Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit.

Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit.


Plagegeister aller Art und deren Bekämpfung: Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.08.2014, 14:07   #23
katawalker
 
Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit. - Standard

Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit.


habe MBAM nochmal probiert, hängt sich wieder irgendwann auf.

es folgen die logs der anderen 3 progamme:

Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 02/08/2014 um 14:46:22
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : VAIO - VAIO-VAIO
# Gestartet von : C:\Users\VAIO\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\laura\AppData\LocalLow\Elf_1.15
Ordner Gelöscht : C:\Users\VAIO\AppData\Local\iac
Ordner Gelöscht : C:\Users\VAIO\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\VAIO\AppData\Roaming\pccustubinstaller
Ordner Gelöscht : C:\Users\VAIO\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Tasks ] *****

Task Gelöscht : BrowserDefendert
Task Gelöscht : PC Performer
Task Gelöscht : PC Performer_DEFAULT
Task Gelöscht : PC Performer_UPDATES

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{889F49D2-6CEA-40BE-BE5F-7217485F9745}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2561FD25-FE31-4E56-A120-AF7FEAAE3124}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{53F6A516-3DCC-48F4-835C-6C670CB39CEA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


*************************

AdwCleaner[R0].txt - [11882 octets] - [02/09/2013 18:32:11]
AdwCleaner[R1].txt - [1019 octets] - [02/09/2013 18:48:39]
AdwCleaner[R2].txt - [899 octets] - [02/09/2013 18:54:53]
AdwCleaner[R3].txt - [3728 octets] - [02/08/2014 14:31:05]
AdwCleaner[R4].txt - [3788 octets] - [02/08/2014 14:43:19]
AdwCleaner[S0].txt - [11222 octets] - [02/09/2013 18:38:03]
AdwCleaner[S1].txt - [1081 octets] - [02/09/2013 18:50:22]
AdwCleaner[S2].txt - [3626 octets] - [02/08/2014 14:46:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3686 octets] ##########


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by VAIO on 02.08.2014 at 14:52:13,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3611908358-3881106816-577297579-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{49CB736A-BDB2-4484-9807-A894B4E0F246}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.08.2014 at 14:57:37,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by VAIO (administrator) on VAIO-VAIO on 02-08-2014 15:02:20
Running from C:\Users\VAIO\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Dropbox, Inc.) C:\Users\VAIO\AppData\Roaming\Dropbox\bin\Dropbox.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\VAIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {48DFAC5C-EE63-4A8F-9A65-6C896DAAB129} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
SearchScopes: HKCU - {C6368E06-383F-4A14-B4C2-2E020629DD01} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [229392 2012-09-13] (Nitro PDF Software)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel(R) Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-21] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 14:57 - 2014-08-02 14:57 - 00001409 _____ () C:\Users\VAIO\Desktop\JRT.txt
2014-08-02 14:52 - 2014-08-02 14:52 - 00000000 ____D () C:\Windows\ERUNT
2014-08-02 14:51 - 2014-08-02 14:51 - 01016261 _____ (Thisisu) C:\Users\VAIO\Desktop\JRT.exe
2014-08-02 14:49 - 2014-08-02 14:49 - 00003798 _____ () C:\Users\VAIO\Desktop\AdwCleaner[S2].txt
2014-08-02 14:29 - 2014-08-02 14:29 - 01361309 _____ () C:\Users\VAIO\Desktop\adwcleaner_3.302.exe
2014-08-02 11:35 - 2014-08-02 11:35 - 00003248 _____ () C:\Users\VAIO\Desktop\MBAM_1.txt
2014-08-02 00:54 - 2014-08-02 00:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\VAIO\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-01 16:11 - 2014-08-01 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 13:52 - 2014-08-01 13:52 - 00018504 _____ () C:\ComboFix.txt
2014-08-01 13:25 - 2014-08-01 13:25 - 05567414 ____R (Swearware) C:\Users\VAIO\Desktop\ComboFix.exe
2014-08-01 01:02 - 2014-08-01 13:52 - 00000000 ____D () C:\Qoobox
2014-08-01 01:02 - 2014-08-01 01:21 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 01:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-01 01:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-01 01:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-01 01:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-01 01:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-01 01:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-01 01:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-01 01:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-31 16:57 - 2014-07-31 16:57 - 00041664 _____ () C:\Users\VAIO\Desktop\Addition_1.txt
2014-07-31 16:56 - 2014-08-02 15:02 - 00016043 _____ () C:\Users\VAIO\Desktop\FRST.txt
2014-07-31 16:56 - 2014-08-02 15:02 - 00000000 ____D () C:\FRST
2014-07-31 16:56 - 2014-07-31 17:21 - 00029746 _____ () C:\Users\VAIO\Desktop\FRST_1.txt
2014-07-31 16:54 - 2014-07-31 16:55 - 02094080 _____ (Farbar) C:\Users\VAIO\Desktop\FRST64.exe
2014-07-31 11:43 - 2014-07-31 11:43 - 00117680 _____ () C:\Users\Gabi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-31 11:43 - 2014-07-31 11:43 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Intel Corporation
2014-07-31 11:43 - 2014-07-31 11:43 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\ATI
2014-07-31 11:43 - 2014-07-31 11:43 - 00000000 ____D () C:\Users\Gabi\AppData\Local\ATI
2014-07-31 11:42 - 2014-07-31 11:42 - 00000020 ___SH () C:\Users\Gabi\ntuser.ini
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Vorlagen
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Startmenü
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Netzwerkumgebung
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Lokale Einstellungen
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Eigene Dateien
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Druckumgebung
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Documents\Eigene Musik
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Documents\Eigene Bilder
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\AppData\Local\Verlauf
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\AppData\Local\Anwendungsdaten
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Anwendungsdaten
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Sony Corporation
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 ____D () C:\Users\Gabi\AppData\Local\VirtualStore
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 ____D () C:\Users\Gabi
2014-07-31 11:42 - 2010-07-28 13:24 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Macromedia
2014-07-31 11:42 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 11:42 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 00:18 - 2014-07-31 00:18 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-26 01:19 - 2014-07-26 01:19 - 00000836 _____ () C:\Users\laura\.recently-used.xbel
2014-07-26 00:07 - 2014-07-26 00:53 - 00000000 ____D () C:\Users\laura\Desktop\DCIM_Sd_cards_july2014
2014-07-25 11:53 - 2014-07-25 11:53 - 00002270 _____ () C:\Users\VAIO\Documents\Schwerinsommer.zip
2014-07-11 03:03 - 2014-07-11 03:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 14:48 - 2014-07-01 03:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 14:48 - 2014-07-01 03:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 15:03 - 2014-07-31 16:56 - 00016043 _____ () C:\Users\VAIO\Desktop\FRST.txt
2014-08-02 15:02 - 2014-07-31 16:56 - 00000000 ____D () C:\FRST
2014-08-02 14:57 - 2014-08-02 14:57 - 00001409 _____ () C:\Users\VAIO\Desktop\JRT.txt
2014-08-02 14:55 - 2009-07-14 06:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 14:55 - 2009-07-14 06:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 14:52 - 2014-08-02 14:52 - 00000000 ____D () C:\Windows\ERUNT
2014-08-02 14:51 - 2014-08-02 14:51 - 01016261 _____ (Thisisu) C:\Users\VAIO\Desktop\JRT.exe
2014-08-02 14:51 - 2010-11-05 16:16 - 01705398 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 14:49 - 2014-08-02 14:49 - 00003798 _____ () C:\Users\VAIO\Desktop\AdwCleaner[S2].txt
2014-08-02 14:48 - 2014-01-23 19:08 - 00000000 ___RD () C:\Users\VAIO\Dropbox
2014-08-02 14:48 - 2014-01-23 19:06 - 00000000 ____D () C:\Users\VAIO\AppData\Roaming\Dropbox
2014-08-02 14:48 - 2010-07-28 13:36 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 14:47 - 2010-07-28 13:15 - 01088990 _____ () C:\Windows\PFRO.log
2014-08-02 14:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 14:47 - 2009-07-14 06:51 - 00133334 _____ () C:\Windows\setupact.log
2014-08-02 14:46 - 2013-09-02 18:32 - 00000000 ____D () C:\AdwCleaner
2014-08-02 14:46 - 2010-07-28 13:36 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 14:42 - 2011-06-19 12:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-08-02 14:29 - 2014-08-02 14:29 - 01361309 _____ () C:\Users\VAIO\Desktop\adwcleaner_3.302.exe
2014-08-02 14:29 - 2013-03-04 16:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-02 11:37 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2014-08-02 11:35 - 2014-08-02 11:35 - 00003248 _____ () C:\Users\VAIO\Desktop\MBAM_1.txt
2014-08-02 10:40 - 2010-11-05 16:25 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3E5150CB-F022-4428-8BD4-B947263D275D}
2014-08-02 00:54 - 2014-08-02 00:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\VAIO\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-01 16:11 - 2014-08-01 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 13:52 - 2014-08-01 13:52 - 00018504 _____ () C:\ComboFix.txt
2014-08-01 13:52 - 2014-08-01 01:02 - 00000000 ____D () C:\Qoobox
2014-08-01 13:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 13:25 - 2014-08-01 13:25 - 05567414 ____R (Swearware) C:\Users\VAIO\Desktop\ComboFix.exe
2014-08-01 11:23 - 2013-08-20 13:08 - 00000554 _____ () C:\Users\VAIO\Desktop\Facebook.website
2014-08-01 10:41 - 2012-11-12 16:22 - 00000000 ____D () C:\Users\VAIO\Documents\HAZ-Artikel
2014-08-01 01:21 - 2014-08-01 01:02 - 00000000 ____D () C:\Windows\erdnt
2014-07-31 17:21 - 2014-07-31 16:56 - 00029746 _____ () C:\Users\VAIO\Desktop\FRST_1.txt
2014-07-31 16:57 - 2014-07-31 16:57 - 00041664 _____ () C:\Users\VAIO\Desktop\Addition_1.txt
2014-07-31 16:55 - 2014-07-31 16:54 - 02094080 _____ (Farbar) C:\Users\VAIO\Desktop\FRST64.exe
2014-07-31 11:43 - 2014-07-31 11:43 - 00117680 _____ () C:\Users\Gabi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-31 11:43 - 2014-07-31 11:43 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Intel Corporation
2014-07-31 11:43 - 2014-07-31 11:43 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\ATI
2014-07-31 11:43 - 2014-07-31 11:43 - 00000000 ____D () C:\Users\Gabi\AppData\Local\ATI
2014-07-31 11:42 - 2014-07-31 11:42 - 00000020 ___SH () C:\Users\Gabi\ntuser.ini
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Vorlagen
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Startmenü
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Netzwerkumgebung
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Lokale Einstellungen
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Eigene Dateien
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Druckumgebung
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Documents\Eigene Musik
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Documents\Eigene Bilder
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\AppData\Local\Verlauf
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\AppData\Local\Anwendungsdaten
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 _SHDL () C:\Users\Gabi\Anwendungsdaten
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Sony Corporation
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 ____D () C:\Users\Gabi\AppData\Local\VirtualStore
2014-07-31 11:42 - 2014-07-31 11:42 - 00000000 ____D () C:\Users\Gabi
2014-07-31 00:20 - 2010-12-21 16:37 - 00000000 ____D () C:\Users\VAIO\AppData\Roaming\Skype
2014-07-31 00:18 - 2014-07-31 00:18 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-30 18:14 - 2010-07-28 23:11 - 00697098 _____ () C:\Windows\system32\perfh007.dat
2014-07-30 18:14 - 2010-07-28 23:11 - 00148362 _____ () C:\Windows\system32\perfc007.dat
2014-07-30 18:14 - 2009-07-14 07:13 - 01613412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-30 10:01 - 2010-12-07 21:37 - 00000000 ____D () C:\Update
2014-07-26 10:54 - 2014-01-23 19:08 - 00001015 _____ () C:\Users\VAIO\Desktop\Dropbox.lnk
2014-07-26 10:54 - 2014-01-23 19:06 - 00000000 ____D () C:\Users\VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-26 10:16 - 2013-03-14 01:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 10:16 - 2013-03-14 01:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 01:25 - 2013-03-14 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 01:20 - 2011-08-14 14:11 - 00000000 ____D () C:\Users\laura\.gimp-2.6
2014-07-26 01:19 - 2014-07-26 01:19 - 00000836 _____ () C:\Users\laura\.recently-used.xbel
2014-07-26 01:19 - 2011-01-11 15:11 - 00000000 ____D () C:\Users\laura
2014-07-26 00:53 - 2014-07-26 00:07 - 00000000 ____D () C:\Users\laura\Desktop\DCIM_Sd_cards_july2014
2014-07-25 11:53 - 2014-07-25 11:53 - 00002270 _____ () C:\Users\VAIO\Documents\Schwerinsommer.zip
2014-07-20 19:48 - 2012-03-11 19:48 - 00000000 ____D () C:\Users\VAIO\Documents\Sportabzeichen
2014-07-18 19:09 - 2011-01-04 20:09 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-16 12:23 - 2013-03-31 12:46 - 00000000 ____D () C:\Users\VAIO\Documents\Rezepte
2014-07-13 11:51 - 2013-09-18 18:43 - 00000450 _____ () C:\Users\VAIO\Desktop\Google.website
2014-07-12 00:41 - 2011-07-13 21:22 - 00000000 ____D () C:\Users\VAIO\Documents\AirPlus
2014-07-11 03:03 - 2014-07-11 03:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 03:03 - 2013-07-24 15:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 03:01 - 2010-12-07 21:24 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 21:29 - 2013-03-04 16:51 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 21:29 - 2013-03-04 16:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 21:29 - 2011-06-16 16:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\VAIO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdlge9q.dll
C:\Users\VAIO\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-30 18:12

==================== End Of Log ============================
--- --- ---
 

Themen zu Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit.
behavior:win32/vawtrak.a, link geklickt, pup.optional.babylon.a, pup.optional.inbox, pup.optional.mindspark.a, pup.optional.myscrapnook.a, pup.optional.pcperformer, pup.optional.pcperformer.a, pup.optional.pricegong.a, pup.optional.systemspeedup, trojan.ransom.gen, win32/installcore.by, win32/installmonetizer.aq, win32/pcperformer.a, win32/pcperformer.b, win32/pcperformer.c, win32/pricegong.a, win32/psw.papras.cx, win32/startpage.oie, win32/toolbar.conduit.b, win32/toolbar.conduit.o, win32/toolbar.conduit.p, win32/toolbar.conduit.q, win32/toolbar.conduit.y


« SuperShopping Virus auf meine Rechner | Wilokii Trojaner - Bitte um Hilfe »


Ähnliche Themen: Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit.


  1. "update.exe" ohne bestimmbare Prozessstruktur unter Win7 Professional aufgetaucht
    Plagegeister aller Art und deren Bekämpfung - 01.08.2015 (14)
  2. Win 7/8.1 [Spacekace Ordner aufgetaucht]
    Log-Analyse und Auswertung - 08.07.2015 (24)
  3. Lästiges Ding unter users\appdata\roaming
    Log-Analyse und Auswertung - 15.03.2014 (13)
  4. gvu will svchost.exe unter C:\users\user\appdata\local\temp starten
    Log-Analyse und Auswertung - 16.01.2014 (13)
  5. Avira meldet TR/Kryptik.58880145 unter C:\Users\test\AppData\Local\Temp\
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (32)
  6. snap.do auch bei mir aufgetaucht.
    Plagegeister aller Art und deren Bekämpfung - 28.04.2013 (23)
  7. tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (20)
  8. GVU Trojaner wieder aufgetaucht
    Log-Analyse und Auswertung - 31.10.2012 (15)
  9. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  10. RKIT/Agent.deyz unter C:\users\XXX\appdata.. gefunden
    Log-Analyse und Auswertung - 04.10.2012 (11)
  11. bei mir auch der 50 € Virus aufgetaucht
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (1)
  12. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  13. Virus Gen:Variant.Renos.61 unter C:Users\XX\AppData\Local\Temp\
    Log-Analyse und Auswertung - 23.02.2011 (5)
  14. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  15. scvhost.exe aufgetaucht
    Log-Analyse und Auswertung - 19.02.2007 (2)
  16. Unerklärliche Datei aufgetaucht ...
    Plagegeister aller Art und deren Bekämpfung - 19.11.2004 (11)
  17. Neues Unter-Forum?
    Alles rund um Windows - 16.02.2003 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit. - habe MBAM nochmal probiert, hängt sich wieder irgendwann auf. es folgen die logs der anderen 3 progamme: Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 02/08/2014 - Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit....
Archiv
Du betrachtest: Neues RVActivate_isv.exe unter AppData aufgetaucht. Win 7, 64 bit. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132