2013-02-24 13:01 - 00022480 _____ C:\Windows\DeleteOnReboot.bat
2013-07-22 16:04 - 2013-07-22 16:04 - 00003474 _____ C:\AdwCleaner[R20].txt
2013-07-22 16:03 - 2013-07-22 16:03 - 00666633 _____ C:\Users\Ecksperts\Desktop\adwcleaner.exe
2013-07-22 15:58 - 2013-07-22 15:58 - 00004602 _____ C:\Users\Ecksperts\Desktop\JRT.txt
2013-07-22 15:48 - 2013-07-22 15:48 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 01:10 - 2013-07-22 01:10 - 00004501 _____ C:\AdwCleaner[S19].txt
2013-07-22 01:09 - 2013-07-22 01:08 - 00004288 _____ C:\AdwCleaner[R19].txt
2013-07-21 22:44 - 2013-07-21 22:44 - 00004184 _____ C:\AdwCleaner[S18].txt
2013-07-21 22:43 - 2013-07-21 22:43 - 00004007 _____ C:\AdwCleaner[R18].txt
2013-07-21 16:40 - 2013-07-21 16:37 - 00000162 _____ C:\Windows\Reimage.ini
2013-07-21 16:19 - 2012-02-02 11:49 - 00109816 _____ C:\Users\ECKSPE~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 16:14 - 2006-11-02 17:21 - 00400320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 00:36 - 2013-07-21 00:36 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Panasonic
2013-07-21 00:36 - 2013-07-21 00:33 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Lumix Bildbearbeitg
2013-07-21 00:36 - 2012-02-04 17:11 - 00000888 _____ C:\Windows\BRWMARK.INI
2013-07-21 00:32 - 2013-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\ISL
2013-07-21 00:32 - 2012-02-03 00:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\Users\ECKSPE~1\AppData\Local\{B96D1B84-189C-4535-8C31-7517D6A8D074}
2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-21 00:28 - 2013-07-21 00:26 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-07-20 19:45 - 2013-07-20 19:45 - 00000000 ____D C:\Users\Ecksperts\Desktop\Sergej_Hamm
2013-07-20 19:42 - 2013-07-20 19:38 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 01:35 - 2013-07-19 01:07 - 00001901 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-19 01:35 - 2013-07-18 01:23 - 00000000 ____D C:\ProgramData\Avira
2013-07-19 01:18 - 2013-07-18 08:48 - 00081850 _____ C:\Windows\PFRO.log
2013-07-19 01:16 - 2013-07-19 01:16 - 00004437 _____ C:\AdwCleaner[S17].txt
2013-07-19 01:15 - 2013-07-19 01:14 - 00004224 _____ C:\AdwCleaner[R17].txt
2013-07-19 01:11 - 2013-07-19 01:11 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Avira
2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-19 01:01 - 2013-07-19 01:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-19 01:01 - 2013-07-19 01:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-19 01:01 - 2013-07-19 01:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-18 08:48 - 2013-07-17 22:11 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-07-18 01:58 - 2006-11-02 17:42 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 01:57 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 22:12 - 2013-07-17 22:12 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\FRST
2013-07-17 19:18 - 2013-05-26 15:58 - 00000420 _____ C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2013-07-17 13:30 - 2012-11-28 02:28 - 00002641 _____ C:\Users\Ecksperts\Desktop\Microsoft Word 2010.lnk
2013-07-16 21:05 - 2013-07-16 21:05 - 00003825 _____ C:\AdwCleaner[S16].txt
2013-07-16 21:05 - 2013-07-16 21:04 - 00003618 _____ C:\AdwCleaner[R16].txt
2013-07-16 21:00 - 2013-07-16 20:59 - 00005378 _____ C:\AdwCleaner[S15].txt
2013-07-16 20:59 - 2013-07-16 20:59 - 00005159 _____ C:\AdwCleaner[R15].txt
2013-07-16 20:57 - 2013-04-22 13:19 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Cleaner
2013-07-16 20:54 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files\CCleaner
2013-07-16 20:40 - 2013-06-25 20:06 - 00000000 ____D C:\Program Files (x86)\mozilla firefox
2013-07-15 12:14 - 2013-03-22 22:17 - 00000474 _____ C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2013-07-14 12:00 - 2013-05-26 12:06 - 00000410 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2013-07-13 19:05 - 2013-07-13 19:03 - 37257216 _____ C:\Windows\system32\config\COMPONENTS.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00180224 _____ C:\Windows\system32\config\DEFAULT.rhk
2013-07-13 19:03 - 2013-07-13 19:03 - 00057344 _____ C:\Windows\system32\config\SAM.rhk
2013-07-13 19:03 - 2013-07-13 19:00 - 65347584 _____ C:\Windows\system32\config\SOFTWARE.rhk
2013-07-13 19:00 - 2013-07-13 19:00 - 00024576 _____ C:\Windows\system32\config\SECURITY.rhk
2013-07-13 18:00 - 2012-02-02 12:28 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 14:45 - 2012-02-02 17:28 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Uwe & Ildiko
2013-07-13 08:50 - 2013-07-13 08:50 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 08:50 - 2012-02-02 12:28 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 13:11 - 2013-07-12 12:46 - 00000000 ____D C:\Users\Ecksperts\Desktop\Neuer Ordner (4)
2013-07-12 12:57 - 2013-05-01 14:57 - 00000000 ____D C:\Users\Ecksperts\Desktop\Anzeigen
2013-07-12 12:54 - 2013-04-30 18:10 - 00000000 ____D C:\Users\Ecksperts\Desktop\Beckmannplatz
2013-07-12 09:18 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 01:00 - 2012-11-27 23:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 21:00 - 2013-06-26 08:48 - 00000394 _____ C:\Windows\Tasks\RegTask.job
2013-07-07 06:33 - 2013-07-07 06:31 - 00000000 __SHD C:\WISE_DISKSCRUBTEMP_NTFS
2013-07-06 18:11 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\Help
2013-07-05 20:18 - 2013-07-05 20:18 - 00004033 _____ C:\AdwCleaner[S14].txt
2013-07-05 20:18 - 2013-07-05 20:17 - 00003832 _____ C:\AdwCleaner[R14].txt
2013-07-01 22:00 - 2013-07-01 21:59 - 00003844 _____ C:\AdwCleaner[S13].txt
2013-07-01 21:59 - 2013-07-01 21:59 - 00003643 _____ C:\AdwCleaner[R13].txt
2013-06-30 18:35 - 2013-06-30 18:35 - 00003513 _____ C:\AdwCleaner[S12].txt
2013-06-30 18:35 - 2013-06-30 18:34 - 00003301 _____ C:\AdwCleaner[R12].txt
2013-06-30 18:30 - 2012-02-04 12:20 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\BOM
2013-06-30 12:12 - 2013-06-30 12:06 - 00010792 _____ C:\AdwCleaner[S11].txt
2013-06-30 12:12 - 2012-02-02 11:49 - 00000913 _____ C:\Users\Ecksperts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-06-30 12:12 - 2012-02-02 11:49 - 00000913 _____ C:\Users\Ecksperts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-06-30 12:05 - 2013-06-30 12:04 - 00010846 _____ C:\AdwCleaner[R11].txt
2013-06-30 12:05 - 2011-06-11 02:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-06-30 12:05 - 2011-06-11 02:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-06-26 17:18 - 2013-06-26 17:18 - 00000000 ____D C:\Program Files (x86)\IncrediMail
2013-06-26 11:10 - 2013-06-26 10:47 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-26 11:10 - 2013-06-26 10:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-26 10:28 - 2013-06-26 08:48 - 00000000 ____D C:\Program Files (x86)\RegTask
2013-06-26 10:27 - 2013-06-26 08:48 - 00000000 ____D C:\ProgramData\RegTask
2013-06-26 10:11 - 2013-06-26 08:48 - 00003602 _____ C:\Windows\System32\Tasks\RegTask
2013-06-24 00:57 - 2006-11-02 14:35 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 16:27

==================== End Of Log ============================
         

--- --- ---