"Entfernen des Win32/Small.CA_Virus"

Hilfe_1 · 07.09.2013, 21:16

Hallo,

ich habe Avira, aber da eine Fehlermeldung ständig angezeigt wird (wegen fehlenden Toolbar) hat mir Windows vorgeschlagen Avira zu deinstallieren und neu zu installieren. Ich bin gerade dabei dies durchzuführen und dann einen Scan zu starten.

Ich bin sehr dankbar, dass Du dir Zeit nimmst, um mir bei diesen Problem zu helfen.

Danke für deinen Support und ich hoffe, dass wir das so schnell wie möglich fertig bekommen

Außerdem stürzt mein Computer manchmal ab (meistens wenn ich Youtube öffnen möchte) und startet dann neu. Ist gerade eben passiert

. Es ist aber nicht immer der Fall. Aber was ich wirklich bestädigen kann ist ,dass seit dem "Virus" die Qualität der Youtube Videos sich sehr verschlechtert hat, denn es treten dauernd bunte Striche auf!!! Woran kann das liegen und wieso stürzt mein PC ab, wenn ich doch nur Youtube öffnen will?
PS: Ich verwende Chrome als Standartbrowser

Und die Meldung ist auch nach der Neuinstallation von Avira noch da!!! Und es steht

Zitat:

"Avira Desktop" aktivieren (Wichtig)

!!! Hab ich aber schon tausende Male gemacht?!

Außerdem hab ich nun keine Möglichkeit einer meiner Games zu spielen. Origin sagt mir, wenn ich Battlefiedld 3 spielen möchte, dass die Installation nicht korrekt wäre. Ich denke einmal, dass ist wegen der vielen Scans zurückzuführen!!!!!!! Bitte um dringende Antwort. Danke

Korrigiere: Die Abstürze sind beliebig. Und denke mal, dass das wegen Win32/Small.CA_Virus ist.

schrauber · 09.09.2013, 05:06

Die Meldung mit dem Virus kommt immer noch?

Lesestoff:
Warum wir Avira nicht mehr empfehlen
Avira liefert seit einiger Zeit mit der Standardinstallation die Ask Toolbar mit aus. Diese Toolbar ist Voraussetzung dafür, dass der Webguard zuverlässig funktioniert. Die Ask Toolbar ist dafür bekannt, dass sie das Surfverhalten des Benutzers ausspioniert, um damit in letzter Konsequenz Geld zu verdienen. Daher wird von uns auf diesem Board als "schädlich" eingestuft. Mehr Informationen.

Eine Sicherheitsfirma, die dem Benutzer praktisch ungefragt schädliche Software "unterjubelt", scheidet für uns daher aus. Wir empfehlen daher allen Nutzern von Avira aufgrund dieser Geschäftspraktik, der teilweise äußerst schlechten Erkennungsrate und der überaus nervtötenden Werbung Avira zu deinstallieren und auf ein alternatives Produkt auszuweichen.

Solltest du dich zu einem Wechsel entscheiden, empfehlen wir dir nach der Deinstallation mit dem Avira-Cleaner alle Reste zu entfernen.

Deinstalliere Chrome und Flash Player komplett. Danach neu installieren.

Poste dann bitte ein frisches FRST Logfile.

Hilfe_1 · 09.09.2013, 15:57

Hallo,

Ich hab Chrome und Flash Player deinstalliert und nur Chrome neuinstalliert, da Chrome "keinen" Flash Player benötigt.

Zu Avira hätte ich eine Frage: Wenn ich Avira deinstallieren würde, auf welche Software sollte ich dann wechseln?

Und hier das frische FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by Matthias (administrator) on MATTHIAS-PC on 09-09-2013 16:51:45
Running from C:\Users\Matthias\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Users\Matthias\Kies\External\FirmwareUpdate\KiesPDLR.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Windows\system\Cm106eye.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Samsung Electronics Co., Ltd.) C:\Users\Matthias\Kies\KiesTrayAgent.exe
(Apple Inc.) E:\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Creative Technology Ltd.) C:\Windows\system32\AMBSpiE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8151040 2010-07-01] (C-Media Corporation)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-01] (Google Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [KiesHelper] - C:\Users\Matthias\Kies\KiesHelper.exe [958392 2012-05-29] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Users\Matthias\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-11-30] (AMD)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875944 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-09] (Google Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] - C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [TurboV EVO] - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9993344 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Users\Matthias\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - E:\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe (D-Link Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\pdf\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Free Download Manager plugin - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: Download Youtube Videos + - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\video.downloader.plugin@ffpimp.com
FF Extension: DownloadHelper - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: toolbar - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\toolbar@gmx.net.xpi
FF Extension: toolbar_AVIRA-V7 - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Matthias\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Matthias\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Matthias\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\pdf\npnitromozilla.dll ( )
CHR Plugin: (iTunes Application Detector) - E:\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Matthias\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.8.0.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-07] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-01-16] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-28] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2010-12-21] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2010-12-21] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2010-12-21] (MCCI Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 VSPerfDrv100; E:\windows-office\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S3 VSPerfDrv100; E:\windows-office\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-09 16:46 - 2013-09-09 16:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 16:43 - 2013-09-09 16:49 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000UA
2013-09-09 16:43 - 2013-09-09 16:49 - 00003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000Core
2013-09-09 16:43 - 2013-09-09 16:49 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000UA.job
2013-09-09 16:43 - 2013-09-09 16:49 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000Core.job
2013-09-09 16:30 - 2013-09-09 16:30 - 00001130 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-09 16:07 - 2013-09-09 16:07 - 96665497 _____ C:\Windows\SysWOW64\䐞ꕊ뻼—
2013-09-08 13:41 - 2013-09-08 13:41 - 00276336 _____ C:\Windows\Minidump\090813-70372-01.dmp
2013-09-07 23:45 - 2013-09-08 09:30 - 00000577 _____ C:\Users\Matthias\Desktop\f.txt
2013-09-07 23:17 - 2013-09-07 23:17 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-07 23:16 - 2013-09-07 23:16 - 03820480 _____ C:\Users\Matthias\battlelog-web-plugins_2.1.7_115.exe
2013-09-07 22:25 - 2013-09-07 22:25 - 00276336 _____ C:\Windows\Minidump\090713-46659-01.dmp
2013-09-07 21:12 - 2013-09-07 21:12 - 00276336 _____ C:\Windows\Minidump\090713-42947-01.dmp
2013-09-07 20:09 - 2013-09-07 20:09 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-07 19:53 - 2013-09-07 19:53 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Avira
2013-09-07 18:46 - 2013-09-07 18:46 - 00276336 _____ C:\Windows\Minidump\090713-43945-01.dmp
2013-09-07 18:38 - 2013-09-07 18:38 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-07 18:38 - 2013-09-07 18:38 - 00000000 ____D C:\ProgramData\APN
2013-09-07 18:38 - 2013-09-07 18:38 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-07 18:37 - 2013-09-07 20:09 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-07 18:37 - 2013-09-07 20:09 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-07 18:37 - 2013-09-07 18:37 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-07 18:37 - 2013-09-07 18:37 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-07 18:37 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-07 18:30 - 2013-09-07 18:36 - 110344048 _____ C:\Users\Matthias\avira_free_antivirus_de.exe
2013-09-06 15:03 - 2013-09-06 15:03 - 00276336 _____ C:\Windows\Minidump\090613-23431-01.dmp
2013-09-06 14:03 - 2013-09-06 14:03 - 96334488 _____ C:\Windows\SysWOW64\譍꣇뻼«
2013-09-06 13:05 - 2013-09-06 13:06 - 00517120 _____ (Screenshot Uploader) C:\Users\Matthias\Desktop\ScreenshotUploader_0.24.exe
2013-09-06 12:59 - 2013-09-06 13:00 - 00392040 _____ (Softonic                                        ) C:\Users\Matthias\Desktop\SoftonicDownloader_fuer_screenshot-uploader.exe
2013-09-05 23:53 - 2013-09-05 23:53 - 00276336 _____ C:\Windows\Minidump\090513-41106-01.dmp
2013-09-05 15:59 - 2013-09-05 15:59 - 01947160 _____ (Farbar) C:\Users\Matthias\Desktop\FRST64.exe
2013-09-05 15:45 - 2013-09-05 15:45 - 01028757 _____ (Thisisu) C:\Users\Matthias\Desktop\JRT.exe
2013-09-05 15:45 - 2013-09-05 15:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 15:36 - 2013-09-05 15:38 - 00000000 ____D C:\AdwCleaner
2013-09-05 15:17 - 2013-09-09 16:37 - 00100628 _____ C:\Windows\PFRO.log
2013-09-05 15:17 - 2013-09-08 13:41 - 632046639 _____ C:\Windows\MEMORY.DMP
2013-09-05 15:17 - 2013-09-05 15:17 - 00276336 _____ C:\Windows\Minidump\090513-25818-01.dmp
2013-09-05 15:16 - 2013-09-05 15:16 - 00003464 ____N C:\bootsqm.dat
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Malwarebytes
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 12:12 - 2013-09-05 12:12 - 00026683 _____ C:\ComboFix.txt
2013-09-05 11:39 - 2013-09-05 12:13 - 00000000 ____D C:\ComboFix
2013-09-05 11:39 - 2013-09-05 12:12 - 00000000 ____D C:\Qoobox
2013-09-05 11:39 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 11:39 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 11:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 11:38 - 2013-09-05 12:05 - 00000000 ____D C:\Windows\erdnt
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\FRST
2013-09-04 11:14 - 2013-09-09 16:38 - 00001456 _____ C:\Windows\setupact.log
2013-09-04 11:14 - 2013-09-04 11:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 22:33 - 2013-09-03 22:33 - 95638383 _____ C:\Windows\SysWOW64\零뻼S
2013-08-31 19:00 - 2013-08-31 19:00 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\AUTOSICH
2013-08-21 22:43 - 2013-08-21 22:44 - 00000133 _____ C:\Users\Matthias\Desktop\shsh.txt
2013-08-18 10:12 - 2013-08-19 11:04 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-18 10:12 - 2013-08-19 11:04 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-18 10:12 - 2013-08-18 10:12 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-14 23:48 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:48 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:48 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:48 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:48 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:48 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:48 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:48 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:48 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:48 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:48 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 23:48 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 18:42 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:42 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:42 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:42 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:42 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:42 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:42 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:42 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:42 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:42 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:42 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:42 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:42 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:42 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:42 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-09 16:49 - 2013-09-09 16:43 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000UA
2013-09-09 16:49 - 2013-09-09 16:43 - 00003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000Core
2013-09-09 16:49 - 2013-09-09 16:43 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000UA.job
2013-09-09 16:49 - 2013-09-09 16:43 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000Core.job
2013-09-09 16:47 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 16:47 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 16:46 - 2013-09-09 16:46 - 00002382 _____ C:\Users\Matthias\Desktop\Google Chrome.lnk
2013-09-09 16:46 - 2013-09-09 16:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 16:44 - 2012-01-01 19:07 - 01291441 _____ C:\Windows\WindowsUpdate.log
2013-09-09 16:43 - 2012-01-01 19:59 - 00000000 ____D C:\Users\Matthias\AppData\Local\Google
2013-09-09 16:40 - 2012-05-18 20:02 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-09 16:39 - 2012-10-21 00:00 - 00000000 ____D C:\Users\Matthias\AppData\Local\LogMeIn Hamachi
2013-09-09 16:39 - 2012-01-01 20:00 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 16:38 - 2013-09-04 11:14 - 00001456 _____ C:\Windows\setupact.log
2013-09-09 16:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 16:37 - 2013-09-05 15:17 - 00100628 _____ C:\Windows\PFRO.log
2013-09-09 16:31 - 2012-01-01 20:00 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 16:30 - 2013-09-09 16:30 - 00001130 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-09 16:30 - 2012-01-01 19:59 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-09 16:28 - 2012-01-16 19:51 - 00000000 ____D C:\Users\Matthias\AppData\Local\Adobe
2013-09-09 16:07 - 2013-09-09 16:07 - 96665497 _____ C:\Windows\SysWOW64\䐞ꕊ뻼—
2013-09-08 13:41 - 2013-09-08 13:41 - 00276336 _____ C:\Windows\Minidump\090813-70372-01.dmp
2013-09-08 13:41 - 2013-09-05 15:17 - 632046639 _____ C:\Windows\MEMORY.DMP
2013-09-08 13:41 - 2012-01-03 17:07 - 00000000 ____D C:\Windows\Minidump
2013-09-08 11:21 - 2012-01-01 21:10 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Skype
2013-09-08 09:30 - 2013-09-07 23:45 - 00000577 _____ C:\Users\Matthias\Desktop\f.txt
2013-09-07 23:29 - 2012-10-13 13:40 - 00000000 ____D C:\Users\Matthias\Documents\FIFA 13
2013-09-07 23:17 - 2013-09-07 23:17 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-07 23:16 - 2013-09-07 23:16 - 03820480 _____ C:\Users\Matthias\battlelog-web-plugins_2.1.7_115.exe
2013-09-07 23:16 - 2012-01-01 19:07 - 00000000 ____D C:\Users\Matthias
2013-09-07 22:25 - 2013-09-07 22:25 - 00276336 _____ C:\Windows\Minidump\090713-46659-01.dmp
2013-09-07 21:12 - 2013-09-07 21:12 - 00276336 _____ C:\Windows\Minidump\090713-42947-01.dmp
2013-09-07 20:09 - 2013-09-07 20:09 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-07 20:09 - 2013-09-07 18:37 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-07 20:09 - 2013-09-07 18:37 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-07 19:53 - 2013-09-07 19:53 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Avira
2013-09-07 18:46 - 2013-09-07 18:46 - 00276336 _____ C:\Windows\Minidump\090713-43945-01.dmp
2013-09-07 18:38 - 2013-09-07 18:38 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-07 18:38 - 2013-09-07 18:38 - 00000000 ____D C:\ProgramData\APN
2013-09-07 18:38 - 2013-09-07 18:38 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-07 18:37 - 2013-09-07 18:37 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-07 18:37 - 2013-09-07 18:37 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-07 18:37 - 2012-01-01 19:43 - 00000000 ____D C:\ProgramData\Avira
2013-09-07 18:36 - 2013-09-07 18:30 - 110344048 _____ C:\Users\Matthias\avira_free_antivirus_de.exe
2013-09-06 15:03 - 2013-09-06 15:03 - 00276336 _____ C:\Windows\Minidump\090613-23431-01.dmp
2013-09-06 14:03 - 2013-09-06 14:03 - 96334488 _____ C:\Windows\SysWOW64\譍꣇뻼«
2013-09-06 13:06 - 2013-09-06 13:05 - 00517120 _____ (Screenshot Uploader) C:\Users\Matthias\Desktop\ScreenshotUploader_0.24.exe
2013-09-06 13:00 - 2013-09-06 12:59 - 00392040 _____ (Softonic                                        ) C:\Users\Matthias\Desktop\SoftonicDownloader_fuer_screenshot-uploader.exe
2013-09-06 12:21 - 2013-07-07 11:13 - 00000855 _____ C:\Users\Matthias\Desktop\TERA.lnk
2013-09-05 23:53 - 2013-09-05 23:53 - 00276336 _____ C:\Windows\Minidump\090513-41106-01.dmp
2013-09-05 15:59 - 2013-09-05 15:59 - 01947160 _____ (Farbar) C:\Users\Matthias\Desktop\FRST64.exe
2013-09-05 15:48 - 2012-10-19 18:40 - 00000000 ____D C:\Program Files (x86)\SProtector
2013-09-05 15:45 - 2013-09-05 15:45 - 01028757 _____ (Thisisu) C:\Users\Matthias\Desktop\JRT.exe
2013-09-05 15:45 - 2013-09-05 15:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 15:38 - 2013-09-05 15:36 - 00000000 ____D C:\AdwCleaner
2013-09-05 15:38 - 2012-12-08 19:28 - 00000000 ____D C:\ProgramData\Uniblue
2013-09-05 15:17 - 2013-09-05 15:17 - 00276336 _____ C:\Windows\Minidump\090513-25818-01.dmp
2013-09-05 15:16 - 2013-09-05 15:16 - 00003464 ____N C:\bootsqm.dat
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Malwarebytes
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 12:13 - 2013-09-05 11:39 - 00000000 ____D C:\ComboFix
2013-09-05 12:12 - 2013-09-05 12:12 - 00026683 _____ C:\ComboFix.txt
2013-09-05 12:12 - 2013-09-05 11:39 - 00000000 ____D C:\Qoobox
2013-09-05 12:12 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-05 12:05 - 2013-09-05 11:38 - 00000000 ____D C:\Windows\erdnt
2013-09-05 11:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-04 13:35 - 2012-08-16 23:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\FRST
2013-09-04 11:14 - 2013-09-04 11:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 10:03 - 2012-07-09 19:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-04 09:51 - 2012-05-18 15:54 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\FileZilla
2013-09-04 09:51 - 2012-01-01 21:05 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Winamp
2013-09-04 09:46 - 2012-01-01 18:56 - 00000000 ____D C:\Windows\Panther
2013-09-03 23:19 - 2012-01-02 23:28 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-03 23:19 - 2012-01-02 00:01 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-03 23:18 - 2012-01-02 00:01 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-03 22:33 - 2013-09-03 22:33 - 95638383 _____ C:\Windows\SysWOW64\零뻼S
2013-08-31 19:03 - 2012-01-01 21:09 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Nitro PDF
2013-08-31 19:00 - 2013-08-31 19:00 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\AUTOSICH
2013-08-31 18:47 - 2009-07-14 19:58 - 00819242 _____ C:\Windows\system32\perfh007.dat
2013-08-31 18:47 - 2009-07-14 19:58 - 00197228 _____ C:\Windows\system32\perfc007.dat
2013-08-31 18:47 - 2009-07-14 07:13 - 01949178 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 00:13 - 2012-07-18 22:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-26 00:45 - 2012-01-14 15:43 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\TS3Client
2013-08-21 22:44 - 2013-08-21 22:43 - 00000133 _____ C:\Users\Matthias\Desktop\shsh.txt
2013-08-19 11:04 - 2013-08-18 10:12 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-19 11:04 - 2013-08-18 10:12 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-18 10:12 - 2013-08-18 10:12 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-15 20:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 23:42 - 2013-07-21 13:57 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 23:40 - 2012-01-08 19:42 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Matthias\avira_free_antivirus_de.exe
C:\Users\Matthias\battlelog-web-plugins_2.1.7_115.exe
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\Softonic_chr_1-8-19-3.exe
C:\Users\Matthias\AppData\Local\Temp\sonarinst.exe
C:\Users\Matthias\AppData\Local\Temp\MozUpdater\updater.exe
C:\Users\Matthias\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Matthias\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 10:31

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 09.09.2013, 18:04

Emsisoft oder Avast. Immer noch probleme?

Hilfe_1 · 10.09.2013, 10:39

Hallo,

ich hab nun Avira deinstalliert und Avast installiert und gleich einen Scan gestartet. Nach dem Scan stand dort, dass die Software die Verzeichnisse nicht lesen konnte und so konnte ich sie nicht löschen, ignorieren oder in einen Container stecken. Außerdem wird noch immer die Meldung angezeigt, aber im Großen und Ganzen funktioniert wieder mein Computer.

schrauber · 10.09.2013, 11:23

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Unlock: C:\Users\Matthias\AppData\Local\Temp

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Danach FRST löschen und neu laden, Scan machen und bitte das Logfile posten.

Hilfe_1 · 10.09.2013, 12:11

Ich hab mich geirrt. Ich dachte der Virus wäre weg, aber stattdessen startet mein Computer immer neu. ICh kann Ihnen nicht einmal mehr richtig antworten. Ist jetzt schon der 6 Versuch.
Aber ich versuch Ihnen irgendwie den Fix code zu schicken bevor mein Computer wieder abschmirt

Hab es geschafft:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2013
Ran by Matthias at 2013-09-10 12:56:48 Run:1
Running from C:\Users\Matthias\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Matthias\AppData\Local\Temp
*****************


"C:\Users\Matthias\AppData\Local\Temp" directory move:

C:\Users\Matthias\AppData\Local\Temp\0ca0fda3-c9d3-4cca-82b6-ffd5921d5e55.dmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\0de97c5d-eeda-42cd-9233-8869c4020ccd.dmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\0e29ec50-ef12-4d98-8ae4-cfaee0aaa12b.dmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\4b525fee-d4be-4cbc-909f-54acd8cbedfe.dmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\59505359-26ba-4ff3-9089-5cb6faa73cce.dmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\83a16dbf-31d8-4670-8bf0-f65604d8983b.dmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\9035b9e2-2ba1-4948-8fb4-d387b6c37848.dmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\aac0d4eb-5b2e-45f0-b8d7-1204d1f13c46.dmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\AdobeARM_NotLocked.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\amt3.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\AppRemover_Log.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\av3BAC.tmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\av3BAC.tmp.dld => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\browserinfo.ini => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\dd9118.tmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\ddFDCF.tmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\dd_vcredistMSI7B5A.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\dd_vcredistUI7B5A.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_1QC01rULymh4kls => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_2HeNirpDEY83KVg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_9AOMyl7YcESqySi => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_9CpQV2gFEFqEQMb => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_aqQOHWQFox1o9fn => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_bQTLAfZgTONkhgc => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_dTDjGMLxI7mAGd0 => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_ENZh2rR8IiZPDU8 => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_FLbxKkR1YnhSFhP => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_FMgjWJj01mrbULw => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_Fz6OOkiGbBRwxiV => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_HfarYh1Wk63bf1Z => Moved successfully.
Could not move "C:\Users\Matthias\AppData\Local\Temp\etilqs_I50Isp090jxt9Ve" => Scheduled to move on reboot.
C:\Users\Matthias\AppData\Local\Temp\etilqs_iiyf1BnaSXoPnk0 => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_IsSHV36T4YCqrOB => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_kciiltYzQVnAod9 => Moved successfully.
Could not move "C:\Users\Matthias\AppData\Local\Temp\etilqs_LvdIKdsKoxPVRC8" => Scheduled to move on reboot.
C:\Users\Matthias\AppData\Local\Temp\etilqs_plebHUazBDEApl4 => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_qfFCGzclbv2NMEK => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_qNkIy4qaGjp953p => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_R4WHZbZem8UGdGb => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_sBVMD54CppuKghl => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_syakvl8kWsLWnR2 => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_tdca7xyfY25HSat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_WcjrC1BQB30qqsc => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_X84E68fnVTgA3xy => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_xL4Sg0jOJKUfY4H => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_xzCKO2wPeS23PV3 => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_yJOAZBbztetTvsH => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_zP5B2v1hLy23JpH => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\FRST.tmp => Moved successfully.
Could not move "C:\Users\Matthias\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Matthias\AppData\Local\Temp\GoogleUpdateSetup.exea95aa => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\JRT.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\LastScan.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\manHp2376.tmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\MpSigStub.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\MSIb621f.LOG => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\oobelib.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\PDApp.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\result.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\Softonic_chr_1-8-19-3.exe => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\sonarinst.exe => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\swtag.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\WER-118981-0.sysdata.xml => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\WER2AE6.tmp.WERInternalMetadata.xml => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\WER2AE7.tmp.cab => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\WER53EC.tmp.cab => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\WERA8BD.tmp.appcompat.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\WERA8ED.tmp.hdmp => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\WERF4E8.tmp.WERInternalMetadata.xml => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\~DF6794F5A14DA21E07.TMP => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\tmp000060f0\tmp00000000 => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\tmp000043ac\tmp00000000 => Moved successfully.
Could not move "C:\Users\Matthias\AppData\Local\Temp\Skype\DbTemp\temp-1XL4h9gHvvRkpGBPVkUHoIZC" => Scheduled to move on reboot.
Could not move "C:\Users\Matthias\AppData\Local\Temp\Skype\DbTemp\temp-8xdDPmSbRJ3aEQp2h00cCzxT" => Scheduled to move on reboot.
C:\Users\Matthias\AppData\Local\Temp\MozUpdater\updater.exe => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\MozUpdater\updater.ini => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\KiesLiveupdateTemp\PluginHost.xml => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\APPID_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\APPID_files.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\appinit64_null.reg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\appinit_null.reg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\APPPATHS.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\APPROVEDEXTENSIONS_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\ask.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\askCLSID.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\askregkey_x64.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\askregkey_x86.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\askregvalue_x64.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\askregvalue_x86.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\askservices.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\badAPPINIT.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\badFOLDERS.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\badFOLDERScom.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\badFOLDERSstart.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\badLNK.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\badvalues.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\BHO_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\BHO_name.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\browsermngr_keys.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\browsermngr_values.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\CHOICE.DAT => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\chrome.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\CHRregkey_x64.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\CHRregkey_x86.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\CHR_extensions.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\clean_shortcut.vbs => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\CLSID_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\currentmd5.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\CUT.DAT => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\datamngr_del.reg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\defaultscope.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\delfolders.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\delorphans.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\ELEVATIONPOLICY_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\ev_clear.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\EXT.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFbrowsermngr.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFextensions.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFpluginREG.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFplugins.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFprefs.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFregkey_x64.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFregkey_x86.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFwhtlist.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFXML.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FFXPI.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\firefox.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FWCLSID.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\FWPolicy.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\get.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\IEwhtlst.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\iexplore.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\IFEO.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\INTERFACE_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\JRT.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\medfos.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\MENUEXT.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\merger.reg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\misc.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\modules.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\modules.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\moduleservices.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\newmd5.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\NIRCMD.DAT => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\NOTIFY.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\PREAPPROVED_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\prelim.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\PRODUCTS.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\REGhcr.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\REGhkcu_and_hklm_allow.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\REGhkcu_and_hklm_software.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\REGhkcu_software_appdatalow.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\REGhkcu_software_microsoft.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\REGhklm_software_classes.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\REGISTRYUSERSID.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\runvalues.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\runvalues_x64.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\runvalues_x86.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\S1518COMPONENTS.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\searchlnk.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\SED.DAT => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\sednewline.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\services.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\serviceseventlog.cfg => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\SETTINGS_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\SHORTCUT.DAT => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\STATS_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\TDL4.bat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\TRACING.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\TYPELIB_clsid.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\UNINSTALL.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\UpgradeCodes.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\WGET.DAT => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\WOW6432NODE.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\temp\null.txt => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\erunt\ERDNT.E_E => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\erunt\ERUNT.EXE => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\erunt\ERUNT.LOC => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\jrt\erunt\README.TXT => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.fingerprint => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\APN-Stub\AVIRA-V7\Msid1d11609-b65c-4644-879b-1631dfc7c333.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\APN-Stub\AVIRA-V7\Stbd1d11609-b65c-4644-879b-1631dfc7c333.log => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\APN\ReportingData.dat => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\a2temp\update.ini => Moved successfully.
C:\Users\Matthias\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll => Moved successfully.
Could not move "C:\Users\Matthias\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=========== Result of Scheduled Files to move ===========

C:\Users\Matthias\AppData\Local\Temp\etilqs_I50Isp090jxt9Ve => Is moved successfully.
C:\Users\Matthias\AppData\Local\Temp\etilqs_LvdIKdsKoxPVRC8 => Is moved successfully.
"C:\Users\Matthias\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
C:\Users\Matthias\AppData\Local\Temp\Skype\DbTemp\temp-1XL4h9gHvvRkpGBPVkUHoIZC => Is moved successfully.
C:\Users\Matthias\AppData\Local\Temp\Skype\DbTemp\temp-8xdDPmSbRJ3aEQp2h00cCzxT => Is moved successfully.
"C:\Users\Matthias\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====

Komisch jetzt startet der Computer nicht mehr neu!!!

Und hier ist das Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Matthias (administrator) on MATTHIAS-PC on 10-09-2013 13:08:57
Running from C:\Users\Matthias\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Users\Matthias\Kies\External\FirmwareUpdate\KiesPDLR.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Windows\system\Cm106eye.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Samsung Electronics Co., Ltd.) C:\Users\Matthias\Kies\KiesTrayAgent.exe
(Apple Inc.) E:\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Creative Technology Ltd.) C:\Windows\system32\AMBSpiE.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm106Sound] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-01] (Google Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1811368 2013-09-06] (Valve Corporation)
HKCU\...\Run: [KiesHelper] - C:\Users\Matthias\Kies\KiesHelper.exe [958392 2012-05-29] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Users\Matthias\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-11-30] (AMD)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875944 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-09] (Google Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] - C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [TurboV EVO] - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9993344 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Users\Matthias\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - E:\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe (D-Link Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\pdf\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Free Download Manager plugin - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: Download Youtube Videos + - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\video.downloader.plugin@ffpimp.com
FF Extension: DownloadHelper - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: toolbar - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\toolbar@gmx.net.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Matthias\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Matthias\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Matthias\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\pdf\npnitromozilla.dll ( )
CHR Plugin: (iTunes Application Detector) - E:\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Matthias\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.8.0.crx

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-01-16] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-28] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2010-12-21] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2010-12-21] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2010-12-21] (MCCI Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 VSPerfDrv100; E:\windows-office\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S3 VSPerfDrv100; E:\windows-office\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 12:50 - 2013-09-10 12:51 - 00276336 _____ C:\Windows\Minidump\091013-26176-01.dmp
2013-09-10 12:44 - 2013-09-10 12:44 - 00276336 _____ C:\Windows\Minidump\091013-24086-01.dmp
2013-09-10 12:32 - 2013-09-10 12:32 - 00003280 ____N C:\bootsqm.dat
2013-09-09 23:09 - 2013-09-09 23:09 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-09 23:09 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-09 23:09 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-09 23:09 - 2013-08-30 09:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-09 23:09 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-09 23:09 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-09 23:09 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-09 23:08 - 2013-09-10 12:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-09 23:08 - 2013-09-09 23:08 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-09 23:08 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-09 23:08 - 2013-08-30 09:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-09 23:08 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-09 23:08 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-09 22:54 - 2013-09-09 23:07 - 131918888 _____ C:\Users\Matthias\Downloads\avast_free_antivirus_setup (1).exe
2013-09-09 22:05 - 2013-09-09 23:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-09 22:04 - 2013-09-09 23:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-09 19:46 - 2013-09-09 21:56 - 00000000 ____D C:\Users\Matthias\Documents\Anti-Malware
2013-09-09 19:46 - 2013-09-09 21:56 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-09-09 19:16 - 2013-09-09 19:27 - 197397736 _____ (Emsisoft GmbH                                               ) C:\Users\Matthias\Downloads\EmsisoftAntiMalwareSetup.exe
2013-09-09 16:52 - 2013-09-09 16:52 - 00045457 _____ C:\Users\Matthias\Desktop\FRST.txt
2013-09-09 16:46 - 2013-09-09 16:46 - 00002382 _____ C:\Users\Matthias\Desktop\Google Chrome.lnk
2013-09-09 16:46 - 2013-09-09 16:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 16:43 - 2013-09-10 12:54 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000UA.job
2013-09-09 16:43 - 2013-09-09 16:54 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000Core.job
2013-09-09 16:43 - 2013-09-09 16:49 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000UA
2013-09-09 16:43 - 2013-09-09 16:49 - 00003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000Core
2013-09-09 16:30 - 2013-09-09 16:30 - 00001130 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-09 16:07 - 2013-09-09 16:07 - 96665497 _____ C:\Windows\SysWOW64\䐞ꕊ뻼—
2013-09-08 13:41 - 2013-09-08 13:41 - 00276336 _____ C:\Windows\Minidump\090813-70372-01.dmp
2013-09-07 23:45 - 2013-09-08 09:30 - 00000577 _____ C:\Users\Matthias\Desktop\f.txt
2013-09-07 23:17 - 2013-09-07 23:17 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-07 23:16 - 2013-09-07 23:16 - 03820480 _____ C:\Users\Matthias\battlelog-web-plugins_2.1.7_115.exe
2013-09-07 22:25 - 2013-09-07 22:25 - 00276336 _____ C:\Windows\Minidump\090713-46659-01.dmp
2013-09-07 21:12 - 2013-09-07 21:12 - 00276336 _____ C:\Windows\Minidump\090713-42947-01.dmp
2013-09-07 18:46 - 2013-09-07 18:46 - 00276336 _____ C:\Windows\Minidump\090713-43945-01.dmp
2013-09-07 18:38 - 2013-09-07 18:38 - 00000000 ____D C:\ProgramData\APN
2013-09-07 18:30 - 2013-09-07 18:36 - 110344048 _____ C:\Users\Matthias\avira_free_antivirus_de.exe
2013-09-06 15:03 - 2013-09-06 15:03 - 00276336 _____ C:\Windows\Minidump\090613-23431-01.dmp
2013-09-06 14:03 - 2013-09-06 14:03 - 96334488 _____ C:\Windows\SysWOW64\譍꣇뻼«
2013-09-06 13:05 - 2013-09-06 13:06 - 00517120 _____ (Screenshot Uploader) C:\Users\Matthias\Desktop\ScreenshotUploader_0.24.exe
2013-09-06 12:59 - 2013-09-06 13:00 - 00392040 _____ (Softonic                                        ) C:\Users\Matthias\Desktop\SoftonicDownloader_fuer_screenshot-uploader.exe
2013-09-05 23:53 - 2013-09-05 23:53 - 00276336 _____ C:\Windows\Minidump\090513-41106-01.dmp
2013-09-05 15:45 - 2013-09-05 15:45 - 01028757 _____ (Thisisu) C:\Users\Matthias\Desktop\JRT.exe
2013-09-05 15:45 - 2013-09-05 15:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 15:36 - 2013-09-05 15:38 - 00000000 ____D C:\AdwCleaner
2013-09-05 15:17 - 2013-09-10 12:57 - 00103222 _____ C:\Windows\PFRO.log
2013-09-05 15:17 - 2013-09-10 12:50 - 605029423 _____ C:\Windows\MEMORY.DMP
2013-09-05 15:17 - 2013-09-05 15:17 - 00276336 _____ C:\Windows\Minidump\090513-25818-01.dmp
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Malwarebytes
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 12:12 - 2013-09-05 12:12 - 00026683 _____ C:\ComboFix.txt
2013-09-05 11:39 - 2013-09-05 12:13 - 00000000 ____D C:\ComboFix
2013-09-05 11:39 - 2013-09-05 12:12 - 00000000 ____D C:\Qoobox
2013-09-05 11:39 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 11:39 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 11:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 11:38 - 2013-09-05 12:05 - 00000000 ____D C:\Windows\erdnt
2013-09-04 13:02 - 2013-09-10 13:00 - 00000000 ____D C:\FRST
2013-09-04 11:14 - 2013-09-10 12:58 - 00001904 _____ C:\Windows\setupact.log
2013-09-04 11:14 - 2013-09-04 11:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 22:33 - 2013-09-03 22:33 - 95638383 _____ C:\Windows\SysWOW64\零뻼S
2013-08-31 19:00 - 2013-08-31 19:00 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\AUTOSICH
2013-08-21 22:43 - 2013-08-21 22:44 - 00000133 _____ C:\Users\Matthias\Desktop\shsh.txt
2013-08-18 10:12 - 2013-08-19 11:04 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-18 10:12 - 2013-08-19 11:04 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-18 10:12 - 2013-08-18 10:12 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-14 23:48 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:48 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:48 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:48 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:48 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:48 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:48 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:48 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:48 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:48 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:48 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 23:48 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 18:42 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:42 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:42 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:42 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:42 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:42 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:42 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:42 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:42 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:42 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:42 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:42 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:42 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:42 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:42 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-10 13:08 - 2013-09-10 13:08 - 01949196 _____ (Farbar) C:\Users\Matthias\Downloads\FRST64.exe
2013-09-10 13:06 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 13:06 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 13:00 - 2013-09-04 13:02 - 00000000 ____D C:\FRST
2013-09-10 13:00 - 2012-05-18 20:02 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-10 12:59 - 2012-10-21 00:00 - 00000000 ____D C:\Users\Matthias\AppData\Local\LogMeIn Hamachi
2013-09-10 12:59 - 2012-01-01 21:10 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Skype
2013-09-10 12:58 - 2013-09-04 11:14 - 00001904 _____ C:\Windows\setupact.log
2013-09-10 12:58 - 2012-01-01 20:00 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 12:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 12:57 - 2013-09-05 15:17 - 00103222 _____ C:\Windows\PFRO.log
2013-09-10 12:57 - 2012-01-01 19:07 - 01495657 _____ C:\Windows\WindowsUpdate.log
2013-09-10 12:54 - 2013-09-09 16:43 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000UA.job
2013-09-10 12:51 - 2013-09-10 12:50 - 00276336 _____ C:\Windows\Minidump\091013-26176-01.dmp
2013-09-10 12:50 - 2013-09-05 15:17 - 605029423 _____ C:\Windows\MEMORY.DMP
2013-09-10 12:50 - 2012-01-03 17:07 - 00000000 ____D C:\Windows\Minidump
2013-09-10 12:44 - 2013-09-10 12:44 - 00276336 _____ C:\Windows\Minidump\091013-24086-01.dmp
2013-09-10 12:36 - 2013-09-09 23:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-10 12:32 - 2013-09-10 12:32 - 00003280 ____N C:\bootsqm.dat
2013-09-10 11:31 - 2012-01-01 20:00 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 10:45 - 2012-01-16 19:51 - 00000000 ____D C:\Users\Matthias\AppData\Local\Adobe
2013-09-09 23:09 - 2013-09-09 23:09 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-09 23:08 - 2013-09-09 23:08 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-09 23:08 - 2013-09-09 22:05 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-09 23:08 - 2013-09-09 22:04 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-09 23:07 - 2013-09-09 22:54 - 131918888 _____ C:\Users\Matthias\Downloads\avast_free_antivirus_setup (1).exe
2013-09-09 21:56 - 2013-09-09 19:46 - 00000000 ____D C:\Users\Matthias\Documents\Anti-Malware
2013-09-09 21:56 - 2013-09-09 19:46 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-09-09 21:14 - 2012-10-19 00:04 - 00000000 ____D C:\Program Files (x86)\DownloadManager
2013-09-09 19:35 - 2012-01-01 19:43 - 00000000 ____D C:\ProgramData\Avira
2013-09-09 19:27 - 2013-09-09 19:16 - 197397736 _____ (Emsisoft GmbH                                               ) C:\Users\Matthias\Downloads\EmsisoftAntiMalwareSetup.exe
2013-09-09 16:54 - 2013-09-09 16:43 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000Core.job
2013-09-09 16:52 - 2013-09-09 16:52 - 00045457 _____ C:\Users\Matthias\Desktop\FRST.txt
2013-09-09 16:49 - 2013-09-09 16:43 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000UA
2013-09-09 16:49 - 2013-09-09 16:43 - 00003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2339201514-1796223682-273167506-1000Core
2013-09-09 16:46 - 2013-09-09 16:46 - 00002382 _____ C:\Users\Matthias\Desktop\Google Chrome.lnk
2013-09-09 16:46 - 2013-09-09 16:46 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 16:43 - 2012-01-01 19:59 - 00000000 ____D C:\Users\Matthias\AppData\Local\Google
2013-09-09 16:30 - 2013-09-09 16:30 - 00001130 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-09 16:30 - 2012-01-01 19:59 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-09 16:07 - 2013-09-09 16:07 - 96665497 _____ C:\Windows\SysWOW64\䐞ꕊ뻼—
2013-09-08 13:41 - 2013-09-08 13:41 - 00276336 _____ C:\Windows\Minidump\090813-70372-01.dmp
2013-09-08 09:30 - 2013-09-07 23:45 - 00000577 _____ C:\Users\Matthias\Desktop\f.txt
2013-09-07 23:29 - 2012-10-13 13:40 - 00000000 ____D C:\Users\Matthias\Documents\FIFA 13
2013-09-07 23:17 - 2013-09-07 23:17 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-07 23:16 - 2013-09-07 23:16 - 03820480 _____ C:\Users\Matthias\battlelog-web-plugins_2.1.7_115.exe
2013-09-07 23:16 - 2012-01-01 19:07 - 00000000 ____D C:\Users\Matthias
2013-09-07 22:25 - 2013-09-07 22:25 - 00276336 _____ C:\Windows\Minidump\090713-46659-01.dmp
2013-09-07 21:12 - 2013-09-07 21:12 - 00276336 _____ C:\Windows\Minidump\090713-42947-01.dmp
2013-09-07 18:46 - 2013-09-07 18:46 - 00276336 _____ C:\Windows\Minidump\090713-43945-01.dmp
2013-09-07 18:38 - 2013-09-07 18:38 - 00000000 ____D C:\ProgramData\APN
2013-09-07 18:36 - 2013-09-07 18:30 - 110344048 _____ C:\Users\Matthias\avira_free_antivirus_de.exe
2013-09-06 15:03 - 2013-09-06 15:03 - 00276336 _____ C:\Windows\Minidump\090613-23431-01.dmp
2013-09-06 14:03 - 2013-09-06 14:03 - 96334488 _____ C:\Windows\SysWOW64\譍꣇뻼«
2013-09-06 13:06 - 2013-09-06 13:05 - 00517120 _____ (Screenshot Uploader) C:\Users\Matthias\Desktop\ScreenshotUploader_0.24.exe
2013-09-06 13:00 - 2013-09-06 12:59 - 00392040 _____ (Softonic                                        ) C:\Users\Matthias\Desktop\SoftonicDownloader_fuer_screenshot-uploader.exe
2013-09-06 12:21 - 2013-07-07 11:13 - 00000855 _____ C:\Users\Matthias\Desktop\TERA.lnk
2013-09-05 23:53 - 2013-09-05 23:53 - 00276336 _____ C:\Windows\Minidump\090513-41106-01.dmp
2013-09-05 15:48 - 2012-10-19 18:40 - 00000000 ____D C:\Program Files (x86)\SProtector
2013-09-05 15:45 - 2013-09-05 15:45 - 01028757 _____ (Thisisu) C:\Users\Matthias\Desktop\JRT.exe
2013-09-05 15:45 - 2013-09-05 15:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 15:38 - 2013-09-05 15:36 - 00000000 ____D C:\AdwCleaner
2013-09-05 15:38 - 2012-12-08 19:28 - 00000000 ____D C:\ProgramData\Uniblue
2013-09-05 15:17 - 2013-09-05 15:17 - 00276336 _____ C:\Windows\Minidump\090513-25818-01.dmp
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Malwarebytes
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 12:13 - 2013-09-05 11:39 - 00000000 ____D C:\ComboFix
2013-09-05 12:12 - 2013-09-05 12:12 - 00026683 _____ C:\ComboFix.txt
2013-09-05 12:12 - 2013-09-05 11:39 - 00000000 ____D C:\Qoobox
2013-09-05 12:12 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-05 12:05 - 2013-09-05 11:38 - 00000000 ____D C:\Windows\erdnt
2013-09-05 11:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-04 13:35 - 2012-08-16 23:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 11:14 - 2013-09-04 11:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 10:03 - 2012-07-09 19:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-04 09:51 - 2012-05-18 15:54 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\FileZilla
2013-09-04 09:51 - 2012-01-01 21:05 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Winamp
2013-09-04 09:46 - 2012-01-01 18:56 - 00000000 ____D C:\Windows\Panther
2013-09-03 23:19 - 2012-01-02 23:28 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-03 23:19 - 2012-01-02 00:01 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-03 23:18 - 2012-01-02 00:01 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-03 22:33 - 2013-09-03 22:33 - 95638383 _____ C:\Windows\SysWOW64\零뻼S
2013-08-31 19:03 - 2012-01-01 21:09 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Nitro PDF
2013-08-31 19:00 - 2013-08-31 19:00 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\AUTOSICH
2013-08-31 18:47 - 2009-07-14 19:58 - 00819242 _____ C:\Windows\system32\perfh007.dat
2013-08-31 18:47 - 2009-07-14 19:58 - 00197228 _____ C:\Windows\system32\perfc007.dat
2013-08-31 18:47 - 2009-07-14 07:13 - 01949178 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 09:48 - 2013-09-09 23:09 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-09 23:09 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-09 23:09 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-09 23:09 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-09 23:09 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-09 23:09 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:48 - 2013-09-09 23:08 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-09 23:08 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:47 - 2013-09-09 23:08 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-09 23:08 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-29 00:13 - 2012-07-18 22:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-26 00:45 - 2012-01-14 15:43 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\TS3Client
2013-08-21 22:44 - 2013-08-21 22:43 - 00000133 _____ C:\Users\Matthias\Desktop\shsh.txt
2013-08-19 11:04 - 2013-08-18 10:12 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-19 11:04 - 2013-08-18 10:12 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-18 10:12 - 2013-08-18 10:12 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-15 20:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 23:42 - 2013-07-21 13:57 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 23:40 - 2012-01-08 19:42 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Matthias\avira_free_antivirus_de.exe
C:\Users\Matthias\battlelog-web-plugins_2.1.7_115.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 10:31

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 10.09.2013, 13:59

Argh, du hast den Fix falsch ausgeführt!

der Fix war

Zitat:

Unlock: C:\Users\Matthias\AppData\Local\Temp

Du hast in die Fixlist kopiert

Zitat:

C:\Users\Matthias\AppData\Local\Temp

Damit wurde der Ordner gelöscht, nicht entsperrt....

Zitat:

Komisch jetzt startet der Computer nicht mehr neu!!!

Warum kannst Du dann ein Log aus dem normalen Modus posten wenn der Rechner nicht mehr startet?

Hilfe_1 · 10.09.2013, 14:47

Das war dann wohl mein Fehler^^. Kann man das irgendwie rückgängig machen und diesen Befehl (natürlich dieses Mal mit unlock) neu ausführen.

Mit Neustarten meinte ich, dass mein Computer nach einiger Zeit herunterfährt und dann wieder neustartet. Das hat er noch vor diesen Virus nicht gemacht.

Aber Andererseits habe ich nicht mehr diese Meldung: "Entfernen des Win32/Small.CA_Virus"

schrauber · 10.09.2013, 17:17

Wann genau fährt er runter? Nach welcher Zeit? Ohne Meldung?

Hilfe_1 · 10.09.2013, 17:33

Hallo,

da ich unabsichtlich diesen Ordner gelöscht habe fährt mein Computer überhaupt nicht mehr runter und Windows zeigt auch keine Meldung mehr an!!!

Aber zuvor als ich noch diese Meldung ("Entfernen des Win32/Small.CA_Virus") hatte ist er dauernd ohne Vorwarnung heruntergefahren. Meistens ist er heruntergefahren wenn ich gegoogelt habe oder wenn ich hier zum Beispiel einen Beitrag schreiben wollte. War ziemlich nervenaufreibend.

Aber wie gesagt Windows zeigt keine Meldung mehr an und seit ich diesen Ordner gelöscht habe funktioniert wieder alles

.
Ich hab keine Ahnung ob dieser Ordner wichtig war, aber egal.
Danke, dass Sie mir geholfen haben und so viel Zeit für mich investiert haben^^

schrauber · 10.09.2013, 20:04

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hilfe_1 · 12.09.2013, 14:29

Hallo schrauber,

ich konnte alles erfolgreich installieren und werde mich an deine Regeln halten.
Ich will mich noch einmal bei dir recht herzlich bedanken und wünsche auch dir noch viel Spaß beim Helfen^^, denn so einen Support kann jeder mal brauchen

schrauber · 12.09.2013, 17:49

Gern Geschehen

09.09.2013, 18:04	#19
schrauber /// the machine /// TB-Ausbilder	"Entfernen des Win32/Small.CA_Virus" Emsisoft oder Avast. Immer noch probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

10.09.2013, 17:17	#25
schrauber /// the machine /// TB-Ausbilder	"Entfernen des Win32/Small.CA_Virus" Wann genau fährt er runter? Nach welcher Zeit? Ohne Meldung? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

12.09.2013, 17:49	#29
schrauber /// the machine /// TB-Ausbilder	"Entfernen des Win32/Small.CA_Virus" Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

"Entfernen des Win32/Small.CA_Virus"

Plagegeister aller Art und deren Bekämpfung: "Entfernen des Win32/Small.CA_Virus"