Windows 7 Chrome: Werbung in neuen Tabs

JoeMansky · 14.08.2014, 12:40

Hallo

Seit gestern öffnen sich in Facebook bei zufälligen Aktionen (Klick auf's Logo, Öffnen von weiteren Kommentaren, ...) ein oder mehrere Werbungsfenster in neuen Tabs.

Habe zuerst einen Malwarebytes Scan gemacht:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 13.08.2014
Scan Time: 22:11:41
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.13.07
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JoHelc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293208
Time Elapsed: 4 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, Quarantined, [110a0fb78eed15215dc93a300ef46d93], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, Quarantined, [b36875510576e74f77afed7db44edc24], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers, Quarantined, [b36875510576e74f77afed7db44edc24], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers.1, Quarantined, [b36875510576e74f77afed7db44edc24], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, Quarantined, [48d36066d1aacc6a02222abd936fcd33], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, Quarantined, [30eb7d49fe7dcf670b19499e946ece32], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [6bb066602a517db957cee10643bf1ae6], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, Quarantined, [be5df5d19ddec175d450d21536ccb64a], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, Quarantined, [b06b5f6708732b0b27fd0dda2fd334cc], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [d64506c09ae122149a8b1acd28dacd33], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [6daea125bbc0fe3882d78e6408fa1ce4], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 
PUP.Optional.Yontoo.A, C:\Users\JoHelc\AppData\Roaming\Yontoo, Quarantined, [93888a3cb3c8fd397f3bf4d19d65758b], 
PUP.Optional.Yontoo.A, C:\Users\JoHelc\AppData\Roaming\Yontoo\dat, Quarantined, [93888a3cb3c8fd397f3bf4d19d65758b], 
PUP.Optional.Yontoo.A, C:\Users\JoHelc\AppData\Roaming\Yontoo\dat\update, Quarantined, [93888a3cb3c8fd397f3bf4d19d65758b], 

Files: 5
PUP.Optional.Superfish.A, C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [0219fec80d6ea591cda0eb06847ed828], 
PUP.Optional.Superfish.A, C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [5ebd3e8824578da905680fe2fd0538c8], 
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\OptChrome.exe, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\sqlite3.exe, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 

Physical Sectors: 0
(No malicious items detected)


(end)

defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:41 on 13/08/2014 (JoHelc)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by JoHelc (administrator) on JOHELC-PC on 13-08-2014 22:42:55
Running from C:\Users\JoHelc\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe
(Flux Software LLC) C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1126528 2012-04-30] (Check Point Software Technologies)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-06-21] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-08-13] (AVAST Software)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Google Update] => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-03] (Google Inc.)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify Web Helper] => C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify] => C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [f.lux] => C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559] => C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [MusicManager] => C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1000M Setup-Assistent.lnk
ShortcutTarget: NETGEAR WNA1000M Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll (Montera Technologeis LTD)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll (Montera Technologeis LTD)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-07-03]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012-07-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-13]

Chrome: 
=======
CHR HomePage: hxxp://www.google.at/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Users\JoHelc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Easy Auto Refresh) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2012-07-03]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-03]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-07-03]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-02-13]
CHR Extension: (Media Hint) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-05-21]
CHR Extension: (Google Drive) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-15]
CHR Extension: (YouTube) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]
CHR Extension: (Google+ Benachrichtigungen) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2012-07-03]
CHR Extension: (Random Bookmark) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfemjamlkkagdfdekjhggnlbdcpbdpc [2012-07-03]
CHR Extension: (Adblock Plus) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-03]
CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-12-05]
CHR Extension: (Gif Delayer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2014-06-03]
CHR Extension: (Google-Suche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]
CHR Extension: (GExtend) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkjhlnnlabicokdgaecdeihkdlkdhjm [2012-07-03]
CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-01-03]
CHR Extension: (Google Kalender) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-07-03]
CHR Extension: (Google Play Music) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-10]
CHR Extension: (Chain Reaction) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2012-12-11]
CHR Extension: (AdBlock) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-03]
CHR Extension: (avast! Online Security) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-13]
CHR Extension: (Spotify Chrome Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2012-07-03]
CHR Extension: (SoundCloud Downloader) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbhfpgkfmfpjbdofhelpjdmeilbeopp [2012-11-09]
CHR Extension: (Google +1-Schaltfläche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2012-07-03]
CHR Extension: (StumbleUpon) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2012-07-03]
CHR Extension: (Any.do Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-07-06]
CHR Extension: (Metric Conversions) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kninfdohcboilpapkmbbdmcfanlgflld [2014-05-03]
CHR Extension: (Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-07-17]
CHR Extension: (Evernote Web) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-07-03]
CHR Extension: (NextExt) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikijnjpcmngdnahmjihclokafpnniap [2012-11-14]
CHR Extension: (Ghostery) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-16]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Hover Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-03]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-07-03]
CHR Extension: (Select All) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcnbnhefnmjancehemliplicihbcjjb [2012-07-03]
CHR Extension: (https://www.google.at/publicdata/directory?hl) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbmpjekfjbabbfkiifjnokhniifopch [2013-12-09]
CHR Extension: (Click&Clean App) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-03]
CHR Extension: (Page Monitor) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-13]
CHR StartMenuInternet: Google Chrome - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-13] (AVAST Software)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2012-04-30] (Check Point Software Technologies)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445880 2012-06-21] (Check Point Software Technologies LTD)
R2 WlanWpsSvc; C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-13] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-13] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-10-22] () [File not signed]
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2012-04-30] (Check Point Software Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-10-22] () [File not signed]
U0 mmiwhc; C:\Windows\System32\drivers\shsccsu.sys [79064 2014-08-13] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                           )
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:42 - 2014-08-13 22:43 - 00025529 _____ () C:\Users\JoHelc\Desktop\FRST.txt
2014-08-13 22:42 - 2014-08-13 22:42 - 02100224 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe
2014-08-13 22:42 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST
2014-08-13 22:40 - 2014-08-13 22:41 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log
2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable
2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe
2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster
2014-08-13 22:34 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-13 22:23 - 2014-08-13 22:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-13 22:22 - 2014-08-13 22:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407961442224
2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-13 22:19 - 2014-08-13 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-13 22:18 - 2014-08-13 22:19 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe
2014-08-13 22:16 - 2014-08-13 22:16 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\shsccsu.sys
2014-08-13 22:07 - 2014-08-13 22:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 22:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-13 22:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-13 22:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-13 22:06 - 2014-08-13 22:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-03 13:09 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 13:09 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 13:09 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 13:09 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 13:09 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 13:09 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 13:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 13:09 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 13:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-16 15:00 - 2014-07-16 15:00 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 15:00 - 2014-07-16 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:43 - 2014-08-13 22:42 - 00025529 _____ () C:\Users\JoHelc\Desktop\FRST.txt
2014-08-13 22:42 - 2014-08-13 22:42 - 02100224 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe
2014-08-13 22:42 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST
2014-08-13 22:41 - 2014-08-13 22:40 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log
2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable
2014-08-13 22:40 - 2012-07-03 00:08 - 00000000 ____D () C:\Users\JoHelc
2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe
2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster
2014-08-13 22:35 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 22:35 - 2012-07-03 00:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-13 22:24 - 2014-08-13 22:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-13 22:24 - 2014-08-13 22:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407961442224
2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-13 22:20 - 2014-08-13 22:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-13 22:19 - 2014-08-13 22:18 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe
2014-08-13 22:16 - 2014-08-13 22:16 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\shsccsu.sys
2014-08-13 22:08 - 2014-08-13 22:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 22:07 - 2014-08-13 22:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-13 21:27 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Spotify
2014-08-13 18:13 - 2012-07-03 00:08 - 02056780 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 17:27 - 2009-07-14 06:51 - 00296021 _____ () C:\Windows\setupact.log
2014-08-13 13:29 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 13:29 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 13:27 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-08-13 13:27 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-08-13 13:27 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 13:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 23:53 - 2012-07-03 00:22 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job
2014-08-04 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-04 15:58 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Local\Spotify
2014-07-16 15:01 - 2014-02-17 14:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 15:00 - 2014-07-16 15:00 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 15:00 - 2014-07-16 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 15:00 - 2014-02-17 14:52 - 00000000 ____D () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\JoHelc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjztbg.dll
C:\Users\JoHelc\AppData\Local\Temp\DropDownDeals_Setup-C4_2013_03_14.exe
C:\Users\JoHelc\AppData\Local\Temp\FileSystemView.dll
C:\Users\JoHelc\AppData\Local\Temp\install_reader10_de_mssd_aih.exe
C:\Users\JoHelc\AppData\Local\Temp\JavaIC.dll
C:\Users\JoHelc\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\JoHelc\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\JoHelc\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\JoHelc\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\JoHelc\AppData\Local\Temp\msscct32.dll
C:\Users\JoHelc\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\JoHelc\AppData\Local\Temp\tmp6C68.exe
C:\Users\JoHelc\AppData\Local\Temp\tmpF99A.exe
C:\Users\JoHelc\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\JoHelc\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 00:28

==================== End Of Log ============================

GMER hat leider nicht funktioniert, es erschien eine Fehlermeldung dass es nicht ausgeführt werden kann.

Vielen Dank!

Jo

schrauber · 14.08.2014, 13:18

HI,

Addition.txt von FRST fehlt.

JoeMansky · 14.08.2014, 13:38

Ah, sorry.

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by JoHelc at 2014-08-13 22:43:17
Running from C:\Users\JoHelc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53A19094-2C04-A9B9-7309-3E92152D4845}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.04.0000 - AMD) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.81 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.1 - Ashampoo GmbH & Co. KG)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
f.lux (HKCU\...\Flux) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
KaloMa 4.94 (HKLM-x32\...\KaloMa_is1) (Version:  - Frank Böpple)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM-x32\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
SketchUp 2013 (HKLM-x32\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
UPC Install Master (HKLM-x32\...\UPC Install Master) (Version: 1.1.0.22 - UPC Telekabel GmbH)
UPC Install Master (x32 Version: 1.1.0.22 - UPC Telekabel GmbH) Hidden
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XnView 1.99.6 (HKLM-x32\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)
Yontoo 2.052 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.052 - Yontoo LLC) <==== ATTENTION
ZoneAlarm Antivirus (x32 Version: 10.2.064.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 10.2.064.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 10.2.064.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 10.2.064.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version:  - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917241202-3899386211-2744974957-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

29-07-2014 13:50:44 Windows Update
03-08-2014 11:08:47 Windows Update
05-08-2014 08:34:50 Windows Update
08-08-2014 09:47:42 Windows Update
12-08-2014 11:44:10 Windows Update
13-08-2014 20:19:54 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {061C191A-B360-4BA6-81F8-E8B6AF70883A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
Task: {5E3FEEF7-0328-4670-82BE-D5295049E6E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03] (Google Inc.)
Task: {65C50BF2-F9F2-4542-82DF-0DA7BA5B598C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-13] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-30 23:23 - 2011-06-30 23:23 - 00167936 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-04 19:32 - 2012-01-04 19:32 - 00504064 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
2013-09-25 18:13 - 2014-07-06 21:35 - 00601144 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-07-03 19:32 - 2014-07-06 21:35 - 36966968 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\libcef.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 10683392 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 07741952 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 02248192 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 01681408 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-05-15 23:20 - 2014-05-15 23:20 - 00117248 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 23:20 - 2014-05-15 23:20 - 00231936 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 23:21 - 2014-05-15 23:21 - 00253440 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 23:24 - 2014-05-15 23:24 - 00344064 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 00026624 _____ () C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2011-12-26 14:48 - 2011-12-26 14:48 - 00237568 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WTmpl.dll
2011-12-26 14:43 - 2011-12-26 14:43 - 00327680 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\XParser.dll
2011-12-26 14:47 - 2011-12-26 14:47 - 00290816 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WDialog.dll
2011-12-26 14:44 - 2011-12-26 14:44 - 00512000 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WCtrls.dll
2011-12-13 11:18 - 2011-12-13 11:18 - 00286720 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WCommObj.dll
2011-12-26 14:45 - 2011-12-26 14:45 - 00319488 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WDraw.dll
2011-12-26 14:54 - 2011-12-26 14:54 - 00262144 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\GDIpProc.dll
2011-12-26 14:46 - 2011-12-26 14:46 - 00393216 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WWnd.dll
2011-12-13 12:10 - 2011-12-13 12:10 - 00413696 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanDll.dll
2011-12-13 11:18 - 2011-12-13 11:18 - 00307200 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WConn.dll
2014-07-02 14:55 - 2014-07-06 21:35 - 00867896 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2013-09-25 18:13 - 2014-07-06 21:35 - 00886840 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-25 18:13 - 2014-07-06 21:35 - 00108600 _____ () C:\Users\JoHelc\AppData\Roaming\Spotify\Data\libegl.dll
2014-08-13 22:22 - 2014-08-13 22:22 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-13 22:22 - 2014-08-13 22:22 - 02797056 _____ () C:\Program Files\AVAST Software\Avast\defs\14081301\algo.dll
2014-08-13 22:22 - 2014-08-13 22:22 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-13 22:36 - 2014-08-07 05:20 - 00718152 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 22:36 - 2014-08-07 05:20 - 00126280 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 22:36 - 2014-08-07 05:20 - 08537928 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 22:36 - 2014-08-07 05:20 - 00353096 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 22:36 - 2014-08-07 05:20 - 01732936 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-13 22:36 - 2014-08-07 05:20 - 14669128 _____ () C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2014 01:23:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2014 01:09:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/12/2014 01:40:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2014 11:49:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2014 04:21:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/10/2014 01:32:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2014 09:12:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/09/2014 10:02:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2014 11:07:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 06:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/13/2014 01:22:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (08/13/2014 01:22:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (08/12/2014 01:38:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (08/12/2014 01:38:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (08/11/2014 11:47:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (08/11/2014 11:47:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (08/10/2014 01:30:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (08/10/2014 01:30:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (08/09/2014 10:00:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (08/09/2014 10:00:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577


Microsoft Office Sessions:
=========================
Error: (08/13/2014 01:23:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2014 01:09:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/12/2014 01:40:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2014 11:49:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2014 04:21:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/10/2014 01:32:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2014 09:12:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/09/2014 10:02:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2014 11:07:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 06:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-13 22:34:42.881
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-13 22:24:20.488
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-13 22:16:53.438
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-13 22:00:14.516
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-13 20:35:00.098
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-13 19:48:45.592
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-13 18:48:23.597
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-13 17:39:23.223
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-13 16:20:07.407
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-13 15:26:01.039
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 52%
Total physical RAM: 8087.03 MB
Available physical RAM: 3801.99 MB
Total Pagefile: 16172.24 MB
Available Pagefile: 10160 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:150.28 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.39 GB) (Free:675.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 82B18B96)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 15.08.2014, 07:37

Zone Alarm AV und Firewall komplett deinstallieren.

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

JoeMansky · 15.08.2014, 20:06

Ich finde bei Revo Uninstaller keine Programme mit einem solchem Zusatz, soll ich mit dem nächsten weitermachen?

edit:

So, ich hab jetzt mal mit Combofix weitergemacht.

Code:

ATTFilter

ComboFix 14-08-15.01 - JoHelc 15.08.2014  20:50:17.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.8087.6628 [GMT 2:00]
ausgeführt von:: c:\users\JoHelc\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JoHelc\4.0
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-15 bis 2014-08-15  ))))))))))))))))))))))))))))))
.
.
2014-08-15 18:54 . 2014-08-15 18:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-15 14:32 . 2014-08-15 14:32	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE63D763-A706-4650-B7F1-C863929557E0}\offreg.dll
2014-08-15 11:56 . 2014-08-15 11:56	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-08-15 11:45 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE63D763-A706-4650-B7F1-C863929557E0}\mpengine.dll
2014-08-13 21:53 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-13 21:53 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-08-13 21:53 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-13 21:53 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-13 21:53 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-13 21:53 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-13 21:53 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 21:53 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-13 20:42 . 2014-08-13 20:43	--------	d-----w-	C:\FRST
2014-08-13 20:34 . 2014-08-13 20:35	--------	d-----w-	c:\users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 20:24 . 2014-08-13 20:24	--------	d-----w-	c:\users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 20:22 . 2014-08-13 20:24	427360	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-08-13 20:22 . 2014-08-13 20:22	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-08-13 20:22 . 2014-08-13 20:22	92008	----a-w-	c:\windows\system32\drivers\aswStm.sys
2014-08-13 20:22 . 2014-08-13 20:22	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-08-13 20:22 . 2014-08-13 20:22	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-08-13 20:22 . 2014-08-13 20:22	307344	----a-w-	c:\windows\system32\aswBoot.exe
2014-08-13 20:22 . 2014-08-13 20:22	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-08-13 20:22 . 2014-08-13 20:22	224896	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-08-13 20:22 . 2014-08-13 20:22	1041168	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-08-13 20:22 . 2014-08-13 20:22	43152	----a-w-	c:\windows\avastSS.scr
2014-08-13 20:20 . 2014-08-13 20:20	--------	d-----w-	c:\program files\AVAST Software
2014-08-13 20:19 . 2014-08-13 20:20	--------	d-----w-	c:\programdata\AVAST Software
2014-08-13 20:07 . 2014-08-13 20:08	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-13 20:07 . 2014-08-13 20:07	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 20:07 . 2014-08-13 20:07	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-13 20:07 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-13 20:07 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-13 20:07 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-13 11:33 . 2014-07-14 02:02	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-08-13 11:33 . 2014-07-14 01:40	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-08-13 11:33 . 2014-08-07 02:06	529920	----a-w-	c:\windows\system32\aepdu.dll
2014-08-13 11:33 . 2014-08-07 02:01	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-07-18 15:40 . 2014-08-14 13:11	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 21:55 . 2012-07-03 21:53	99218768	----a-w-	c:\windows\system32\MRT.exe
2014-07-11 01:02 . 2014-02-17 12:52	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-18 02:18 . 2014-07-10 10:57	692736	----a-w-	c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 10:57	646144	----a-w-	c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-10 10:57	624128	----a-w-	c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-10 10:57	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-10 10:53	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-10 10:53	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-10 10:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-10 10:57	210944	----a-w-	c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-10 10:57	86528	----a-w-	c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-10 10:57	340992	----a-w-	c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-10 10:57	314880	----a-w-	c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-10 10:57	307200	----a-w-	c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-10 10:57	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-10 10:57	22016	----a-w-	c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-10 10:57	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-10 10:57	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-10 10:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-10 10:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-10 10:57	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-10 10:57	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-10 10:57	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-10 10:57	497152	----a-w-	c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-06 1178168]
"Spotify"="c:\users\JoHelc\AppData\Roaming\Spotify\spotify.exe" [2014-07-06 6162488]
"f.lux"="c:\users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559"="c:\users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-08-07 860488]
"MusicManager"="c:\users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2014-05-15 7631872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-13 4085896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1000M Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA1000M\WNA1000M.exe -Hide [2012-1-4 504064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\DRIVERS\WNA1000M.sys;c:\windows\SYSNATIVE\DRIVERS\WNA1000M.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe;c:\program files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job
- c:\users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 22:22]
.
2014-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job
- c:\users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 22:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-13 20:22	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.42.129
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-15  20:59:11
ComboFix-quarantined-files.txt  2014-08-15 18:59
.
Vor Suchlauf: 9 Verzeichnis(se), 164.391.079.936 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 166.893.301.760 Bytes frei
.
- - End Of File - - 15A7ECF355FA153693E01583AB46AC89
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 16.08.2014, 13:39

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

JoeMansky · 16.08.2014, 14:41

MBAM

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.08.2014
Suchlauf-Zeit: 15:11:49
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.16.05
Rootkit Datenbank: v2014.08.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: JoHelc

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 299962
Verstrichene Zeit: 3 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

ADwCleaner

Code:

ATTFilter

# AdwCleaner v3.306 - Bericht erstellt am 16/08/2014 um 15:23:07
# Aktualisiert 15/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : JoHelc - JOHELC-PC
# Gestartet von : C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\JoHelc\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\JoHelc\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deutsch.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deutsch.babylon.com_0.localstorage-journal
Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
Datei Gelöscht : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Google Chrome v

[ Datei : C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={6D962002-4AEF-4ED8-9459-AC0C19AD4A26}&mid=738fced7e90147d0bf81d33c0ed5a9c4-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=AVG&pr=fr&d=2012-06-15 18:00:41&v=11.1.0.12&sap=dsp&q={searchTerms}
Gelöscht [Search Provider] : hxxp://thesweetestnoise.com/?s={searchTerms}
Gelöscht [Search Provider] : hxxp://anisearch.de/?page=suche&mode=auswahl&qsearch={searchTerms}
Gelöscht [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3945 octets] - [16/08/2014 15:21:24]
AdwCleaner[S0].txt - [4430 octets] - [16/08/2014 15:23:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4490 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by JoHelc on 16.08.2014 at 15:27:37,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1ABC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1ABC_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1ABC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-1ABC_RASMANCS



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2014 at 15:32:03,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 02
Ran by JoHelc (administrator) on JOHELC-PC on 16-08-2014 15:35:18
Running from C:\Users\JoHelc\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Flux Software LLC) C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-13] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify Web Helper] => C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify] => C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [f.lux] => C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559] => C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [MusicManager] => C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1000M Setup-Assistent.lnk
ShortcutTarget: NETGEAR WNA1000M Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-13]

Chrome: 
=======
CHR HomePage: hxxp://www.google.at/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Users\JoHelc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Easy Auto Refresh) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2012-07-03]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-03]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-07-03]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-02-13]
CHR Extension: (Media Hint) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-05-21]
CHR Extension: (Google Drive) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-15]
CHR Extension: (YouTube) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]
CHR Extension: (Google+ Benachrichtigungen) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2012-07-03]
CHR Extension: (Random Bookmark) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfemjamlkkagdfdekjhggnlbdcpbdpc [2012-07-03]
CHR Extension: (Adblock Plus) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-03]
CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-12-05]
CHR Extension: (Gif Delayer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2014-06-03]
CHR Extension: (Google-Suche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]
CHR Extension: (GExtend) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkjhlnnlabicokdgaecdeihkdlkdhjm [2012-07-03]
CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-01-03]
CHR Extension: (Google Kalender) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-07-03]
CHR Extension: (Google Play Music) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-10]
CHR Extension: (Chain Reaction) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2012-12-11]
CHR Extension: (AdBlock) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-03]
CHR Extension: (avast! Online Security) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-13]
CHR Extension: (Spotify Chrome Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2012-07-03]
CHR Extension: (SoundCloud Downloader) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbhfpgkfmfpjbdofhelpjdmeilbeopp [2012-11-09]
CHR Extension: (Google +1-Schaltfläche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2012-07-03]
CHR Extension: (StumbleUpon) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2012-07-03]
CHR Extension: (Any.do Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-07-06]
CHR Extension: (Metric Conversions) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kninfdohcboilpapkmbbdmcfanlgflld [2014-05-03]
CHR Extension: (Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-07-17]
CHR Extension: (Evernote Web) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-07-03]
CHR Extension: (NextExt) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikijnjpcmngdnahmjihclokafpnniap [2012-11-14]
CHR Extension: (Ghostery) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-16]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Hover Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-03]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-07-03]
CHR Extension: (Select All) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcnbnhefnmjancehemliplicihbcjjb [2012-07-03]
CHR Extension: (https://www.google.at/publicdata/directory?hl) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbmpjekfjbabbfkiifjnokhniifopch [2013-12-09]
CHR Extension: (Click&Clean App) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-03]
CHR Extension: (Page Monitor) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-13]
CHR StartMenuInternet: Google Chrome - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-13] (AVAST Software)
R2 WlanWpsSvc; C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-13] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-10-22] () [File not signed]
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-10-22] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-16] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                           )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Users\JoHelc\Desktop\FRST-OlderVersion
2014-08-16 15:32 - 2014-08-16 15:32 - 00001281 _____ () C:\Users\JoHelc\Desktop\JRT.txt
2014-08-16 15:27 - 2014-08-16 15:27 - 01016261 _____ (Thisisu) C:\Users\JoHelc\Desktop\JRT.exe
2014-08-16 15:27 - 2014-08-16 15:27 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 15:21 - 2014-08-16 15:23 - 00000000 ____D () C:\AdwCleaner
2014-08-16 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-16 15:20 - 2014-08-16 15:20 - 01361203 _____ () C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe
2014-08-15 20:59 - 2014-08-15 20:59 - 00014569 _____ () C:\ComboFix.txt
2014-08-15 20:49 - 2014-08-15 20:59 - 00000000 ____D () C:\Qoobox
2014-08-15 20:49 - 2014-08-15 20:57 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 20:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-15 20:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-15 20:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-15 20:44 - 2014-08-15 20:45 - 05571320 ____R (Swearware) C:\Users\JoHelc\Desktop\ComboFix.exe
2014-08-15 13:56 - 2014-08-15 13:56 - 00001268 _____ () C:\Users\JoHelc\Desktop\Revo Uninstaller.lnk
2014-08-15 13:56 - 2014-08-15 13:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-15 13:55 - 2014-08-15 13:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JoHelc\Downloads\revosetup95.exe
2014-08-14 19:38 - 2014-08-16 01:51 - 00000000 ____D () C:\Users\JoHelc\Desktop\waldviertel
2014-08-13 23:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 23:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 23:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 23:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 23:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 23:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 23:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 23:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 23:52 - 2014-08-13 23:52 - 00001304 _____ () C:\Users\JoHelc\Desktop\ert.txt
2014-08-13 22:44 - 2014-08-13 22:44 - 00380416 _____ () C:\Users\JoHelc\Desktop\Gmer-19357.exe
2014-08-13 22:43 - 2014-08-13 22:43 - 00029229 _____ () C:\Users\JoHelc\Desktop\Addition.txt
2014-08-13 22:42 - 2014-08-16 15:35 - 02101248 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe
2014-08-13 22:42 - 2014-08-16 15:35 - 00019676 _____ () C:\Users\JoHelc\Desktop\FRST.txt
2014-08-13 22:42 - 2014-08-16 15:35 - 00000000 ____D () C:\FRST
2014-08-13 22:40 - 2014-08-13 22:41 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log
2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable
2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe
2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster
2014-08-13 22:34 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-13 22:23 - 2014-08-15 13:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-13 22:22 - 2014-08-13 22:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-13 22:19 - 2014-08-13 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-13 22:18 - 2014-08-13 22:19 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe
2014-08-13 22:07 - 2014-08-16 15:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 22:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-13 22:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-13 22:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-13 22:06 - 2014-08-13 22:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-13 13:35 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 13:35 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 13:35 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 13:35 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 13:35 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 13:35 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 13:35 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 13:35 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 13:35 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 13:35 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 13:35 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 13:35 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 13:35 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 13:35 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 13:35 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 13:35 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 13:35 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 13:35 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 13:35 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:35 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 13:35 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 13:35 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 13:35 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:35 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:35 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 13:35 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:35 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 13:35 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 13:35 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 13:35 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 13:35 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 13:35 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 13:35 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 13:35 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 13:35 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 13:35 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 13:35 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 13:35 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 13:35 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:35 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 13:35 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 13:35 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 13:35 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 13:35 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 13:35 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 13:35 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 13:35 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 13:35 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 13:35 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:35 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 13:35 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 13:35 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 13:35 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 13:35 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 13:35 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 13:35 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 13:35 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 13:35 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 13:35 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 13:35 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 13:35 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 13:35 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:35 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 13:35 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 13:35 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 13:35 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 13:35 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:35 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 13:35 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 13:35 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 13:35 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 13:35 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 13:35 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 13:35 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 13:33 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 13:33 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 13:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 13:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 13:09 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 13:09 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 13:09 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 13:09 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 13:09 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 13:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 13:09 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 13:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Users\JoHelc\Desktop\FRST-OlderVersion
2014-08-16 15:35 - 2014-08-13 22:42 - 02101248 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe
2014-08-16 15:35 - 2014-08-13 22:42 - 00019676 _____ () C:\Users\JoHelc\Desktop\FRST.txt
2014-08-16 15:35 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST
2014-08-16 15:35 - 2012-07-03 00:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job
2014-08-16 15:32 - 2014-08-16 15:32 - 00001281 _____ () C:\Users\JoHelc\Desktop\JRT.txt
2014-08-16 15:31 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 15:31 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 15:29 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-08-16 15:29 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-08-16 15:29 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 15:27 - 2014-08-16 15:27 - 01016261 _____ (Thisisu) C:\Users\JoHelc\Desktop\JRT.exe
2014-08-16 15:27 - 2014-08-16 15:27 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 15:27 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Spotify
2014-08-16 15:24 - 2010-11-21 05:47 - 00173646 _____ () C:\Windows\PFRO.log
2014-08-16 15:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-16 15:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 15:24 - 2009-07-14 06:51 - 00297365 _____ () C:\Windows\setupact.log
2014-08-16 15:23 - 2014-08-16 15:21 - 00000000 ____D () C:\AdwCleaner
2014-08-16 15:23 - 2012-07-03 00:08 - 01230891 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 15:20 - 2014-08-16 15:20 - 01361203 _____ () C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe
2014-08-16 15:11 - 2014-08-13 22:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 14:22 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 01:51 - 2014-08-14 19:38 - 00000000 ____D () C:\Users\JoHelc\Desktop\waldviertel
2014-08-16 01:20 - 2012-07-03 00:22 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job
2014-08-15 20:59 - 2014-08-15 20:59 - 00014569 _____ () C:\ComboFix.txt
2014-08-15 20:59 - 2014-08-15 20:49 - 00000000 ____D () C:\Qoobox
2014-08-15 20:57 - 2014-08-15 20:49 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 20:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-15 20:53 - 2012-07-03 00:08 - 00000000 ____D () C:\Users\JoHelc
2014-08-15 20:45 - 2014-08-15 20:44 - 05571320 ____R (Swearware) C:\Users\JoHelc\Desktop\ComboFix.exe
2014-08-15 16:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 13:56 - 2014-08-15 13:56 - 00001268 _____ () C:\Users\JoHelc\Desktop\Revo Uninstaller.lnk
2014-08-15 13:56 - 2014-08-15 13:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-15 13:55 - 2014-08-15 13:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JoHelc\Downloads\revosetup95.exe
2014-08-15 13:40 - 2014-08-13 22:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-14 16:29 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Local\Spotify
2014-08-14 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 23:56 - 2013-08-14 01:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 23:55 - 2012-07-03 23:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 23:53 - 2014-05-07 23:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 23:52 - 2014-08-13 23:52 - 00001304 _____ () C:\Users\JoHelc\Desktop\ert.txt
2014-08-13 22:44 - 2014-08-13 22:44 - 00380416 _____ () C:\Users\JoHelc\Desktop\Gmer-19357.exe
2014-08-13 22:43 - 2014-08-13 22:43 - 00029229 _____ () C:\Users\JoHelc\Desktop\Addition.txt
2014-08-13 22:41 - 2014-08-13 22:40 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log
2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable
2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe
2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster
2014-08-13 22:35 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-13 22:24 - 2014-08-13 22:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-13 22:20 - 2014-08-13 22:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-13 22:19 - 2014-08-13 22:18 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 22:07 - 2014-08-13 22:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 04:06 - 2014-08-13 13:33 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 13:33 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-01 01:41 - 2014-08-13 13:35 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 13:35 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-25 16:52 - 2014-08-13 13:35 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 13:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 13:35 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 13:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 13:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 13:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 13:35 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 13:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 13:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 13:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 13:35 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 13:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 13:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 13:35 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 13:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 13:35 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 13:35 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 13:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 13:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 13:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 13:35 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 13:35 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 13:35 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 13:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 13:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 13:35 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 13:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 13:35 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 13:35 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 13:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 13:35 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 13:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 13:35 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 13:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 13:35 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 13:35 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 13:35 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 13:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 13:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 13:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 13:35 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 13:35 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 13:35 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 13:35 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 13:35 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 13:35 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 13:35 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 13:35 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 13:35 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 13:35 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 13:35 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\JoHelc\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 00:28

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition-log wurde jetzt nicht gemacht glaub ich, brauch ich den auch wieder?

schrauber · 17.08.2014, 07:19

nö

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

JoeMansky · 17.08.2014, 14:41

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=afa10c2d140fd34a9ed2aec360911fd5
# engine=19700
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-17 01:28:28
# local_time=2014-08-17 03:28:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 267199 4480393 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 35072 159911958 0 0
# scanned=186676
# found=7
# cleaned=0
# scan_time=1563
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=A030238BBFC91AC6A9AC08659C65FBB4ACAECDFA ft=1 fh=1040e9e6e3d18f2b vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=DF03019EA4962809E1AE99549D8A650DDE8DE9B6 ft=1 fh=f4bae2cd41aaec6e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JoHelc\Downloads\ashampoo_burning_studio_6_free_6.81_3639.exe"
sh=6F56C86DEB8AB15508139328DE292590F0476C71 ft=1 fh=9ad6d6796d8a2386 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JoHelc\Downloads\double_driver_4.1.0_portable.exe"
sh=ECD492B55F874927393FF84813821572A9FA1120 ft=1 fh=813680ec73ebc64b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JoHelc\Downloads\zaSetupWeb_102_078_000.exe"
sh=6A51C4AF084FC213AB1408D8ABEAABAB6B196785 ft=1 fh=dac66e915f718cfc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\usb\Downloads\zaSetupWeb_102_057_000.exe"
sh=88AEBF6AA80D04BD15ABECFD1A76F0EECA6ADB85 ft=1 fh=210f94f9550f967c vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\usb\Downloads\zaSetupWeb_102_064_000.exe"

SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by JoHelc (administrator) on JOHELC-PC on 17-08-2014 15:35:26
Running from C:\Users\JoHelc\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Flux Software LLC) C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-13] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify Web Helper] => C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify] => C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [f.lux] => C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559] => C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [MusicManager] => C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1000M Setup-Assistent.lnk
ShortcutTarget: NETGEAR WNA1000M Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-13]

Chrome: 
=======
CHR HomePage: hxxp://www.google.at/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Users\JoHelc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Easy Auto Refresh) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2012-07-03]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-03]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-07-03]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-02-13]
CHR Extension: (Media Hint) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-05-21]
CHR Extension: (Google Drive) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-15]
CHR Extension: (YouTube) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]
CHR Extension: (Google+ Benachrichtigungen) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2012-07-03]
CHR Extension: (Random Bookmark) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfemjamlkkagdfdekjhggnlbdcpbdpc [2012-07-03]
CHR Extension: (Adblock Plus) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-03]
CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-12-05]
CHR Extension: (Gif Delayer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2014-06-03]
CHR Extension: (Google-Suche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]
CHR Extension: (GExtend) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkjhlnnlabicokdgaecdeihkdlkdhjm [2012-07-03]
CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-01-03]
CHR Extension: (Google Kalender) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-07-03]
CHR Extension: (Google Play Music) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-10]
CHR Extension: (Chain Reaction) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2012-12-11]
CHR Extension: (AdBlock) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-03]
CHR Extension: (avast! Online Security) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-13]
CHR Extension: (Spotify Chrome Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2012-07-03]
CHR Extension: (SoundCloud Downloader) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbhfpgkfmfpjbdofhelpjdmeilbeopp [2012-11-09]
CHR Extension: (Google +1-Schaltfläche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2012-07-03]
CHR Extension: (StumbleUpon) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2012-07-03]
CHR Extension: (Any.do Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-07-06]
CHR Extension: (Metric Conversions) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kninfdohcboilpapkmbbdmcfanlgflld [2014-05-03]
CHR Extension: (Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-07-17]
CHR Extension: (Evernote Web) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-07-03]
CHR Extension: (NextExt) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikijnjpcmngdnahmjihclokafpnniap [2012-11-14]
CHR Extension: (Ghostery) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-16]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Hover Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-03]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-07-03]
CHR Extension: (Select All) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcnbnhefnmjancehemliplicihbcjjb [2012-07-03]
CHR Extension: (https://www.google.at/publicdata/directory?hl) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbmpjekfjbabbfkiifjnokhniifopch [2013-12-09]
CHR Extension: (Click&Clean App) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-03]
CHR Extension: (Page Monitor) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-13]
CHR StartMenuInternet: Google Chrome - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-13] (AVAST Software)
R2 WlanWpsSvc; C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-13] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-10-22] () [File not signed]
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-10-22] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-16] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                           )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 15:31 - 2014-08-17 15:31 - 00854417 _____ () C:\Users\JoHelc\Desktop\SecurityCheck.exe
2014-08-17 14:56 - 2014-08-17 14:56 - 02347384 _____ (ESET) C:\Users\JoHelc\Desktop\esetsmartinstaller_deu.exe
2014-08-16 15:35 - 2014-08-17 15:35 - 00000000 ____D () C:\Users\JoHelc\Desktop\FRST-OlderVersion
2014-08-16 15:32 - 2014-08-16 15:32 - 00001281 _____ () C:\Users\JoHelc\Desktop\JRT.txt
2014-08-16 15:27 - 2014-08-16 15:27 - 01016261 _____ (Thisisu) C:\Users\JoHelc\Desktop\JRT.exe
2014-08-16 15:27 - 2014-08-16 15:27 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 15:21 - 2014-08-16 15:23 - 00000000 ____D () C:\AdwCleaner
2014-08-16 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-16 15:20 - 2014-08-16 15:20 - 01361203 _____ () C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe
2014-08-15 20:59 - 2014-08-15 20:59 - 00014569 _____ () C:\ComboFix.txt
2014-08-15 20:49 - 2014-08-15 20:59 - 00000000 ____D () C:\Qoobox
2014-08-15 20:49 - 2014-08-15 20:57 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 20:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-15 20:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-15 20:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-15 20:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-15 20:44 - 2014-08-15 20:45 - 05571320 ____R (Swearware) C:\Users\JoHelc\Desktop\ComboFix.exe
2014-08-15 13:56 - 2014-08-15 13:56 - 00001268 _____ () C:\Users\JoHelc\Desktop\Revo Uninstaller.lnk
2014-08-15 13:56 - 2014-08-15 13:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-15 13:55 - 2014-08-15 13:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JoHelc\Downloads\revosetup95.exe
2014-08-14 19:38 - 2014-08-16 01:51 - 00000000 ____D () C:\Users\JoHelc\Desktop\waldviertel
2014-08-13 23:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 23:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 23:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 23:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 23:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 23:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 23:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 23:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 23:52 - 2014-08-13 23:52 - 00001304 _____ () C:\Users\JoHelc\Desktop\ert.txt
2014-08-13 22:44 - 2014-08-13 22:44 - 00380416 _____ () C:\Users\JoHelc\Desktop\Gmer-19357.exe
2014-08-13 22:43 - 2014-08-13 22:43 - 00029229 _____ () C:\Users\JoHelc\Desktop\Addition.txt
2014-08-13 22:42 - 2014-08-17 15:35 - 02101760 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe
2014-08-13 22:42 - 2014-08-17 15:35 - 00021570 _____ () C:\Users\JoHelc\Desktop\FRST.txt
2014-08-13 22:42 - 2014-08-17 15:35 - 00000000 ____D () C:\FRST
2014-08-13 22:40 - 2014-08-13 22:41 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log
2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable
2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe
2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster
2014-08-13 22:34 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-13 22:23 - 2014-08-15 13:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-13 22:22 - 2014-08-13 22:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-13 22:19 - 2014-08-13 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-13 22:18 - 2014-08-13 22:19 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe
2014-08-13 22:07 - 2014-08-16 15:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 22:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-13 22:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-13 22:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-13 22:06 - 2014-08-13 22:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-13 13:35 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 13:35 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 13:35 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 13:35 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 13:35 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 13:35 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 13:35 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 13:35 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 13:35 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 13:35 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 13:35 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 13:35 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 13:35 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 13:35 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 13:35 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 13:35 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 13:35 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 13:35 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 13:35 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:35 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 13:35 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 13:35 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 13:35 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:35 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:35 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 13:35 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:35 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 13:35 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 13:35 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 13:35 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 13:35 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 13:35 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 13:35 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 13:35 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 13:35 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 13:35 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 13:35 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 13:35 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 13:35 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:35 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 13:35 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 13:35 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 13:35 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 13:35 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 13:35 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 13:35 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 13:35 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 13:35 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 13:35 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:35 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 13:35 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 13:35 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 13:35 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 13:35 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 13:35 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 13:35 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 13:35 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 13:35 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 13:35 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 13:35 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 13:35 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 13:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 13:35 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 13:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:35 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 13:35 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 13:35 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 13:35 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 13:35 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:35 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 13:35 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 13:35 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 13:35 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 13:35 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 13:35 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 13:35 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 13:33 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 13:33 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 13:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 13:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 13:09 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 13:09 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 13:09 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 13:09 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 13:09 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 13:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 13:09 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 13:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 15:35 - 2014-08-16 15:35 - 00000000 ____D () C:\Users\JoHelc\Desktop\FRST-OlderVersion
2014-08-17 15:35 - 2014-08-13 22:42 - 02101760 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe
2014-08-17 15:35 - 2014-08-13 22:42 - 00021570 _____ () C:\Users\JoHelc\Desktop\FRST.txt
2014-08-17 15:35 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST
2014-08-17 15:35 - 2012-07-03 00:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job
2014-08-17 15:31 - 2014-08-17 15:31 - 00854417 _____ () C:\Users\JoHelc\Desktop\SecurityCheck.exe
2014-08-17 14:58 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Spotify
2014-08-17 14:56 - 2014-08-17 14:56 - 02347384 _____ (ESET) C:\Users\JoHelc\Desktop\esetsmartinstaller_deu.exe
2014-08-17 14:42 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 14:42 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 14:41 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-08-17 14:41 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-08-17 14:41 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 14:38 - 2012-07-03 00:08 - 01253602 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 14:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 14:35 - 2009-07-14 06:51 - 00297869 _____ () C:\Windows\setupact.log
2014-08-17 14:35 - 2009-07-14 06:45 - 00275856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 23:35 - 2012-07-03 00:22 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job
2014-08-16 15:32 - 2014-08-16 15:32 - 00001281 _____ () C:\Users\JoHelc\Desktop\JRT.txt
2014-08-16 15:27 - 2014-08-16 15:27 - 01016261 _____ (Thisisu) C:\Users\JoHelc\Desktop\JRT.exe
2014-08-16 15:27 - 2014-08-16 15:27 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 15:24 - 2010-11-21 05:47 - 00173646 _____ () C:\Windows\PFRO.log
2014-08-16 15:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-16 15:23 - 2014-08-16 15:21 - 00000000 ____D () C:\AdwCleaner
2014-08-16 15:23 - 2012-07-03 00:27 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\CheckPoint
2014-08-16 15:20 - 2014-08-16 15:20 - 01361203 _____ () C:\Users\JoHelc\Desktop\adwcleaner_3.306.exe
2014-08-16 15:11 - 2014-08-13 22:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 01:51 - 2014-08-14 19:38 - 00000000 ____D () C:\Users\JoHelc\Desktop\waldviertel
2014-08-15 20:59 - 2014-08-15 20:59 - 00014569 _____ () C:\ComboFix.txt
2014-08-15 20:59 - 2014-08-15 20:49 - 00000000 ____D () C:\Qoobox
2014-08-15 20:57 - 2014-08-15 20:49 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 20:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-15 20:53 - 2012-07-03 00:08 - 00000000 ____D () C:\Users\JoHelc
2014-08-15 20:45 - 2014-08-15 20:44 - 05571320 ____R (Swearware) C:\Users\JoHelc\Desktop\ComboFix.exe
2014-08-15 16:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 13:56 - 2014-08-15 13:56 - 00001268 _____ () C:\Users\JoHelc\Desktop\Revo Uninstaller.lnk
2014-08-15 13:56 - 2014-08-15 13:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-15 13:55 - 2014-08-15 13:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JoHelc\Downloads\revosetup95.exe
2014-08-15 13:40 - 2014-08-13 22:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-14 16:29 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Local\Spotify
2014-08-14 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 23:56 - 2013-08-14 01:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 23:55 - 2012-07-03 23:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 23:53 - 2014-05-07 23:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 23:52 - 2014-08-13 23:52 - 00001304 _____ () C:\Users\JoHelc\Desktop\ert.txt
2014-08-13 22:44 - 2014-08-13 22:44 - 00380416 _____ () C:\Users\JoHelc\Desktop\Gmer-19357.exe
2014-08-13 22:43 - 2014-08-13 22:43 - 00029229 _____ () C:\Users\JoHelc\Desktop\Addition.txt
2014-08-13 22:41 - 2014-08-13 22:40 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log
2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable
2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe
2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster
2014-08-13 22:35 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-13 22:24 - 2014-08-13 22:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-13 22:20 - 2014-08-13 22:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-13 22:19 - 2014-08-13 22:18 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 22:07 - 2014-08-13 22:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 04:06 - 2014-08-13 13:33 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 13:33 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-01 01:41 - 2014-08-13 13:35 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 13:35 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-25 16:52 - 2014-08-13 13:35 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 13:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 13:35 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 13:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 13:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 13:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 13:35 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 13:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 13:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 13:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 13:35 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 13:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 13:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 13:35 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 13:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 13:35 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 13:35 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 13:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 13:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 13:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 13:35 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 13:35 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 13:35 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 13:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 13:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 13:35 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 13:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 13:35 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 13:35 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 13:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 13:35 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 13:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 13:35 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 13:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 13:35 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 13:35 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 13:35 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 13:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 13:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 13:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 13:35 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 13:35 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 13:35 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 13:35 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 13:35 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 13:35 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 13:35 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 13:35 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 13:35 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 13:35 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 13:35 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\JoHelc\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 00:02

==================== End Of Log ============================

--- --- ---

Ja, leider immer noch dasselbe Problem, wenn auch die Tabs direkt gleich wieder geschlossen werden.

schrauber · 18.08.2014, 16:08

Java und Adobe updaten.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

JoeMansky · 18.08.2014, 20:36

Es ist vollbracht! Riesigen Dank!

Gibt's noch irgendwas zu beachten? Zonealarm kann ich vergessen bzw. ist Avast und Windows Firewall genug?

schrauber · 19.08.2014, 12:03

Ja sollte reichen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

JoeMansky · 19.08.2014, 14:48

Verdammt, zu früh gefreut. Ich hab's tatsächlich geschafft die Deinstallation von Combofix zu vermasseln.

Hab's zuerst mit der Umbennenungsvariante versucht, war in der Annahme dass es nicht funktioniert hätte und habe noch zusätzlich über Start -> Ausführen Variante gestartet. Anscheinend ist Combofix dann noch einmal durchgelaufen, wobei zwischen den Stufen immer die Fehlermeldung kam, dass "NIRKMD" nicht gefunden werden konnte.

Nach dem Neustart ist die Fehlermeldung wieder erschienen (und der Bildschirmhintergrund ist nun schwarz).

Hier der Log

Code:

ATTFilter

ComboFix 14-08-15.01 - JoHelc 19.08.2014  15:30:56.2.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.8087.4250 [GMT 2:00]
ausgeführt von:: c:\users\JoHelc\Desktop\uninstall.exe.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
.
c:\windows\SysWow64\sfcfiles.dll . . . fehlt!!
.
c:\windows\system32\drivers\null.sys . . . fehlt!!
.
c:\windows\system32\drivers\afd.sys . . . fehlt!!
.
c:\windows\system32\drivers\ndis.sys . . . fehlt!!
.
c:\windows\system32\drivers\ndisuio.sys . . . fehlt!!
.
c:\windows\system32\drivers\netbios.sys . . . fehlt!!
.
c:\windows\system32\drivers\usbehci.sys . . . fehlt!!
.
c:\windows\system32\drivers\intelppm.sys . . . fehlt!!
.
c:\windows\system32\drivers\tcpip.sys . . . fehlt!!
.
c:\windows\system32\drivers\netbt.sys . . . fehlt!!
.
c:\windows\system32\drivers\asyncmac.sys . . . fehlt!!
.
c:\windows\system32\drivers\cdrom.sys . . . fehlt!!
.
c:\windows\system32\drivers\Serial.sys . . . fehlt!!
.
c:\windows\system32\drivers\ndproxy.sys . . . fehlt!!
.
c:\windows\system32\drivers\ws2ifsl.sys . . . fehlt!!
.
c:\windows\system32\drivers\i8042prt.sys . . . fehlt!!
.
c:\windows\system32\drivers\ipsec.sys . . . fehlt!!
.
c:\windows\system32\drivers\psched.sys . . . fehlt!!
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MSiSCSI
-------\Service_SessionEnv
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-19 bis 2014-08-19  ))))))))))))))))))))))))))))))
.
.
2014-08-19 13:39 . 2014-08-19 13:39	--------	d-----w-	C:\Device
2014-08-19 13:37 . 2014-08-19 13:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-19 12:52 . 2014-08-07 08:59	11319200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A96ED077-C613-480E-A038-D22BA8EF6C95}\mpengine.dll
2014-08-18 19:10 . 2014-08-18 19:19	--------	d-----w-	c:\program files (x86)\Google
2014-08-18 11:56 . 2014-08-18 11:56	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-08-18 11:56 . 2014-08-18 11:56	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-18 11:56 . 2014-08-18 11:56	--------	d-----w-	c:\program files (x86)\Java
2014-08-16 13:27 . 2014-08-16 13:27	--------	d-----w-	c:\windows\ERUNT
2014-08-16 13:21 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-16 13:21 . 2014-08-16 13:23	--------	d-----w-	C:\AdwCleaner
2014-08-15 18:59 . 2014-08-15 18:59	--------	d-----w-	c:\users\Public\AppData
2014-08-15 11:56 . 2014-08-15 11:56	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-08-13 21:53 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-13 21:53 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-13 21:53 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-13 21:53 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 20:42 . 2014-08-17 13:35	--------	d-----w-	C:\FRST
2014-08-13 20:34 . 2014-08-13 20:35	--------	d-----w-	c:\users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 20:24 . 2014-08-13 20:24	--------	d-----w-	c:\users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 20:22 . 2014-08-13 20:22	43152	----a-w-	c:\windows\avastSS.scr
2014-08-13 20:19 . 2014-08-13 20:20	--------	d-----w-	c:\programdata\AVAST Software
2014-08-13 20:07 . 2014-08-13 20:07	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 20:07 . 2014-08-13 20:07	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-13 11:33 . 2014-07-14 01:40	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-08-03 11:09 . 2014-05-14 16:23	36320	----a-w-	c:\windows\SysWow64\wups.dll
2014-08-03 11:09 . 2014-05-14 16:23	581600	----a-w-	c:\windows\SysWow64\wuapi.dll
2014-08-03 11:09 . 2014-05-14 16:17	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2014-08-03 11:09 . 2014-05-14 07:23	179656	----a-w-	c:\windows\SysWow64\wuwebv.dll
2014-08-03 11:09 . 2014-05-14 07:17	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 13:03 . 2014-07-18 15:40	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-07-02 03:09 . 2012-07-03 17:23	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-06-18 01:51 . 2014-07-10 10:57	646144	----a-w-	c:\windows\SysWow64\osk.exe
2014-06-06 09:44 . 2014-07-10 10:57	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-06-05 14:26 . 2014-07-10 10:53	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-10 10:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-05-30 07:52 . 2014-07-10 10:57	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-10 10:57	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-10 10:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-10 10:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-10 10:57	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-10 10:57	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-10 10:57	17408	----a-w-	c:\windows\SysWow64\credssp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
.
[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\erdnt\cache86\mfc40u.dll
[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
[7] 2014-03-04 . FB18FE03DEC1297107946C4D597797C3 . 3974080 . . [6.1.7601.22616] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntkrnlpa.exe
[7] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] . . c:\windows\erdnt\cache86\ntkrnlpa.exe
[7] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] . . c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntkrnlpa.exe
[7] 2013-08-29 . EB6B2FB5EE07337C8B4F3A16CBC18BE3 . 3973568 . . [6.1.7601.22436] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe
[7] 2013-08-29 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[7] 2013-08-02 . 0F3ACFF7F3D87C319F7894EF7155609B . 3973056 . . [6.1.7601.22411] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntkrnlpa.exe
[7] 2013-08-02 . 1A9E4EE88B31750E5CA207424143F99C . 3968960 . . [6.1.7601.18229] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntkrnlpa.exe
[7] 2013-07-09 . DD5F17D44E9966E7EA447AE8C4D12D6C . 3968960 . . [6.1.7601.18205] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_6e437f48125c4b05\ntkrnlpa.exe
[7] 2013-07-08 . 16A6C242C9B4DCA5A0B0FB7A95A75D70 . 3973056 . . [6.1.7601.22379] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_6e856dc72baf13c2\ntkrnlpa.exe
[7] 2013-03-19 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[7] 2013-03-19 . 3DFCBEEE97DF8BBAA749CAACFC9C43E1 . 3972440 . . [6.1.7601.22280] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[7] 2013-01-05 . 660100CB90F344040EF57F52FC0681C3 . 3967848 . . [6.1.7601.18044] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[7] 2013-01-05 . 8E43161944CE6E3A1F2B2618B992A8CE . 3971928 . . [6.1.7601.22210] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[7] 2012-08-30 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[7] 2012-08-30 . 770FEEA2823E463D68E170D7EA6FAEBA . 3972464 . . [6.1.7601.22103] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe
[7] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe
[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2010-11-21 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
.
[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\erdnt\cache86\olepro32.dll
[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
.
c:\windows\System32\drivers\atapi.sys ... Fehlt !!
c:\windows\System32\drivers\asyncmac.sys ... Fehlt !!
c:\windows\System32\drivers\beep.sys ... Fehlt !!
c:\windows\System32\drivers\kbdclass.sys ... Fehlt !!
c:\windows\System32\drivers\ndis.sys ... Fehlt !!
c:\windows\System32\drivers\ntfs.sys ... Fehlt !!
c:\windows\System32\drivers\null.sys ... Fehlt !!
c:\windows\System32\drivers\tcpip.sys ... Fehlt !!
c:\windows\System32\browser.dll ... Fehlt !!
c:\windows\System32\lsass.exe ... Fehlt !!
c:\windows\System32\netman.dll ... Fehlt !!
c:\windows\System32\qmgr.dll ... Fehlt !!
c:\windows\System32\rpcss.dll ... Fehlt !!
c:\windows\System32\services.exe ... Fehlt !!
c:\windows\System32\spoolsv.exe ... Fehlt !!
c:\windows\System32\winlogon.exe ... Fehlt !!
c:\windows\System32\wuauclt.exe ... Fehlt !!
c:\windows\System32\drivers\ipsec.sys ... Fehlt !!
c:\windows\System32\eventlog.dll ... Fehlt !!
c:\windows\System32\sfcfiles.dll ... Fehlt !!
c:\windows\System32\drivers\ipsec.sys ... Fehlt !!
c:\windows\System32\regsvc.dll ... Fehlt !!
c:\windows\System32\schedsvc.dll ... Fehlt !!
c:\windows\System32\ssdpsrv.dll ... Fehlt !!
c:\windows\System32\termsrv.dll ... Fehlt !!
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2012-01-04 08:58	442880	----a-w-	c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-06 1178168]
"Spotify"="c:\users\JoHelc\AppData\Roaming\Spotify\spotify.exe" [2014-07-06 6162488]
"f.lux"="c:\users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"MusicManager"="c:\users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2014-05-15 7631872]
"GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-08-07 860488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-13 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1000M Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA1000M\WNA1000M.exe -Hide [2012-1-4 504064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys --> c:\windows\system32\drivers\amdxata.sys [?]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys --> c:\windows\system32\drivers\aswRvrt.sys [?]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys --> c:\windows\system32\drivers\aswVmm.sys [?]
R0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\system32\CLFS.sys --> c:\windows\system32\CLFS.sys [?]
R0 CNG;CNG;c:\windows\system32\Drivers\cng.sys --> c:\windows\system32\Drivers\cng.sys [?]
R0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys --> c:\windows\system32\drivers\fileinfo.sys [?]
R0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\system32\DRIVERS\fvevol.sys --> c:\windows\system32\DRIVERS\fvevol.sys [?]
R0 hwpolicy;Hardware Policy Driver;c:\windows\system32\drivers\hwpolicy.sys --> c:\windows\system32\drivers\hwpolicy.sys [?]
R0 KSecPkg;KSecPkg;c:\windows\system32\Drivers\ksecpkg.sys --> c:\windows\system32\Drivers\ksecpkg.sys [?]
R0 msahci;msahci;c:\windows\system32\drivers\msahci.sys --> c:\windows\system32\drivers\msahci.sys [?]
R0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys --> c:\windows\system32\drivers\msisadrv.sys [?]
R0 pcw;Performance Counters for Windows Driver;c:\windows\system32\drivers\pcw.sys --> c:\windows\system32\drivers\pcw.sys [?]
R0 rdyboost;ReadyBoost;c:\windows\system32\drivers\rdyboost.sys --> c:\windows\system32\drivers\rdyboost.sys [?]
R0 spldr;Security Processor Loader Driver;c:\windows\system32\drivers\spldr.sys --> c:\windows\system32\drivers\spldr.sys [?]
R0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\drivers\vdrvroot.sys --> c:\windows\system32\drivers\vdrvroot.sys [?]
R0 volmgr;Treiber für Volume-Manager;c:\windows\system32\drivers\volmgr.sys --> c:\windows\system32\drivers\volmgr.sys [?]
R0 volmgrx;Dynamischer Volume-Manager;c:\windows\system32\drivers\volmgrx.sys --> c:\windows\system32\drivers\volmgrx.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys --> c:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys --> c:\windows\system32\drivers\aswSP.sys [?]
R1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys --> c:\windows\system32\DRIVERS\blbdrive.sys [?]
R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys --> c:\windows\system32\Drivers\dfsc.sys [?]
R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys --> c:\windows\system32\drivers\discache.sys [?]
R1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys --> c:\windows\system32\drivers\nsiproxy.sys [?]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys --> c:\windows\system32\drivers\rdpencdd.sys [?]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys --> c:\windows\system32\drivers\rdprefmp.sys [?]
R1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
R1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys --> c:\windows\system32\DRIVERS\wanarp.sys [?]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys --> c:\windows\system32\DRIVERS\wfplwf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys --> c:\windows\system32\drivers\aswHwid.sys [?]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys --> c:\windows\system32\drivers\aswMonFlt.sys [?]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys --> c:\windows\system32\drivers\aswStm.sys [?]
R2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
R2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]
R2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]
R2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]
R2 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]
R2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe -k NetSvcs [14.07.2009 01:19 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys --> c:\windows\system32\DRIVERS\lltdio.sys [?]
R2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys --> c:\windows\system32\drivers\luafv.sys [?]
R2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]
R2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]
R2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe -k NetworkService [14.07.2009 01:19 20992]
R2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]
R2 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys --> c:\windows\system32\drivers\peauth.sys [?]
R2 Power;Stromversorgung;c:\windows\system32\svchost.exe -k DcomLaunch [14.07.2009 01:19 20992]
R2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]
R2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe -k RPCSS [14.07.2009 01:19 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys --> c:\windows\system32\drivers\tcpipreg.sys [?]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [27.08.2012 10:44 2673064]
R2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [14.07.2009 01:19 20992]
R2 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
R2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [30.06.2011 23:23 167936]
R3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys --> c:\windows\system32\drivers\AtihdW76.sys [?]
R3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys --> c:\windows\system32\DRIVERS\bowser.sys [?]
R3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\DRIVERS\CompositeBus.sys --> c:\windows\system32\DRIVERS\CompositeBus.sys [?]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\system32\drivers\dxgkrnl.sys --> c:\windows\system32\drivers\dxgkrnl.sys [?]
R3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
R3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys --> c:\windows\system32\DRIVERS\monitor.sys [?]
R3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys --> c:\windows\system32\drivers\mpsdrv.sys [?]
R3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys --> c:\windows\system32\DRIVERS\mrxsmb10.sys [?]
R3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys --> c:\windows\system32\DRIVERS\mrxsmb20.sys [?]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys --> c:\windows\system32\DRIVERS\nwifi.sys [?]
R3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe -k LocalService [14.07.2009 01:19 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys --> c:\windows\system32\DRIVERS\AgileVpn.sys [?]
R3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys --> c:\windows\system32\DRIVERS\srv2.sys [?]
R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys --> c:\windows\system32\DRIVERS\srvnet.sys [?]
R3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys --> c:\windows\system32\DRIVERS\tunnel.sys [?]
R3 umbus;UMBusenumerator-Treiber;c:\windows\system32\DRIVERS\umbus.sys --> c:\windows\system32\DRIVERS\umbus.sys [?]
R3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe -k LocalService [14.07.2009 01:19 20992]
R3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
R3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [11.09.2013 20:39 124088]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe --> c:\windows\system32\sppsvc.exe [?]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys --> c:\windows\system32\drivers\1394ohci.sys [?]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys --> c:\windows\system32\drivers\acpipmi.sys [?]
S3 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys --> c:\windows\system32\drivers\adp94xx.sys [?]
S3 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys --> c:\windows\system32\drivers\adpahci.sys [?]
S3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys --> c:\windows\system32\drivers\amdsata.sys [?]
S3 amdsbs;amdsbs;c:\windows\system32\drivers\amdsbs.sys --> c:\windows\system32\drivers\amdsbs.sys [?]
S3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys --> c:\windows\system32\drivers\appid.sys [?]
S3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]
S3 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys --> c:\windows\system32\drivers\arcsas.sys [?]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbda.sys --> c:\windows\system32\drivers\bxvbda.sys [?]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys --> c:\windows\system32\DRIVERS\b57nd60a.sys [?]
S3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys --> c:\windows\system32\drivers\BrFiltLo.sys [?]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys --> c:\windows\system32\drivers\BrFiltUp.sys [?]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\Drivers\Brserid.sys --> c:\windows\system32\Drivers\Brserid.sys [?]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys --> c:\windows\system32\Drivers\BrSerWdm.sys [?]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys --> c:\windows\system32\Drivers\BrUsbMdm.sys [?]
S3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]
S3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys --> c:\windows\system32\drivers\circlass.sys [?]
S3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe -k defragsvc [14.07.2009 01:19 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\drivers\evbda.sys --> c:\windows\system32\drivers\evbda.sys [?]
S3 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys --> c:\windows\system32\drivers\elxstor.sys [?]
S3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]
S3 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]
S3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys --> c:\windows\system32\drivers\filetrace.sys [?]
S3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys --> c:\windows\system32\drivers\FsDepends.sys [?]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys --> c:\windows\system32\drivers\hcw85cir.sys [?]
S3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
S3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [14.07.2009 01:19 20992]
S3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys --> c:\windows\system32\drivers\HpSAMD.sys [?]
S3 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys --> c:\windows\system32\drivers\iaStorV.sys [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe /V --> c:\windows\system32\IEEtwCollector.exe  [?]
S3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys --> c:\windows\system32\drivers\IPMIDrv.sys [?]
S3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys --> c:\windows\system32\drivers\msiscsi.sys [?]
S3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [14.07.2009 01:19 20992]
S3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe -k LocalService [14.07.2009 01:19 20992]
S3 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys --> c:\windows\system32\drivers\lsi_fc.sys [?]
S3 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys --> c:\windows\system32\drivers\lsi_sas.sys [?]
S3 LSI_SAS2;LSI_SAS2;c:\windows\system32\drivers\lsi_sas2.sys --> c:\windows\system32\drivers\lsi_sas2.sys [?]
S3 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys --> c:\windows\system32\drivers\lsi_scsi.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\MBAMSwissArmy.sys --> c:\windows\system32\drivers\MBAMSwissArmy.sys [?]
S3 megasas;megasas;c:\windows\system32\drivers\megasas.sys --> c:\windows\system32\drivers\megasas.sys [?]
S3 mpio;mpio;c:\windows\system32\drivers\mpio.sys --> c:\windows\system32\drivers\mpio.sys [?]
S3 msdsm;msdsm;c:\windows\system32\drivers\msdsm.sys --> c:\windows\system32\drivers\msdsm.sys [?]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\system32\drivers\mshidkmdf.sys --> c:\windows\system32\drivers\mshidkmdf.sys [?]
S3 MsRPC;MsRPC;c:\windows\system32\drivers\MsRPC.sys --> c:\windows\system32\drivers\MsRPC.sys [?]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\drivers\MTConfig.sys --> c:\windows\system32\drivers\MTConfig.sys [?]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys --> c:\windows\system32\DRIVERS\ndiscap.sys [?]
S3 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys --> c:\windows\system32\drivers\nfrd960.sys [?]
S3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys --> c:\windows\system32\drivers\nvstor.sys [?]
S3 PerfHost;Leistungsindikator-DLL-Host;c:\windows\SysWOW64\perfhost.exe [14.07.2009 01:11 20992]
S3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]
S3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe -k LocalServicePeerNet [14.07.2009 01:19 20992]
S3 ql2300;ql2300;c:\windows\system32\drivers\ql2300.sys --> c:\windows\system32\drivers\ql2300.sys [?]
S3 ql40xx;ql40xx;c:\windows\system32\drivers\ql40xx.sys --> c:\windows\system32\drivers\ql40xx.sys [?]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\drivers\rdpbus.sys --> c:\windows\system32\drivers\rdpbus.sys [?]
S3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\DRIVERS\WNA1000M.sys --> c:\windows\system32\DRIVERS\WNA1000M.sys [?]
S3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys --> c:\windows\system32\DRIVERS\scfilter.sys [?]
S3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]
S3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe -k SDRSVC [14.07.2009 01:19 20992]
S3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys --> c:\windows\system32\drivers\sffp_mmc.sys [?]
S3 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys --> c:\windows\system32\drivers\sisraid4.sys [?]
S3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys --> c:\windows\system32\DRIVERS\smb.sys [?]
S3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]
S3 stexstor;stexstor;c:\windows\system32\drivers\stexstor.sys --> c:\windows\system32\drivers\stexstor.sys [?]
S3 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
S3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 01:19 20992]
S3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]
S3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 01:19 20992]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [21.11.2010 05:24 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys --> c:\windows\system32\DRIVERS\tssecsrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys --> c:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys --> c:\windows\system32\drivers\TsUsbGD.sys [?]
S3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe --> c:\windows\system32\UI0Detect.exe [?]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys --> c:\windows\system32\drivers\uliagpkx.sys [?]
S3 usbcir;eHome-Infrarotempfänger (USBCIR);c:\windows\system32\drivers\usbcir.sys --> c:\windows\system32\drivers\usbcir.sys [?]
S3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
S3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys --> c:\windows\system32\drivers\vhdmp.sys [?]
S3 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys --> c:\windows\system32\drivers\vsmraid.sys [?]
S3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\system32\DRIVERS\vwifibus.sys --> c:\windows\system32\DRIVERS\vwifibus.sys [?]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys --> c:\windows\system32\drivers\wacompen.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe --> c:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wbengine;Blockebenen-Sicherungsmodul;"c:\windows\system32\wbengine.exe" --> c:\windows\system32\wbengine.exe [?]
S3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe -k WbioSvcGroup [14.07.2009 01:19 20992]
S3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]
S3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe -k wcssvc [14.07.2009 01:19 20992]
S3 Wd;Wd;c:\windows\system32\drivers\wd.sys --> c:\windows\system32\drivers\wd.sys [?]
S3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe -k NetworkService [14.07.2009 01:19 20992]
S3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe -k netsvcs [14.07.2009 01:19 20992]
S3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe -k WerSvcGroup [14.07.2009 01:19 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [14.07.2009 01:17 19008]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [14.07.2009 01:19 20992]
S3 WwanSvc;WWAN - automatische Konfiguration;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 01:19 20992]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [13.08.2014 23:56 90776]
S4 Mcx2Svc;Media Center Extender-Dienst;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 01:19 20992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch	REG_MULTI_SZ   	Power PlugPlay DcomLaunch
wcssvc	REG_MULTI_SZ   	WcsPlugInService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
eventsystem
iprip
netman
wzcsvc
ip6fwhlp
WmdmPmSN
UxTuneUp
Appinfo
BDESVC
Browser
EapHost
hkmsvc
IKEEXT
MMCSS
ProfSvc
Schedule
seclogon
Themes
wercplsupport
Winmgmt
wuauserv
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-07-14 01:14	278528	----a-w-	c:\windows\System32\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-18 19:19	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18 19:10]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18 19:10]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job
- c:\users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 22:22]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job
- c:\users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 22:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.42.129
.
.
------- Dateityp-Verknüpfung -------
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
HKLM_ActiveSetup-{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - c:\program files (x86)\Windows Mail\WinMail.exe OCInstallUserConfigOE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-19 15:40
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-19  15:42:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-19 13:42
ComboFix2.txt  2014-08-15 18:59
.
Vor Suchlauf: 12 Verzeichnis(se), 167.251.238.912 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 166.766.317.568 Bytes frei
.
- - End Of File - - 1B016617D5ED8E9DE642DFF4F4F873C3
A36C5E4F47E84449FF07ED3517B43A31

Ich hoffe ich hab's jetzt nicht komplett zerlegt :/

schrauber · 20.08.2014, 09:18

Was ist genau aktueller Stand wenn Du den PC normal startest?

JoeMansky · 20.08.2014, 10:05

Funktioniert eigentlich alles ganz normal, der einzige Unterschied ist dass wie erwähnt der Bildschirmhintergrund weg bzw. schwarz ist.

edit: Was mir gerade noch aufgefallen ist, ich sehe im Explorer die Kleinansicht/Vorschau von Bildern oder Albencovers nicht.

14.08.2014, 13:18	#2
schrauber /// the machine /// TB-Ausbilder	Windows 7 Chrome: Werbung in neuen Tabs HI, Addition.txt von FRST fehlt. __________________ __________________

20.08.2014, 09:18	#14
schrauber /// the machine /// TB-Ausbilder	Windows 7 Chrome: Werbung in neuen Tabs Was ist genau aktueller Stand wenn Du den PC normal startest? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7 Chrome: Werbung in neuen Tabs

Log-Analyse und Auswertung: Windows 7 Chrome: Werbung in neuen Tabs