Exe Dateien lassen sich nicht ausführen

FrAGgi · 22.01.2014, 22:02

Hallo,

ich habe ein ganz seltsames Verhalten meines PCs:
Ich war 3 Wochen lang nicht mehr zu hause. Heute kam ich an, schalte den Rechner ein (ich erwähne, dass er davor einwandfrei lief!) und bekomme direkt ersteinmal diese Meldung in einem Windows-Fenster:

RunDLL
Problem beim Starten von SPIRunE.dll.
Der Vorgang konnte nicht erfolgreich abgeschlossen werden, da die Datei einen Virus enthält.

Habe ich erstmal ignoriert und wollte dann Anwendungen öffnen. Doch egal welche .exe Datei ich starte, ich bekomme beim ersten Aufruf immer eine Windows Fehlermeldung mit dem Pfad zur exe und dem Text: "Falscher Parameter".

Einige Programme starten beim Zweiten mal ohne Meldung. Die meisten aber melden zwar bei erneutem Doppelklick nichts, führen aber auch nichts aus, oder lassen nur kurz den Start des Anwendungsfensters aufblitzen und verschwinden wieder. Chrome startet aber problemlos (deswegen kann ich hier auch schreiben).

Ich habe immer ein aktuelles avast auf dem System und blockiere mit der Firewall standardmäßig erstmal immer alles, bis ich es explizit freigebe ... In den drei Wochen Abwesenheit war zu 99,99% niemand am PC, da er in meiner Wohnung steht und ausser mir keiner Zugang hat.

Mein PC basiert auf Windows 7 64-bit Professional

Mein Hijackthis-Log:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:58:15, on 22.01.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16750)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\SysWOW64\rundll32.exe
D:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.unibas.ch:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Diamondback] d:\Program Files (x86)\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "d:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\FrAGgi\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\FrAGgi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk
O4 - Startup: PhonerLite.lnk
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator-cbfs4 - {F5B019AB-1C5D-4E73-B2E3-5668F00AB93D} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {F5B019AB-1C5D-4E73-B2E3-5668F00AB93D} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - d:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DirMngr - Unknown owner - d:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - d:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpusDiskAdmin - Prism Media Products Ltd. - C:\Windows\SysWOW64\OpusDiskAdmin.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: WANdisco uberSVN Portal (uberSVNportal) - Apache Software Foundation - d:\Program Files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files (x86)\VMWare\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware View-USB (vmware-view-usbd) - VMware, Inc. - D:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WANdisco uberSVN Subversion Server (WANdiscouberSVNSubversionServer) - Apache Software Foundation - d:\Program Files (x86)\WANdisco\uberSVN\bin\httpd.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows7FirewallService - Sphinx Software - d:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: VMware View Client (wsnm) - VMware, Inc. - D:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

--
End of file - 12761 bytes

Mein FRST-Log

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 02
Ran by FrAGgi (administrator) on PSCHT on 22-01-2014 21:59:34
Running from D:\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows7FirewallControl] - d:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1126400 2012-04-12] (Sphinx Software)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SPIRunE] - Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [Diamondback] - d:\Program Files (x86)\Razer\Diamondback\razerhid.exe [147456 2007-02-14] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - d:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-23] (AVAST Software)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\FrAGgi\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Google Update] - C:\Users\FrAGgi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-10] (Google Inc.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {19d6db4f-2b2a-11e2-b930-00221597babf} - F:\setup.exe
Startup: C:\Users\FrAGgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\FrAGgi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\FrAGgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhonerLite.lnk
ShortcutTarget: PhonerLite.lnk -> D:\Program Files (x86)\PhonerLite\PhonerLite.exe (Heiko Sommerfeldt)
SSODL: EldosMountNotificator-cbfs4 - {F5B019AB-1C5D-4E73-B2E3-5668F00AB93D} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {F5B019AB-1C5D-4E73-B2E3-5668F00AB93D} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.unibas.ch:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x534A96131C21CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - d:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - d:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\FrAGgi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\FrAGgi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\FrAGgi\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Unity Player) - C:\Users\FrAGgi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Game Face Plugin) - C:\Users\FrAGgi\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (ProxTube) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-09-16]
CHR Extension: (From Dust) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2013-06-03]
CHR Extension: (Google Docs) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-03]
CHR Extension: (Google Drive) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-03]
CHR Extension: (YouTube) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-03]
CHR Extension: (Adblock Plus) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-03]
CHR Extension: (Google Search) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-03]
CHR Extension: (WGT Golf Challenge) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2013-06-03]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-06-03]
CHR Extension: (HTTPS Everywhere) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-06-03]
CHR Extension: (Ghostery) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-03]
CHR Extension: (Google Wallet) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Facebook Friends Checker) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekephlaeibdpchbdihkhgjnmhgfcbfb [2013-09-19]
CHR Extension: (ColorPick Eyedropper) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2013-12-03]
CHR Extension: (Gmail) - C:\Users\FrAGgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-03]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; d:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-23] (AVAST Software)
S2 DirMngr; d:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] ()
S2 EslWireHelper; d:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-05-27] ()
S2 OpusDiskAdmin; C:\Windows\SysWOW64\OpusDiskAdmin.exe [103336 2012-09-26] (Prism Media Products Ltd.)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-06] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
S3 uberSVNportal; d:\Program Files (x86)\WANdisco\uberSVN\tomcat\bin\tomcat6.exe [74752 2011-08-02] (Apache Software Foundation)
S2 VMAuthdService; D:\Program Files (x86)\VMWare\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
S2 vmware-view-usbd; D:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2012-12-03] (VMware, Inc.)
S3 WANdiscouberSVNSubversionServer; d:\Program Files (x86)\WANdisco\uberSVN\bin\httpd.exe [18432 2012-07-17] (Apache Software Foundation)
S2 Windows7FirewallService; d:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [760320 2012-04-12] (Sphinx Software)
S2 wsnm; D:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [472216 2012-12-08] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-08] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-12] ()
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385216 2013-06-05] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-10] (DT Soft Ltd)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [160784 2012-12-17] (<Turtle Entertainment>)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-12] ()
R3 MidOF; C:\Windows\System32\DRIVERS\midofw.sys [58792 2012-10-24] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 OADrv; C:\Windows\System32\DRIVERS\oadrvw.sys [178088 2012-10-24] ()
R3 OFADrv; C:\Windows\System32\DRIVERS\ofadrvw.sys [61352 2012-10-24] ()
R3 OFileDrv; C:\Windows\System32\DRIVERS\ofiledrvw.sys [178088 2012-10-24] ()
R3 OpusSync; C:\Windows\System32\DRIVERS\opussyncw.sys [79784 2012-10-24] ()
R3 OpusSys; C:\Windows\System32\DRIVERS\opussysw.sys [73640 2012-10-24] ()
R3 SadieNativeLib; C:\Windows\System32\DRIVERS\SadieNativeLibw.sys [95656 2012-10-24] ()
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [296816 2007-02-17] (Microsoft Corporation)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-06-05] (EldoS Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [x]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-22 21:43 - 2014-01-22 21:43 - 00000000 ____D C:\FRST
2014-01-22 20:01 - 2014-01-22 20:01 - 00000000 ____D C:\Users\ju\AppData\Roaming\AVAST Software
2014-01-22 20:00 - 2014-01-22 20:00 - 00000000 ____D C:\Users\ju\AppData\Roaming\Adobe
2014-01-22 19:58 - 2014-01-22 20:00 - 00000000 ___RD C:\Users\ju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-22 19:58 - 2014-01-22 20:00 - 00000000 ___RD C:\Users\ju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-22 19:58 - 2014-01-22 19:58 - 00000000 ____D C:\Users\ju\AppData\Roaming\WTablet
2014-01-22 19:26 - 2014-01-22 19:26 - 00000000 ____D C:\Users\FrAGgi\AppData\Roaming\Wise Registry Cleaner
2014-01-22 19:12 - 2014-01-22 21:51 - 00000224 _____ C:\Windows\setupact.log
2014-01-22 19:12 - 2014-01-22 19:12 - 00000000 _____ C:\Windows\setuperr.log
2014-01-22 15:54 - 2014-01-22 15:54 - 00003664 ____N C:\bootsqm.dat
2014-01-22 14:52 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-22 14:52 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-08 16:54 - 2014-01-09 23:06 - 00000000 ____D C:\Program Files (x86)\Xfire2
2014-01-08 13:03 - 2014-01-08 13:03 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1389182637
2014-01-08 13:03 - 2014-01-08 13:03 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

==================== One Month Modified Files and Folders =======

2014-01-22 21:57 - 2012-07-10 03:56 - 01779534 _____ C:\Windows\WindowsUpdate.log
2014-01-22 21:52 - 2013-06-03 22:03 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 21:51 - 2014-01-22 19:12 - 00000224 _____ C:\Windows\setupact.log
2014-01-22 21:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-22 21:43 - 2014-01-22 21:43 - 00000000 ____D C:\FRST
2014-01-22 21:39 - 2012-07-10 11:59 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-696955847-2680599230-1218123525-1000UA.job
2014-01-22 21:29 - 2013-06-03 22:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 21:15 - 2012-10-21 17:10 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-696955847-2680599230-1218123525-1000UA.job
2014-01-22 20:56 - 2009-07-14 05:45 - 00028064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 20:56 - 2009-07-14 05:45 - 00028064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 20:47 - 2012-07-10 12:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-22 20:22 - 2013-02-14 00:17 - 00000000 ____D C:\Users\FrAGgi\AppData\Local\CrashDumps
2014-01-22 20:01 - 2014-01-22 20:01 - 00000000 ____D C:\Users\ju\AppData\Roaming\AVAST Software
2014-01-22 20:00 - 2014-01-22 20:00 - 00000000 ____D C:\Users\ju\AppData\Roaming\Adobe
2014-01-22 20:00 - 2014-01-22 19:58 - 00000000 ___RD C:\Users\ju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-22 20:00 - 2014-01-22 19:58 - 00000000 ___RD C:\Users\ju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-22 19:58 - 2014-01-22 19:58 - 00000000 ____D C:\Users\ju\AppData\Roaming\WTablet
2014-01-22 19:58 - 2013-11-13 17:20 - 00000000 ____D C:\Users\ju
2014-01-22 19:26 - 2014-01-22 19:26 - 00000000 ____D C:\Users\FrAGgi\AppData\Roaming\Wise Registry Cleaner
2014-01-22 19:12 - 2014-01-22 19:12 - 00000000 _____ C:\Windows\setuperr.log
2014-01-22 18:54 - 2012-07-10 13:18 - 00000000 ____D C:\Users\FrAGgi\AppData\Roaming\Xfire
2014-01-22 18:50 - 2012-11-14 00:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-22 18:47 - 2012-07-13 13:39 - 00000000 ____D C:\Users\FrAGgi\AppData\Roaming\Winamp
2014-01-22 18:47 - 2012-07-10 04:52 - 00000000 ____D C:\Windows\Panther
2014-01-22 18:44 - 2012-07-12 19:14 - 00000000 ____D C:\Windows\pss
2014-01-22 18:34 - 2012-10-12 17:19 - 00000000 ____D C:\Users\FrAGgi\AppData\Local\TSVNCache
2014-01-22 15:54 - 2014-01-22 15:54 - 00003664 ____N C:\bootsqm.dat
2014-01-22 15:05 - 2009-07-14 05:45 - 04946904 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-22 15:03 - 2013-04-25 20:09 - 00000000 ____D C:\ProgramData\VMware
2014-01-22 14:22 - 2012-07-10 13:26 - 00000000 ____D C:\Users\FrAGgi\AppData\Local\Adobe
2014-01-10 08:38 - 2012-07-10 13:18 - 00000000 ____D C:\ProgramData\Xfire
2014-01-09 23:19 - 2012-07-11 17:09 - 00000000 ____D C:\Users\FrAGgi\AppData\Roaming\TS3Client
2014-01-09 23:16 - 2013-12-13 20:26 - 00000000 ____D C:\Users\FrAGgi\AppData\Local\Battle.net
2014-01-09 23:06 - 2014-01-08 16:54 - 00000000 ____D C:\Program Files (x86)\Xfire2
2014-01-09 20:50 - 2012-08-02 14:14 - 00000000 ____D C:\Users\FrAGgi\AppData\Roaming\FileZilla
2014-01-09 20:39 - 2012-07-10 11:59 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-696955847-2680599230-1218123525-1000Core.job
2014-01-09 18:15 - 2012-10-21 17:10 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-696955847-2680599230-1218123525-1000Core.job
2014-01-09 08:27 - 2012-07-11 13:36 - 00000000 ____D C:\Users\FrAGgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 08:27 - 2012-07-11 13:35 - 00000000 ____D C:\Users\FrAGgi\AppData\Roaming\Dropbox
2014-01-09 08:27 - 2012-07-10 04:01 - 00000000 ___RD C:\Users\FrAGgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 01:08 - 2009-07-14 18:58 - 00703818 _____ C:\Windows\system32\perfh007.dat
2014-01-09 01:08 - 2009-07-14 18:58 - 00151524 _____ C:\Windows\system32\perfc007.dat
2014-01-09 01:08 - 2009-07-14 06:13 - 01628802 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-08 22:23 - 2012-07-12 10:59 - 00000000 ____D C:\Users\FrAGgi\AppData\Local\PMB Files
2014-01-08 22:23 - 2012-07-12 10:59 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-08 19:11 - 2012-07-10 13:00 - 00076000 _____ C:\Users\FrAGgi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 13:03 - 2014-01-08 13:03 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1389182637
2014-01-08 13:03 - 2014-01-08 13:03 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-08 13:03 - 2013-03-20 12:48 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-08 13:03 - 2012-07-10 12:24 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-08 13:03 - 2012-07-10 12:24 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-08 13:03 - 2012-07-10 12:24 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-08 13:03 - 2012-07-10 12:24 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-08 13:03 - 2012-07-10 12:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

Files to move or delete:
====================
C:\Users\FrAGgi\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-13 02:32

==================== End Of Log ============================

schrauber · 22.01.2014, 22:19

hi,

Suchlauf mit rKill

Bitte lade dir rKill von Grinler auf deinen Desktop von einem der folgenden Links: RKill oder http://www.trojaner-board.de/85629-rkill-download.html

Starte nun das Programm durch einen Doppelklick.
Wenn sich jetzt kein schwarzes Fenster öffnet, dann versuche einen der anderen Downloadlinks.
Das Tool wird jetzt einige Minuten lang laufen und verschiedene Einstellungen prüfen und neu setzen.
Nach dem Ende der Abarbeitung öffnet sich automatisch die Logdatei rkill.txt.
Bitte poste sie in deinen Thread in CODE-Tags (Anleitung).

FrAGgi · 22.01.2014, 22:27

Habe alle drei rkill Downloads durch.
Beim starten jeder der Dateien kommt wie oben beschrieben ersteinmal die Meldung mit dem Pfad zur Datei selbst und dem Text "Falscher Parameter".

Beim zweiten Aufruf kommt die Meldung nicht, es erscheint kurz ein CMD-Fenster (1 Sekunde), verschwindet wieder und hinterlässt eine leere Rkill.txt

schrauber · 23.01.2014, 19:27

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Exe Dateien lassen sich nicht ausführen

Plagegeister aller Art und deren Bekämpfung: Exe Dateien lassen sich nicht ausführen