Bundespolizei-GVU-Interpol Virus

MrBlueBit · 13.12.2013, 18:08

Hallo,
der Laptop einer Bekannten startet nur mit diesem Bild des Virus. Man solle 100 Euro mit "paysafecard" bezahlen usw....
Windows bootet normal hoch.
Farbar habe ich durchlaufen lassen:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-FSUUNJD on 13-12-2013 17:47:48
Running from D:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1486392 2011-04-05] (McAfee, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-03-04] (Avira GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKU\Anna\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-06] (Google Inc.)
HKU\Anna\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.4\ICQ.exe [119608 2011-03-20] (ICQ, LLC.)
HKU\Anna\...\Run: [Facebook Update] - C:\Users\Anna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Anna\...\Run: [AVMUSBFernanschluss] - C:\Users\Anna\AppData\Local\Apps\2.0\8KJ8VP5O.GXN\BDDP57JA.DJZ\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-02-01] (AVM Berlin)
HKU\Anna\...\RunOnce: [*IE11Update] - C:\Users\Anna\Desktop\IE11Update.exe [45384 2013-10-11] ()

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-27] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-29] (Avira GmbH)
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246584 2010-06-21] ()
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2011-04-14] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2011-04-14] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2011-04-14] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1250160 2010-05-31] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-06-29] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-06-29] (Avira GmbH)
S3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2011-10-10] (AVM Berlin)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-13 17:47 - 2013-12-13 17:47 - 00000000 ____D C:\FRST
2013-11-19 13:45 - 2013-11-19 13:45 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2013-12-13 17:47 - 2013-12-13 17:47 - 00000000 ____D C:\FRST
2013-12-13 17:29 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-13 17:29 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-13 17:28 - 2010-12-06 19:41 - 00654852 _____ C:\Windows\System32\perfh007.dat
2013-12-13 17:28 - 2010-12-06 19:41 - 00130434 _____ C:\Windows\System32\perfc007.dat
2013-12-13 17:28 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-13 17:21 - 2011-03-16 22:19 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0422D496-14A5-4D58-B1C5-CFB16DB30B91}
2013-12-13 17:21 - 2010-12-06 11:04 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-13 17:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-13 17:21 - 2009-07-14 05:51 - 00097790 _____ C:\Windows\setupact.log
2013-11-19 13:45 - 2013-11-19 13:45 - 00000000 ____D C:\Program Files\McAfee Security Scan

Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\AskSLib.dll
C:\Users\Anna\AppData\Local\Temp\AutoRun.exe
C:\Users\Anna\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Anna\AppData\Local\Temp\contentDATs.exe
C:\Users\Anna\AppData\Local\Temp\First15.exe
C:\Users\Anna\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Anna\AppData\Local\Temp\kgqhmqvxqyyqpywpujh.bfg
C:\Users\Anna\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Anna\AppData\Local\Temp\VP6Install.exe
C:\Users\Anna\AppData\Local\Temp\VP6VFW.dll
C:\Users\Anna\AppData\Local\Temp\~tmf3844199169639546943.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

6
Restore point made on: 2013-08-30 17:29:30
Restore point made on: 2013-09-11 11:55:29
Restore point made on: 2013-09-13 06:11:14
Restore point made on: 2013-09-22 15:57:53
Restore point made on: 2013-10-09 15:56:17
Restore point made on: 2013-10-11 00:26:07

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4012.96 MB
Available physical RAM: 3363.9 MB
Total Pagefile: 4011.11 MB
Available Pagefile: 3361.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:583.19 GB) (Free:511.33 GB) NTFS
Drive d: () (Removable) (Total:1.96 GB) (Free:1.94 GB) FAT
Drive f: (Recovery) (Fixed) (Total:12.88 GB) (Free:0.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 96F323E6)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=583 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: FD9A35C3)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-10-09 15:47

==================== End Of Log ============================

Danke und Grüße
Andi

schrauber · 13.12.2013, 18:44

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Anna\...\RunOnce: [*IE11Update] - C:\Users\Anna\Desktop\IE11Update.exe [45384 2013-10-11] ()
C:\Users\Anna\Desktop\IE11Update.exe

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

MrBlueBit · 15.12.2013, 21:19

So...
hat etwas gedauert.
Hier das Log:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2013 01
Ran by SYSTEM at 2013-12-15 21:11:59 Run:1
Running from D:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Anna\...\RunOnce: [*IE11Update] - C:\Users\Anna\Desktop\IE11Update.exe [45384 2013-10-11] ()
C:\Users\Anna\Desktop\IE11Update.exe
*****************

HKU\Anna\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*IE11Update => Value deleted successfully.
C:\Users\Anna\Desktop\IE11Update.exe => Moved successfully.

==== End of Fixlog ====

Rechner startet jetzt wieder normal
Muß ich noch was beachten?

Danke

schrauber · 16.12.2013, 11:56

Kontrollscans im normalen Modus:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

MrBlueBit · 17.12.2013, 23:50

So- nun die Scans:

Während des Malware Scans hat Mc Affee gemeldet das er einen Trojaner entfernt hat (automatisch) - das wars vielleicht schon.

Malware Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.17.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Anna :: ANNA-VAIO [Administrator]

Schutz: Aktiviert

17.12.2013 22:43:28
mbam-log-2013-12-17 (22-43-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212091
Laufzeit: 14 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Weiteres folgt...

Log von AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.015 - Bericht erstellt am 17/12/2013 um 23:09:42
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Anna - ANNA-VAIO
# Gestartet von : C:\Users\Anna\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : ICQ Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3458 octets] - [17/12/2013 23:04:05]
AdwCleaner[S0].txt - [3130 octets] - [17/12/2013 23:09:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3190 octets] ##########

Log von JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Anna on 17.12.2013 at 23:17:50,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoF772.tmp



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.12.2013 at 23:35:56,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2013 02
Ran by Anna (administrator) on ANNA-VAIO on 17-12-2013 23:40:16
Running from C:\Users\Anna\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ICQ, LLC.) C:\Program Files (x86)\ICQ7.4\ICQ.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(AVM Berlin) C:\Users\Anna\AppData\Local\Apps\2.0\8KJ8VP5O.GXN\BDDP57JA.DJZ\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-06] (Google Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.4\ICQ.exe [119608 2011-03-20] (ICQ, LLC.)
HKCU\...\Run: [Facebook Update] - C:\Users\Anna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\Anna\AppData\Local\Apps\2.0\8KJ8VP5O.GXN\BDDP57JA.DJZ\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-02-01] (AVM Berlin)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1486392 2011-04-05] (McAfee, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-03-04] (Avira GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/home.php?ref=hp
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3A382A75-A931-48AF-8EA0-2FF9CD0C2830} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {BA5CC991-053D-496D-B50B-CE0BEF21D2A9} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {C3C7A28B-98E5-4396-8D17-7C591D76AE50} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho64.dll ()
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110608163427.dll (McAfee, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110608163428.dll (McAfee, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Anna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Extension: (SiteAdvisor) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-27] (Avira GmbH)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-29] (Avira GmbH)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2011-04-14] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2011-04-14] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2011-04-14] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1250160 2010-05-31] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-06-29] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-06-29] (Avira GmbH)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2011-10-10] (AVM Berlin)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-17 23:40 - 2013-12-17 23:41 - 00019258 _____ C:\Users\Anna\Desktop\FRST.txt
2013-12-17 23:35 - 2013-12-17 23:35 - 00000688 _____ C:\Users\Anna\Desktop\JRT.txt
2013-12-17 23:17 - 2013-12-17 23:17 - 00000000 ____D C:\Windows\ERUNT
2013-12-17 23:03 - 2013-12-17 23:09 - 00000000 ____D C:\AdwCleaner
2013-12-17 22:39 - 2013-12-17 22:39 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-17 22:39 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-17 22:38 - 2013-12-17 22:38 - 01928214 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2013-12-17 22:38 - 2013-12-17 22:38 - 01034531 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2013-12-17 22:37 - 2013-12-17 22:38 - 01226750 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2013-12-17 22:37 - 2013-12-17 22:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-13 17:47 - 2013-12-13 17:47 - 00000000 ____D C:\FRST
2013-11-19 13:45 - 2013-11-19 13:45 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2013-12-17 23:41 - 2013-12-17 23:40 - 00019258 _____ C:\Users\Anna\Desktop\FRST.txt
2013-12-17 23:35 - 2013-12-17 23:35 - 00000688 _____ C:\Users\Anna\Desktop\JRT.txt
2013-12-17 23:32 - 2010-12-06 11:04 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-17 23:20 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-17 23:20 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-17 23:19 - 2011-03-16 22:16 - 01324953 _____ C:\Windows\WindowsUpdate.log
2013-12-17 23:18 - 2010-12-06 19:41 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-12-17 23:18 - 2010-12-06 19:41 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-12-17 23:18 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-17 23:17 - 2013-12-17 23:17 - 00000000 ____D C:\Windows\ERUNT
2013-12-17 23:15 - 2011-03-16 22:19 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0422D496-14A5-4D58-B1C5-CFB16DB30B91}
2013-12-17 23:13 - 2011-10-10 17:58 - 00011999 _____ C:\Windows\avmacc.log
2013-12-17 23:12 - 2010-12-06 11:04 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-17 23:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-17 23:12 - 2009-07-14 05:51 - 00098014 _____ C:\Windows\setupact.log
2013-12-17 23:11 - 2010-10-11 21:06 - 00033406 _____ C:\Windows\PFRO.log
2013-12-17 23:09 - 2013-12-17 23:03 - 00000000 ____D C:\AdwCleaner
2013-12-17 23:09 - 2011-03-20 23:16 - 00000000 ____D C:\ProgramData\ICQ
2013-12-17 22:39 - 2013-12-17 22:39 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-17 22:38 - 2013-12-17 22:38 - 01928214 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2013-12-17 22:38 - 2013-12-17 22:38 - 01034531 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2013-12-17 22:38 - 2013-12-17 22:37 - 01226750 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2013-12-17 22:37 - 2013-12-17 22:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-17 22:27 - 2010-12-06 11:04 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-17 22:27 - 2010-12-06 11:04 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-13 17:47 - 2013-12-13 17:47 - 00000000 ____D C:\FRST
2013-11-19 13:45 - 2013-11-19 13:45 - 00000000 ____D C:\Program Files\McAfee Security Scan

Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\AskSLib.dll
C:\Users\Anna\AppData\Local\Temp\AutoRun.exe
C:\Users\Anna\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Anna\AppData\Local\Temp\contentDATs.exe
C:\Users\Anna\AppData\Local\Temp\First15.exe
C:\Users\Anna\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Anna\AppData\Local\Temp\VP6Install.exe
C:\Users\Anna\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-09 15:47

==================== End Of Log ============================

--- --- ---

--- --- ---

und Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2013 02
Ran by Anna at 2013-12-17 23:43:06
Running from C:\Users\Anna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AntiVir Desktop (Enabled - Out of date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.1.102.55)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0)
Adobe Premiere Elements 8.0 (x32 Version: 8.0)
Adobe Reader X (10.0.1) - Deutsch (x32 Version: 10.0.1)
Alps Pointing-device for VAIO
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.115)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.21.368)
Avira AntiVir Personal - Free Antivirus (x32 Version: 10.2.0.707)
Corel WinDVD (x32 Version: 10.0.5.297)
Die Sims 2 (x32)
Evernote (x32 Version: 3.5.4.2224)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FRITZ!Box USB-Fernanschluss (HKCU Version: 2.3.0.2)
Google Chrome (x32 Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320)
Google Update Helper (x32 Version: 1.3.22.3)
ICQ7.4 (x32 Version: 7.4)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
Java Auto Updater (x32 Version: 2.0.2.1)
Java(TM) 6 Update 20 (64-bit) (Version: 6.0.200)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Internet Security (x32 Version: 10.5.237)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Media Gallery (Version: 1.3.0)
Media Gallery (x32 Version: 1.3.0.06230)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Norton Online Backup (x32 Version: 2.1.17869)
NVIDIA Display Control Panel (Version: 6.14.12.5903)
NVIDIA Drivers (Version: 1.10.62.40)
PMB (x32 Version: 5.3.00.06040)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00)
PVSonyDll (Version: 1.00.0001)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6098)
Remote Play mit PlayStation®3 (x32 Version: 1.0.2.06210)
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210)
Remote-Tastatur mit PlayStation 3 (x32 Version: 1.0.2.06170)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.1)
Skype™ 5.10 (x32 Version: 5.10.116)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VAIO - Media Gallery (x32 Version: 1.3.0.06230)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.3.00.06040)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180)
VAIO Care (x32 Version: 6.2.2.07150)
VAIO Control Center (x32 Version: 4.3.0.05310)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240)
VAIO DVD Menu Data (x32 Version: 2.2.00.05120)
VAIO Gate (x32 Version: 2.2.0.06080)
VAIO Gate Default (x32 Version: 2.2.0.07020)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230)
VAIO Media plus (Version: 2.1.0)
VAIO Media plus (x32 Version: 2.1.0.18210)
VAIO Media plus Opening Movie (x32 Version: 2.1.0.13220)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040)
VAIO Sample Contents (x32 Version: 1.3.0.06041)
VAIO screensaver (x32 Version: 1.0.0.0)
VAIO Smart Network (x32 Version: 3.3.0.06080)
VAIO Update (x32 Version: 5.2.0.05310)
VAIO-Handbuch (x32 Version: 1.1.0.05280)
VAIO-Support für Übertragungen (x32 Version: 1.2.0.06230)
WIDCOMM Bluetooth Software (Version: 6.3.0.5600)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)

==================== Restore Points  =========================

30-08-2013 16:28:15 Geplanter Prüfpunkt
11-09-2013 10:53:40 Geplanter Prüfpunkt
13-09-2013 05:10:58 Windows Update
22-09-2013 14:56:05 Geplanter Prüfpunkt
09-10-2013 14:54:47 Geplanter Prüfpunkt
10-10-2013 23:25:47 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {000AD6EF-053D-42F1-BDA6-7DFCB06E2B83} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2010-07-15] (Sony Corporation)
Task: {08CCBAA7-1465-4C19-B9CA-EB21F393D666} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {22141B1C-0CA5-4F57-AFAF-38BB0AF79658} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06] (Google Inc.)
Task: {3A5391CA-43C9-43C0-85EA-76CCA987C2D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06] (Google Inc.)
Task: {3D821AE8-9694-4E0B-A35F-534A17FB8323} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe [2010-05-26] (Sony Corporation)
Task: {4EB4241F-AFD4-410D-9695-45A3085E78D6} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {6A8A8AFB-3C81-4CAA-AFB0-C7520EA1D1D0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090076094-3760637753-1083568034-1000UA => C:\Users\Anna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {6F2CD37B-2A87-4901-B110-86280B54B40F} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {7C16A8E5-1E99-43AE-A681-B0809C67E6F3} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-06-08] (Sony Corporation)
Task: {93489377-5FD8-4EA7-AFE3-0594153A6684} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-06-08] (Sony Corporation)
Task: {9DD87972-C92E-4493-A4AB-07A51257A5E5} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {C44DFDCE-BC69-4391-AAB1-AC8178A790BF} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-05-31] (Sony Corporation)
Task: {CE3DBA41-07A9-4C03-AC89-4DE3E5D093D9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090076094-3760637753-1083568034-1000Core => C:\Users\Anna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D4C70626-21AB-48CE-80F9-94FDC30F9F42} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {E022D9C8-2B4B-4DED-8939-CABEDF97A835} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {EA64160D-061D-4EE2-BE2D-5D2197B1E2A8} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090076094-3760637753-1083568034-1000Core.job => C:\Users\Anna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090076094-3760637753-1083568034-1000UA.job => C:\Users\Anna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-06 10:53 - 2010-05-31 18:25 - 00056320 _____ () C:\Program Files\Sony\VAIO Update 5\VUAgentPS64.dll
2011-03-17 16:32 - 2010-06-17 14:27 - 00355688 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-12-06 10:53 - 2010-05-31 19:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-12-06 10:53 - 2010-05-31 19:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2013-08-16 14:01 - 2013-08-16 14:01 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2010-10-11 21:03 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-17 22:47 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-17 22:47 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-17 22:47 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-17 22:47 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-17 22:47 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2011-03-23 20:26:58.433
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-23 20:26:58.383
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-23 20:26:58.323
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-23 20:26:58.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-23 20:26:58.063
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-23 20:26:57.993
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-23 20:26:57.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-23 20:26:57.793
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-23 20:26:57.563
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-23 20:26:57.273
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 4012.96 MB
Available physical RAM: 2632.98 MB
Total Pagefile: 8024.1 MB
Available Pagefile: 5543.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:583.19 GB) (Free:510.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 96F323E6)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=583 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ICQ startet übrigens immer noch, obwohl AdwCleaner doch eine Entfernung gemeldet hat.

Grüße und Danke
MrBlueBit

Was empfiehlst du für ein Antivirenprogramm?

schrauber · 18.12.2013, 11:09

Ich empfehle immer Emsisoft

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

MrBlueBit · 22.12.2013, 14:38

Logfile ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0c2775d85576544dad959381d276a23a
# engine=16364
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-22 12:44:01
# local_time=2013-12-22 01:44:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 293384 139346091 0 0
# scanned=23696
# found=1
# cleaned=0
# scan_time=631
sh=BE5F4163BE87EE46AD97D0BC815B885E2AEB6A0D ft=1 fh=a8adb7bbc8afa27c vn="Win32/LockScreen.BCR trojan" ac=I fn="C:\FRST\Quarantine\IE11Update.exe"

Security Check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 20  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 10.0.1 Adobe Reader out of Date!  
 Google Chrome 30.0.1599.69  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Sieht alles gut aus.
Was macht man mit der infizierten Datei? oder ist die schon weg?

Danke und schönes Fest
MrBlueBit

Hier noch FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2013 02
Ran by Anna (administrator) on ANNA-VAIO on 22-12-2013 14:33:43
Running from C:\Users\Anna\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(AVM Berlin) C:\Users\Anna\AppData\Local\Apps\2.0\8KJ8VP5O.GXN\BDDP57JA.DJZ\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-06] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Anna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\Anna\AppData\Local\Apps\2.0\8KJ8VP5O.GXN\BDDP57JA.DJZ\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-02-01] (AVM Berlin)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-22] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/home.php?ref=hp
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3A382A75-A931-48AF-8EA0-2FF9CD0C2830} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {BA5CC991-053D-496D-B50B-CE0BEF21D2A9} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {C3C7A28B-98E5-4396-8D17-7C591D76AE50} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Anna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-22] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1250160 2010-05-31] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-22] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-22] ()
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2011-10-10] (AVM Berlin)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-22 14:33 - 2013-12-22 14:33 - 00014928 _____ C:\Users\Anna\Desktop\FRST.txt
2013-12-22 14:31 - 2013-12-22 14:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\OpenOffice
2013-12-22 14:29 - 2013-12-22 14:29 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-12-22 14:28 - 2013-12-22 14:29 - 29011992 _____ (Microsoft Corporation) C:\Users\Anna\Downloads\FileFormatConverters4.exe
2013-12-22 14:27 - 2013-12-22 14:27 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-22 14:19 - 2013-12-22 14:19 - 00000000 ____D C:\Users\Anna\AppData\Roaming\AVAST Software
2013-12-22 14:18 - 2013-12-22 14:19 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-22 14:18 - 2013-12-22 14:18 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-22 14:18 - 2013-12-22 14:18 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-22 14:18 - 2013-12-22 14:17 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-22 14:18 - 2013-12-22 14:17 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1387718293
2013-12-22 14:17 - 2013-12-22 14:17 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-22 14:17 - 2013-12-22 14:17 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-22 14:17 - 2013-12-22 14:17 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-22 14:16 - 2013-12-22 14:16 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-22 13:49 - 2013-12-22 13:50 - 00891200 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-22 13:26 - 2013-12-22 13:27 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-19 03:18 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-19 03:18 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-19 03:18 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-19 03:18 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-19 03:08 - 2013-12-19 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-19 03:08 - 2013-12-19 03:08 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-19 03:08 - 2013-12-19 03:08 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-19 03:08 - 2013-12-19 03:08 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-19 03:08 - 2013-12-19 03:08 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-19 03:08 - 2013-12-19 03:08 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-19 03:08 - 2013-12-19 03:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-19 03:08 - 2013-12-19 03:08 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-19 03:08 - 2013-12-19 03:08 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-19 03:08 - 2013-12-19 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-18 08:27 - 2013-11-19 03:33 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-12-18 08:22 - 2013-12-18 08:35 - 163606685 _____ C:\Users\Anna\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-18 08:16 - 2013-12-18 08:23 - 91412976 _____ (AVAST Software) C:\Users\Anna\Downloads\avast_free_antivirus_setup.exe
2013-12-18 00:13 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-18 00:01 - 2013-12-19 03:17 - 00020351 _____ C:\Windows\IE11_main.log
2013-12-17 23:17 - 2013-12-17 23:17 - 00000000 ____D C:\Windows\ERUNT
2013-12-17 23:03 - 2013-12-17 23:09 - 00000000 ____D C:\AdwCleaner
2013-12-17 22:41 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-17 22:41 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-17 22:41 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-17 22:41 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-17 22:41 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-17 22:40 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-17 22:40 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-17 22:40 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-17 22:40 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-17 22:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-17 22:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-17 22:39 - 2013-12-17 22:39 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-17 22:39 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-17 22:39 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-17 22:39 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-17 22:39 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-17 22:39 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-17 22:39 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-17 22:39 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-17 22:39 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-17 22:39 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-17 22:39 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-17 22:38 - 2013-12-17 22:38 - 01928214 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2013-12-17 22:38 - 2013-12-17 22:38 - 01034531 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2013-12-17 22:38 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-17 22:38 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-17 22:38 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-17 22:38 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-17 22:38 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-17 22:38 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-17 22:38 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-17 22:38 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-17 22:38 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-17 22:38 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-17 22:38 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-17 22:38 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-17 22:38 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-17 22:38 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-17 22:38 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-17 22:38 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-17 22:38 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-17 22:38 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-17 22:38 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-17 22:38 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-17 22:38 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-17 22:38 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-17 22:38 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-17 22:38 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-17 22:38 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-17 22:38 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-17 22:38 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-17 22:38 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-17 22:38 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-17 22:37 - 2013-12-17 22:38 - 01226750 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2013-12-17 22:37 - 2013-12-17 22:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-13 17:47 - 2013-12-13 17:47 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-12-22 14:34 - 2013-12-22 14:33 - 00014928 _____ C:\Users\Anna\Desktop\FRST.txt
2013-12-22 14:32 - 2010-12-06 11:04 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 14:31 - 2013-12-22 14:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\OpenOffice
2013-12-22 14:29 - 2013-12-22 14:29 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-12-22 14:29 - 2013-12-22 14:28 - 29011992 _____ (Microsoft Corporation) C:\Users\Anna\Downloads\FileFormatConverters4.exe
2013-12-22 14:28 - 2011-03-16 22:19 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0422D496-14A5-4D58-B1C5-CFB16DB30B91}
2013-12-22 14:27 - 2013-12-22 14:27 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-22 14:25 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-22 14:19 - 2013-12-22 14:19 - 00000000 ____D C:\Users\Anna\AppData\Roaming\AVAST Software
2013-12-22 14:19 - 2013-12-22 14:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-22 14:18 - 2013-12-22 14:18 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-22 14:18 - 2013-12-22 14:18 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-22 14:17 - 2013-12-22 14:18 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-22 14:17 - 2013-12-22 14:18 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1387718293
2013-12-22 14:17 - 2013-12-22 14:17 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-22 14:17 - 2013-12-22 14:17 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-22 14:17 - 2013-12-22 14:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-22 14:17 - 2013-12-22 14:17 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-22 14:16 - 2013-12-22 14:16 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-22 13:50 - 2013-12-22 13:49 - 00891200 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-22 13:34 - 2011-03-16 22:16 - 01628104 _____ C:\Windows\WindowsUpdate.log
2013-12-22 13:31 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 13:31 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 13:30 - 2010-12-06 19:41 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-12-22 13:30 - 2010-12-06 19:41 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-12-22 13:30 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-22 13:27 - 2013-12-22 13:26 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-22 13:24 - 2010-12-06 11:04 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 13:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 13:23 - 2009-07-14 05:51 - 00098350 _____ C:\Windows\setupact.log
2013-12-19 04:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-19 03:39 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-19 03:37 - 2009-07-14 05:45 - 00309312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-19 03:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-19 03:17 - 2013-12-18 00:01 - 00020351 _____ C:\Windows\IE11_main.log
2013-12-19 03:11 - 2011-09-18 01:06 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090076094-3760637753-1083568034-1000Core.job
2013-12-19 03:08 - 2013-12-19 03:08 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-19 03:08 - 2013-12-19 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-19 03:08 - 2013-12-19 03:08 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-19 03:08 - 2013-12-19 03:08 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-19 03:08 - 2013-12-19 03:08 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-19 03:08 - 2013-12-19 03:08 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-19 03:08 - 2013-12-19 03:08 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-19 03:08 - 2013-12-19 03:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-19 03:08 - 2013-12-19 03:08 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-19 03:08 - 2013-12-19 03:08 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-19 03:08 - 2013-12-19 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-19 03:08 - 2013-12-19 03:08 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-19 03:08 - 2013-12-19 03:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-19 03:01 - 2011-09-18 01:06 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090076094-3760637753-1083568034-1000UA.job
2013-12-18 08:35 - 2013-12-18 08:22 - 163606685 _____ C:\Users\Anna\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-18 08:23 - 2013-12-18 08:16 - 91412976 _____ (AVAST Software) C:\Users\Anna\Downloads\avast_free_antivirus_setup.exe
2013-12-18 08:06 - 2010-12-06 10:52 - 00000000 ____D C:\ProgramData\McAfee
2013-12-18 08:06 - 2010-12-06 10:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-18 08:05 - 2010-10-11 21:06 - 00035986 _____ C:\Windows\PFRO.log
2013-12-17 23:56 - 2013-08-14 23:03 - 00000000 ____D C:\Windows\system32\MRT
2013-12-17 23:52 - 2011-03-20 23:15 - 00000000 ____D C:\Users\Anna\AppData\Roaming\ICQ
2013-12-17 23:17 - 2013-12-17 23:17 - 00000000 ____D C:\Windows\ERUNT
2013-12-17 23:13 - 2011-10-10 17:58 - 00011999 _____ C:\Windows\avmacc.log
2013-12-17 23:09 - 2013-12-17 23:03 - 00000000 ____D C:\AdwCleaner
2013-12-17 23:09 - 2011-03-20 23:16 - 00000000 ____D C:\ProgramData\ICQ
2013-12-17 22:39 - 2013-12-17 22:39 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-17 22:39 - 2013-12-17 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-17 22:38 - 2013-12-17 22:38 - 01928214 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2013-12-17 22:38 - 2013-12-17 22:38 - 01034531 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2013-12-17 22:38 - 2013-12-17 22:37 - 01226750 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2013-12-17 22:37 - 2013-12-17 22:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-17 22:27 - 2010-12-06 11:04 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-17 22:27 - 2010-12-06 11:04 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-13 17:47 - 2013-12-13 17:47 - 00000000 ____D C:\FRST
2013-12-01 14:42 - 2011-06-07 21:02 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-23 19:26 - 2013-12-17 22:41 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-17 22:41 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\AskSLib.dll
C:\Users\Anna\AppData\Local\Temp\AutoRun.exe
C:\Users\Anna\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Anna\AppData\Local\Temp\contentDATs.exe
C:\Users\Anna\AppData\Local\Temp\First15.exe
C:\Users\Anna\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Anna\AppData\Local\Temp\VP6Install.exe
C:\Users\Anna\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-18 08:49

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 23.12.2013, 08:39

Die ist schon in Quarantäne. Java, Flash und Adobe updaten.

Fertig

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Bundespolizei-GVU-Interpol Virus

Log-Analyse und Auswertung: Bundespolizei-GVU-Interpol Virus