Trojaner-Board - Dringender Verdacht auf Trojaner durch scheinbare Inkasso Mail

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Dringender Verdacht auf Trojaner durch scheinbare Inkasso Mail (https://www.trojaner-board.de/140432-dringender-verdacht-trojaner-scheinbare-inkasso-mail.html)

Dringender Verdacht auf Trojaner durch scheinbare Inkasso Mail

Hallo Trojaner Board-Team

Ich habe den dringenden Verdacht, dass ich auf meinem Rechner Trojaner habe, denn ich habe gestern Abend dummerweise den zip-Anhang einer scheinbaren Inkasso Mail geklickt. Warum ich das tat ist mir nun unklar, den weder habe ich Schulden noch bin ich derart naiv, aber das tut nichts zur Sache.

Ich habe einen OTL-Scan nach der Anleitung durchgeführt, hier sind die Logfiles:

Logfile 1:OTL Logfile:

Code:

OTL Extras logfile created on: 25.08.2013 15:42:31 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tom\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,97 Gb Total Physical Memory | 0,47 Gb Available Physical Memory | 23,73% Memory free

3,95 Gb Paging File | 2,15 Gb Available in Paging File | 54,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 148,85 Gb Total Space | 80,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS

Drive D: | 6,87 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: *** | User Name: ***| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-917700457-1158450599-239899679-1000\SOFTWARE\Classes\<extension>]

.html [@ = RockMeltHTML] -- C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe (RockMelt, Inc.)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08658D43-DA7E-428F-8D00-E3B5E305AAFC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{126FC341-9923-431F-A4EB-F40E3BD746C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{15882F14-9865-4C44-B50C-B27DE79895A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{19AAB817-F4B7-4ECB-81BC-40F35D6DB2EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{32C30415-5372-40FA-AA14-D431C196E9C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{33A02F69-B351-418F-BE41-A46C5096D0FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3841A7A2-DFB1-4A5D-B658-E6E93184DC15}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{3F8DCBBC-0CAF-44CD-B34B-315C421141E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{408F9DC6-3678-45FC-AEA4-75F55D5872AB}" = rport=137 | protocol=17 | dir=out | app=system | 

"{44B3DCED-A32C-425A-A717-0B4054A3C47C}" = rport=445 | protocol=6 | dir=out | app=system | 

"{4979CB14-5CB9-4109-BCFC-7A36CE241E87}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{4D155905-29B5-453D-B0A7-D0278D513556}" = rport=138 | protocol=17 | dir=out | app=system | 

"{6E8A4B6E-1C2A-43C3-889E-3B07099D3585}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{799C667D-C9EC-434F-9DCA-E04A4AE99850}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{8726139A-807A-4E4F-8748-F5E4A45214D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{8E4D7818-1FF4-44D9-B84C-9545BB3BEC5D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{9B0FB887-AACF-4792-A9DC-EBBB62C82398}" = lport=137 | protocol=17 | dir=in | app=system | 

"{AD53FE8B-F925-46C9-AB78-DA4EE48BFCCC}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{B10231FC-943E-40CD-B15A-74E6F49299C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B9BE1CC4-25C4-409E-96EA-7827950EACBF}" = lport=139 | protocol=6 | dir=in | app=system | 

"{BC874326-5BCB-45F1-9720-64146DCE1F87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{E48ADEFA-A930-4CEA-8C65-183127427BEA}" = rport=139 | protocol=6 | dir=out | app=system | 

"{E7807356-C994-4794-99FD-8E952B70D2B3}" = lport=445 | protocol=6 | dir=in | app=system | 

"{E8D7921E-0594-444B-B7B4-2843B532C34C}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{F7FB8494-118E-4355-BACB-64A90562D213}" = lport=138 | protocol=17 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08062281-1B2E-48B8-8633-834AC3E08DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 

"{0E9126AA-F3DD-4594-BEDB-CF2558BD0BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{0F7201DA-6EA9-4B3B-A4E8-3C7D7F2B9863}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 

"{12E905B4-70E5-43C6-AA66-A7BCCD33A976}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{16205F6E-FC6D-433D-86C3-1BAB4450E553}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{16AE6F83-9C92-475E-BA10-D68102677516}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{1BB97613-6791-454C-A58F-F6B666CB4A98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{2186CEBD-DA66-49D1-B770-9EDDA4C89745}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{27D2DE49-C912-47B1-A283-6AB5B2B10B23}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 

"{2BD965CF-68BB-48E4-B4F7-CEE4CF02B968}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2D315443-5D5A-48C5-B0B9-61F0F1B08372}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{2D776616-97E8-4620-A5BD-13C8A05C3B4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{2ED7464D-1E62-4EA6-ACBA-0A3A56140F86}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{449D611E-A004-4298-802E-7369D2AC5343}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 

"{4C7E8FB2-278D-4476-A183-B89C86402D97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{520B700F-11BD-418A-84DB-9769AADBE142}" = protocol=6 | dir=out | app=system | 

"{52483C03-501B-49D5-ACEE-BE8C3F32148C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 

"{5BA9C15F-A501-4E65-A416-5C7399359333}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{6B301D61-22DC-45AE-8488-C251FAE9F4E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{6F2CB1B9-7051-4371-BCD5-82067A9BB0CE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 

"{779B6ED9-6032-4EB3-BFE9-FD2C831B86AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{77DDE807-B9E0-4898-91FA-A2683F62CDDA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{808196A6-7D7F-491C-8A05-FC603B3438F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{81DDDDB4-C131-45C0-89EB-57222B8C3541}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{836529F0-034A-49A0-A1D5-0C0A0A4BD798}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{84D6ED62-3BDB-4E44-A099-336E4DE310C4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 

"{89F99F05-58F4-4B71-8E09-F35101395D53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{8A8184B8-43C3-4157-9282-7CA18546897F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{AEFB4C4E-841E-4976-B671-3650447BEA4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{B08252AC-EDAB-43AC-89EF-283B73E37D6D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 

"{BD60F97A-BB2C-4AB3-8B88-37B046D7C8FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{C19DD738-7252-4CDA-9E5A-BCF03F69E5C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{C9AFF710-C7D6-4160-B171-049FA8BA9D46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CDB02AB9-14DD-4616-9C70-328FA561B302}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 

"{D06E69E7-50DA-4E4D-90C0-D03435FC39F0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 

"{D58A382D-9C01-4900-A7CB-AC900D7C0CC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{D649D55E-9CC1-4A8D-B905-8CB6530563E2}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 

"{DC2DC048-CCD2-4EB6-932B-9DC3D334FAFF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 

"{F03BF659-E08E-4BE2-B8C7-985C2EC3A5D7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 

"{F6011CCC-D4A1-473A-A762-89BA22958694}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{F6511279-FEB9-4EE5-A828-BCB6142A53F9}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 

"{FC501DC2-AB78-4B29-923E-57875B7546A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{FEEBFE7A-371F-41A5-A231-3B4BB6579F2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{68C25A12-3CA7-4ADD-B5D8-FF355AC17806}" = ESET Smart Security

"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation

"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HECI" = Intel(R) Management Engine Interface

"MESOL" = Intel® Active-Management-Technologie

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker

"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II

"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery

"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{4EFA42DB-E4EC-4537-9DF3-5158D08A9785}_is1" = Apowersoft Free Screen Recorder V1.1.0

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6541EA45-0665-4485-ABAA-417BC83AC92F}_is1" = Kalkules 1.9.1.20

"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials

"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{A86A50FC-7C22-478B-BAEF-82393328825F}" = LastChaosGER

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack

"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™

"{BB21B808-F784-4883-A4D4-B1473384C1C6}" = LibreOffice 3.5

"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer

"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common

"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17

"AVMWLANCLI" = AVM FRITZ!WLAN

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Fotor" = Fotor 1.1.0

"Google Chrome" = Google Chrome

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NETGEAR Genie" = NETGEAR Genie

"Trojan Remover_is1" = Trojan Remover 6.8.8

"TrojanHunter_is1" = TrojanHunter 5.5

"Update Engine" = Sony Ericsson Update Engine

"VLC media player" = VLC media player 2.0.0

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-Bit)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-917700457-1158450599-239899679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"RockMelt" = RockMelt

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 20.08.2013 03:47:03 | Computer Name = *** | Source = Google Update | ID = 20

Description = 

 

Error - 20.08.2013 04:47:00 | Computer Name = *** | Source = Google Update | ID = 20

Description = 

 

Error - 20.08.2013 05:12:14 | Computer Name = *** | Source = LMS | ID = 2

Description = LMS Service lost connection to HECI driver

 

Error - 20.08.2013 05:47:07 | Computer Name = *** | Source = Google Update | ID = 20

Description = 

 

Error - 20.08.2013 06:24:31 | Computer Name = *** | Source = System Restore | ID = 8193

Description = 

 

Error - 20.08.2013 06:47:01 | Computer Name = *** | Source = Google Update | ID = 20

Description = 

 

Error - 20.08.2013 07:47:01 | Computer Name = *** | Source = Google Update | ID = 20

Description = 

 

Error - 20.08.2013 08:00:37 | Computer Name = *** | Source = LMS | ID = 2

Description = LMS Service lost connection to HECI driver

 

Error - 20.08.2013 08:56:22 | Computer Name = *** | Source = Google Update | ID = 20

Description = 

 

Error - 20.08.2013 09:47:00 | Computer Name = ***| Source = Google Update | ID = 20

Description = 

 

[ System Events ]

Error - 07.05.2013 04:35:13 | Computer Name = *** | Source = Service Control Manager | ID = 7034

Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 10.05.2013 05:30:01 | Computer Name = *** | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Neustart des Diensts.

 

Error - 10.05.2013 05:30:31 | Computer Name = ***| Source = Service Control Manager | ID = 7031

Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist

 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Neustart des Diensts.

 

Error - 10.05.2013 05:31:31 | Computer Name = *** | Source = Service Control Manager | ID = 7032

Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden

 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,

 ist fehlgeschlagen. Fehler:   %%1056

 

Error - 22.05.2013 08:50:42 | Computer Name = *** | Source = Service Control Manager | ID = 7034

Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 26.05.2013 08:06:42 | Computer Name = *** | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 31.05.2013 05:34:30 | Computer Name =*** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597

 (Definition 1.151.1320.0)

 

Error - 01.06.2013 16:43:40 | Computer Name = *** | Source = DCOM | ID = 10010

Description = 

 

Error - 04.06.2013 13:45:14 | Computer Name = *** | Source = DCOM | ID = 10005

Description = 

 

Error - 04.06.2013 13:45:14 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%109

 

 

< End of report >

--- --- ---
Logfile 2:OTL Logfile:

Code:

OTL logfile created on: 25.08.2013 15:42:31 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tom\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,97 Gb Total Physical Memory | 0,47 Gb Available Physical Memory | 23,73% Memory free

3,95 Gb Paging File | 2,15 Gb Available in Paging File | 54,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 148,85 Gb Total Space | 80,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS

Drive D: | 6,87 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: ***-PC | User Name: ***| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Tom\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()

PRC - C:\Program Files (x86)\TrojanHunter 5.5\thcl.exe ()

PRC - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)

PRC - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()

PRC - C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe ()

PRC - C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe (RockMelt, Inc.)

PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)

PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)

PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)

PRC - C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel)

PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()

MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe ()

MOD - C:\Users\Tom\AppData\Local\RockMelt\Application\0.16.91.483\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\Tom\AppData\Local\RockMelt\Application\0.16.91.483\avutil-51.dll ()

MOD - C:\Users\Tom\AppData\Local\RockMelt\Application\0.16.91.483\avcodec-53.dll ()

MOD - C:\Users\Tom\AppData\Local\RockMelt\Application\0.16.91.483\avformat-53.dll ()

MOD - C:\Users\Tom\AppData\Local\RockMelt\Application\0.16.91.483\plugins\npswf32.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll ()

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll ()

MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()

MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()

MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (NETGEARGenieDaemon) -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (NETGEAR)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)

SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)

SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (UNS) -- C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel)

SRV - (LMS) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)

DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)

DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)

DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)

DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)

DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)

DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)

DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)

DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-917700457-1158450599-239899679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-917700457-1158450599-239899679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-917700457-1158450599-239899679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 24 71 B6 F8 1C CE 01  [binary data]

IE - HKU\S-1-5-21-917700457-1158450599-239899679-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-917700457-1158450599-239899679-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-917700457-1158450599-239899679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-917700457-1158450599-239899679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Wikipedia (de)"

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX:  File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Tom\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012.04.26 15:02:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.04.26 15:02:23 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2013.01.07 19:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions

[2013.06.14 11:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\l8991ut4.default\extensions

[2013.08.19 16:40:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013.08.19 16:40:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RockMelt Update (Enabled) = C:\Users\Tom\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google-Suche = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Mail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.04.25 13:46:28 | 000,000,889 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       dyndhcp-10-252-136-128.muc # LMS GENERATED LINE

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)

O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-917700457-1158450599-239899679-1000..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()

O4 - HKU\S-1-5-21-917700457-1158450599-239899679-1000..\Run: [RockMelt Update] C:\Users\Tom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.)

O4 - HKU\S-1-5-21-917700457-1158450599-239899679-1000..\Run: [roinvrru] C:\Users\Tom\AppData\Local\Temp\Rrrsszz\ggvvrrvrru.exe (PortableApps.com)

O4 - HKU\S-1-5-21-917700457-1158450599-239899679-1000..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-917700457-1158450599-239899679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AB7D48A-71BE-4F8B-B0BB-A21B186BF30F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58533F04-9D24-40BF-8D75-41C51C3E2091}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{a273cf99-58e2-11e2-b42e-0021861fbe9e}\Shell - "" = AutoRun

O33 - MountPoints2\{a273cf99-58e2-11e2-b42e-0021861fbe9e}\Shell\AutoRun\command - "" = E:\pushinst.exe

O33 - MountPoints2\{a273d00a-58e2-11e2-b42e-0021861fbe9e}\Shell - "" = AutoRun

O33 - MountPoints2\{a273d00a-58e2-11e2-b42e-0021861fbe9e}\Shell\AutoRun\command - "" = E:\pushinst.exe

O33 - MountPoints2\{f780819b-6649-11e2-b0be-246511c05ea4}\Shell - "" = AutoRun

O33 - MountPoints2\{f780819b-6649-11e2-b0be-246511c05ea4}\Shell\AutoRun\command - "" = E:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.08.25 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2013.08.25 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Simply Super Software

[2013.08.25 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Simply Super Software

[2013.08.25 15:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover

[2013.08.25 15:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover

[2013.08.25 15:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software

[2013.08.25 15:22:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\TrojanHunter

[2013.08.25 14:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter

[2013.08.25 14:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter

[2013.08.25 14:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5

[2013.08.19 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.08.14 23:06:16 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.08.14 23:06:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.08.14 23:06:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013.08.14 23:06:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013.08.14 23:06:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013.08.14 23:06:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013.08.14 23:06:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013.08.14 23:06:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013.08.14 23:06:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013.08.14 23:06:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013.08.14 23:06:13 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013.08.14 23:06:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.08.14 23:06:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.08.14 23:06:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.08.14 23:06:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.08.14 08:17:18 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013.08.14 08:17:18 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2013.08.14 08:17:17 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013.08.14 08:16:47 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013.08.14 08:16:47 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013.08.14 08:16:46 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll

[2013.08.14 08:16:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013.08.14 08:16:39 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013.08.14 08:16:39 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013.08.14 08:16:38 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013.08.14 08:16:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013.08.14 08:16:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013.08.14 08:16:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013.08.14 08:16:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013.08.14 08:16:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013.08.14 08:16:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.08.25 15:43:08 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.08.25 15:23:50 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk

[2013.08.25 15:16:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\TrojanHunter Scanner.job

[2013.08.25 14:47:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.08.25 14:47:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-917700457-1158450599-239899679-1000UA.job

[2013.08.25 14:33:44 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll

[2013.08.25 14:33:44 | 000,001,092 | ---- | M] () -- C:\Users\Tom\Desktop\TrojanHunter.lnk

[2013.08.25 14:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.08.25 12:43:12 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.08.25 10:05:56 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.08.25 10:05:56 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.08.25 09:59:53 | 1589,612,544 | -HS- | M] () -- C:\hiberfil.sys

[2013.08.24 20:52:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-917700457-1158450599-239899679-1000Core.job

[2013.08.21 17:51:19 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.08.21 12:47:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.08.21 12:47:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.08.14 23:03:28 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.08.14 23:03:28 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.08.14 23:03:28 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.08.14 23:03:28 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.08.14 23:03:28 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

 
 ========== Files Created - No Company Name ==========

 

[2013.08.25 15:23:50 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk

[2013.08.25 15:15:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\TrojanHunter Scanner.job

[2013.08.25 14:33:44 | 000,001,092 | ---- | C] () -- C:\Users\Tom\Desktop\TrojanHunter.lnk

[2013.08.25 14:33:42 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2013.03.10 13:50:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Amazon

[2013.05.13 17:03:06 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Apowersoft

[2013.01.13 18:14:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Canneverbe Limited

[2013.05.19 12:20:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Canon

[2013.01.07 18:06:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ESET

[2013.02.11 23:46:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Foxit Software

[2013.05.14 17:50:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\LibreOffice

[2013.01.20 13:43:31 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien

[2013.01.19 16:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien

[2013.08.25 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Simply Super Software

[2013.08.25 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TrojanHunter

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9
 

< End of report >

--- --- ---

Es würde mich freuen, wenn mir hier geholfen werden könnte.

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hier sind die gewünschten Logfiles:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013

Ran by Tom (administrator) on 25-08-2013 16:01:05

Running from C:\Users\Tom\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

(Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe

(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

() C:\Program Files (x86)\TrojanHunter 5.5\thcl.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET)

HKCU\...\Run: [RockMelt Update] - C:\Users\Tom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [136336 2013-02-07] (Google Inc.)

HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)

HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()

HKCU\...\Run: [roinvrru] - C:\Users\Tom\AppData\Local\Temp\Rrrsszz\ggvvrrvrru.exe [124928 2013-08-24] (PortableApps.com) <===== ATTENTION

MountPoints2: {a273cf99-58e2-11e2-b42e-0021861fbe9e} - E:\pushinst.exe

MountPoints2: {a273d00a-58e2-11e2-b42e-0021861fbe9e} - E:\pushinst.exe

MountPoints2: {f780819b-6649-11e2-b0be-246511c05ea4} - E:\Startme.exe

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [THGuard] - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe [1086880 2012-10-23] (Mischel Internet Security)

HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-07-19] (Simply Super Software)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Hosts: 127.0.0.1       dyndhcp-10-252-136-128.muc # LMS GENERATED LINE

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\l8991ut4.default

FF SelectedSearchEngine: Wikipedia (de)

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @us-w1.rockmelt.com/RockMelt Update;version=8 - C:\Users\Tom\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File

CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RockMelt Update) - C:\Users\Tom\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 

==================== Services (Whitelisted) =================
 

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)

R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel)

R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)

R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel)
 

==================== Drivers (Whitelisted) ====================
 

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)

R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)

R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)

R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-02-06] (CACE Technologies, Inc.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-25 16:00 - 2013-08-25 16:00 - 00000000 ____D C:\FRST

2013-08-25 15:59 - 2013-08-25 15:59 - 00714352 _____ C:\Users\Tom\Downloads\ZipOpenerSetup.exe

2013-08-25 15:48 - 2013-08-25 15:48 - 00055754 _____ C:\Users\Tom\Downloads\Extras.Txt

2013-08-25 15:47 - 2013-08-25 15:47 - 00076084 _____ C:\Users\Tom\Downloads\OTL.Txt

2013-08-25 15:40 - 2013-08-25 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe

2013-08-25 15:23 - 2013-08-25 15:23 - 00001146 _____ C:\Users\Public\Desktop\Trojan Remover.lnk

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\Documents\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\ProgramData\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Program Files (x86)\Trojan Remover

2013-08-25 15:22 - 2013-08-25 15:23 - 23334896 _____ (Simply Super Software                                       ) C:\Users\Tom\Downloads\trjsetup_688.exe

2013-08-25 15:22 - 2013-08-25 15:22 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TrojanHunter

2013-08-25 15:15 - 2013-08-25 15:16 - 00000346 _____ C:\Windows\Tasks\TrojanHunter Scanner.job

2013-08-25 15:15 - 2013-08-25 15:15 - 00003008 _____ C:\Windows\System32\Tasks\TrojanHunter Scanner

2013-08-25 14:33 - 2013-08-25 15:26 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5

2013-08-25 14:33 - 2013-08-25 14:33 - 05843488 _____ (Mischel Internet Security                                   ) C:\Users\Tom\Downloads\TrojanHunterSetup_5.5_Build_1003.exe

2013-08-25 14:33 - 2013-08-25 14:33 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll

2013-08-25 14:33 - 2013-08-25 14:33 - 00001092 _____ C:\Users\Tom\Desktop\TrojanHunter.lnk

2013-08-25 14:33 - 2013-08-25 14:33 - 00000000 ____D C:\ProgramData\TrojanHunter

2013-08-19 16:40 - 2013-08-19 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-14 23:06 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 23:06 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 23:06 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-14 23:06 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-14 23:06 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 23:06 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-14 23:06 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-14 23:06 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-14 23:06 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-14 23:06 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-14 23:06 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-14 23:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 23:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 23:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-14 23:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-14 08:17 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 08:17 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 08:17 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 08:17 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 08:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 08:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 08:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 08:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 08:16 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 08:16 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 08:16 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 08:16 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 08:16 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 08:16 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 08:16 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 08:16 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 08:16 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 08:16 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 08:16 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 08:16 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 08:16 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 08:16 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 08:16 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 08:16 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 08:16 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 08:16 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 08:16 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 

==================== One Month Modified Files and Folders =======
 

2013-08-25 16:00 - 2013-08-25 16:00 - 01576506 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe

2013-08-25 16:00 - 2013-08-25 16:00 - 00000000 ____D C:\FRST

2013-08-25 15:59 - 2013-08-25 15:59 - 00714352 _____ C:\Users\Tom\Downloads\ZipOpenerSetup.exe

2013-08-25 15:48 - 2013-08-25 15:48 - 00055754 _____ C:\Users\Tom\Downloads\Extras.Txt

2013-08-25 15:47 - 2013-08-25 15:47 - 00076084 _____ C:\Users\Tom\Downloads\OTL.Txt

2013-08-25 15:47 - 2013-02-04 15:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-25 15:47 - 2013-01-12 11:57 - 00000920 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-917700457-1158450599-239899679-1000UA.job

2013-08-25 15:43 - 2013-02-15 19:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-25 15:41 - 2013-08-25 15:40 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe

2013-08-25 15:26 - 2013-08-25 14:33 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5

2013-08-25 15:23 - 2013-08-25 15:23 - 00001146 _____ C:\Users\Public\Desktop\Trojan Remover.lnk

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\Documents\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\ProgramData\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Program Files (x86)\Trojan Remover

2013-08-25 15:23 - 2013-08-25 15:22 - 23334896 _____ (Simply Super Software                                       ) C:\Users\Tom\Downloads\trjsetup_688.exe

2013-08-25 15:22 - 2013-08-25 15:22 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TrojanHunter

2013-08-25 15:16 - 2013-08-25 15:15 - 00000346 _____ C:\Windows\Tasks\TrojanHunter Scanner.job

2013-08-25 15:15 - 2013-08-25 15:15 - 00003008 _____ C:\Windows\System32\Tasks\TrojanHunter Scanner

2013-08-25 14:33 - 2013-08-25 14:33 - 05843488 _____ (Mischel Internet Security                                   ) C:\Users\Tom\Downloads\TrojanHunterSetup_5.5_Build_1003.exe

2013-08-25 14:33 - 2013-08-25 14:33 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll

2013-08-25 14:33 - 2013-08-25 14:33 - 00001092 _____ C:\Users\Tom\Desktop\TrojanHunter.lnk

2013-08-25 14:33 - 2013-08-25 14:33 - 00000000 ____D C:\ProgramData\TrojanHunter

2013-08-25 12:43 - 2013-02-15 19:18 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-25 10:05 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-25 10:05 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-25 10:01 - 2012-02-24 15:30 - 01517136 _____ C:\Windows\WindowsUpdate.log

2013-08-25 10:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-25 10:00 - 2009-07-14 06:51 - 00054215 _____ C:\Windows\setupact.log

2013-08-24 20:52 - 2013-01-12 11:57 - 00000868 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-917700457-1158450599-239899679-1000Core.job

2013-08-21 17:51 - 2013-02-15 19:18 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-21 12:47 - 2013-02-04 15:46 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-08-21 12:47 - 2013-02-04 15:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-08-21 12:47 - 2012-02-24 17:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-08-20 09:44 - 2013-01-07 19:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-19 16:40 - 2013-08-19 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-15 15:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2013-08-14 23:03 - 2010-11-21 08:50 - 00653928 _____ C:\Windows\system32\perfh007.dat

2013-08-14 23:03 - 2010-11-21 08:50 - 00129800 _____ C:\Windows\system32\perfc007.dat

2013-08-14 23:03 - 2009-07-14 07:13 - 01518986 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-14 23:01 - 2013-01-12 12:34 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-07-26 07:13 - 2013-08-14 23:06 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 07:13 - 2013-08-14 23:06 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 07:13 - 2013-08-14 23:06 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 07:12 - 2013-08-14 23:06 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 07:12 - 2013-08-14 23:06 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 07:12 - 2013-08-14 23:06 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 07:12 - 2013-08-14 23:06 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 07:12 - 2013-08-14 23:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-26 07:12 - 2013-08-14 23:06 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 07:12 - 2013-08-14 23:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 07:12 - 2013-08-14 23:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 07:12 - 2013-08-14 23:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 07:12 - 2013-08-14 23:05 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 07:12 - 2013-08-14 23:05 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 05:35 - 2013-08-14 23:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-26 05:13 - 2013-08-14 23:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-26 05:13 - 2013-08-14 23:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-26 05:12 - 2013-08-14 23:06 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-26 05:12 - 2013-08-14 23:06 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-26 05:12 - 2013-08-14 23:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-26 05:12 - 2013-08-14 23:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-26 05:12 - 2013-08-14 23:06 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-26 05:12 - 2013-08-14 23:06 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-26 05:12 - 2013-08-14 23:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-26 05:12 - 2013-08-14 23:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-26 05:12 - 2013-08-14 23:05 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-26 05:11 - 2013-08-14 23:06 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-26 05:11 - 2013-08-14 23:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-26 04:49 - 2013-08-14 23:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-26 04:39 - 2013-08-14 23:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-26 03:59 - 2013-08-14 23:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
 

Files to move or delete:

====================

C:\Users\Tom\AppData\Local\Temp\Rrrsszz\ggvvrrvrru.exe

C:\Users\Tom\AppData\Local\Temp\AutoRun.exe

C:\Users\Tom\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Tom\AppData\Local\Temp\EAInstall.dll

C:\Users\Tom\AppData\Local\Temp\npRockMeltOneClick8.dll.old28d60

C:\Users\Tom\AppData\Local\Temp\npRockMeltOneClick8.dll.old46e2d

C:\Users\Tom\AppData\Local\Temp\ose00000.exe

C:\Users\Tom\AppData\Local\Temp\rmupdate.dll.old27d0b

C:\Users\Tom\AppData\Local\Temp\rmupdate.dll.old46299

C:\Users\Tom\AppData\Local\Temp\rmupdate.dll603554

C:\Users\Tom\AppData\Local\Temp\RmupdateBho.dll.old28d8f

C:\Users\Tom\AppData\Local\Temp\RmupdateBho.dll.old46e3c

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ar.dll.old27e72

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ar.dll.old46306

C:\Users\Tom\AppData\Local\Temp\rmupdateres_bg.dll.old27e91

C:\Users\Tom\AppData\Local\Temp\rmupdateres_bg.dll.old46315

C:\Users\Tom\AppData\Local\Temp\rmupdateres_bn.dll.old27ec0

C:\Users\Tom\AppData\Local\Temp\rmupdateres_bn.dll.old46344

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ca.dll.old27eef

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ca.dll.old463b1

C:\Users\Tom\AppData\Local\Temp\rmupdateres_cs.dll.old27f1d

C:\Users\Tom\AppData\Local\Temp\rmupdateres_cs.dll.old463ff

C:\Users\Tom\AppData\Local\Temp\rmupdateres_da.dll.old27f7b

C:\Users\Tom\AppData\Local\Temp\rmupdateres_da.dll.old4643e

C:\Users\Tom\AppData\Local\Temp\rmupdateres_de.dll.old27fb9

C:\Users\Tom\AppData\Local\Temp\rmupdateres_de.dll.old4645d

C:\Users\Tom\AppData\Local\Temp\rmupdateres_el.dll.old27fc9

C:\Users\Tom\AppData\Local\Temp\rmupdateres_el.dll.old4647c

C:\Users\Tom\AppData\Local\Temp\rmupdateres_en-GB.dll.old28027

C:\Users\Tom\AppData\Local\Temp\rmupdateres_en-GB.dll.old464e9

C:\Users\Tom\AppData\Local\Temp\rmupdateres_en.dll.old27fe8

C:\Users\Tom\AppData\Local\Temp\rmupdateres_en.dll.old464bb

C:\Users\Tom\AppData\Local\Temp\rmupdateres_en.dll603573

C:\Users\Tom\AppData\Local\Temp\rmupdateres_es-419.dll.old28075

C:\Users\Tom\AppData\Local\Temp\rmupdateres_es-419.dll.old46518

C:\Users\Tom\AppData\Local\Temp\rmupdateres_es.dll.old28046

C:\Users\Tom\AppData\Local\Temp\rmupdateres_es.dll.old46509

C:\Users\Tom\AppData\Local\Temp\rmupdateres_et.dll.old280b3

C:\Users\Tom\AppData\Local\Temp\rmupdateres_et.dll.old46537

C:\Users\Tom\AppData\Local\Temp\rmupdateres_fa.dll.old280f1

C:\Users\Tom\AppData\Local\Temp\rmupdateres_fa.dll.old46576

C:\Users\Tom\AppData\Local\Temp\rmupdateres_fi.dll.old28120

C:\Users\Tom\AppData\Local\Temp\rmupdateres_fi.dll.old46595

C:\Users\Tom\AppData\Local\Temp\rmupdateres_fil.dll.old2814f

C:\Users\Tom\AppData\Local\Temp\rmupdateres_fil.dll.old465a5

C:\Users\Tom\AppData\Local\Temp\rmupdateres_fr.dll.old2815f

C:\Users\Tom\AppData\Local\Temp\rmupdateres_fr.dll.old46612

C:\Users\Tom\AppData\Local\Temp\rmupdateres_gu.dll.old2817e

C:\Users\Tom\AppData\Local\Temp\rmupdateres_gu.dll.old46621

C:\Users\Tom\AppData\Local\Temp\rmupdateres_hi.dll.old281bc

C:\Users\Tom\AppData\Local\Temp\rmupdateres_hi.dll.old46650

C:\Users\Tom\AppData\Local\Temp\rmupdateres_hr.dll.old281fb

C:\Users\Tom\AppData\Local\Temp\rmupdateres_hr.dll.old4667f

C:\Users\Tom\AppData\Local\Temp\rmupdateres_hu.dll.old2821a

C:\Users\Tom\AppData\Local\Temp\rmupdateres_hu.dll.old4668f

C:\Users\Tom\AppData\Local\Temp\rmupdateres_id.dll.old28239

C:\Users\Tom\AppData\Local\Temp\rmupdateres_id.dll.old466ae

C:\Users\Tom\AppData\Local\Temp\rmupdateres_is.dll.old28297

C:\Users\Tom\AppData\Local\Temp\rmupdateres_is.dll.old466cd

C:\Users\Tom\AppData\Local\Temp\rmupdateres_it.dll.old282b6

C:\Users\Tom\AppData\Local\Temp\rmupdateres_it.dll.old466ec

C:\Users\Tom\AppData\Local\Temp\rmupdateres_iw.dll.old282d5

C:\Users\Tom\AppData\Local\Temp\rmupdateres_iw.dll.old466fc

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ja.dll.old28333

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ja.dll.old4672b

C:\Users\Tom\AppData\Local\Temp\rmupdateres_kn.dll.old28381

C:\Users\Tom\AppData\Local\Temp\rmupdateres_kn.dll.old46769

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ko.dll.old283af

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ko.dll.old46788

C:\Users\Tom\AppData\Local\Temp\rmupdateres_lt.dll.old283ee

C:\Users\Tom\AppData\Local\Temp\rmupdateres_lt.dll.old467b7

C:\Users\Tom\AppData\Local\Temp\rmupdateres_lv.dll.old2842c

C:\Users\Tom\AppData\Local\Temp\rmupdateres_lv.dll.old467d6

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ml.dll.old2844b

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ml.dll.old467f5

C:\Users\Tom\AppData\Local\Temp\rmupdateres_mr.dll.old28526

C:\Users\Tom\AppData\Local\Temp\rmupdateres_mr.dll.old46815

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ms.dll.old28564

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ms.dll.old46834

C:\Users\Tom\AppData\Local\Temp\rmupdateres_nl.dll.old28593

C:\Users\Tom\AppData\Local\Temp\rmupdateres_nl.dll.old46843

C:\Users\Tom\AppData\Local\Temp\rmupdateres_no.dll.old285c2

C:\Users\Tom\AppData\Local\Temp\rmupdateres_no.dll.old46863

C:\Users\Tom\AppData\Local\Temp\rmupdateres_or.dll.old285f1

C:\Users\Tom\AppData\Local\Temp\rmupdateres_or.dll.old46882

C:\Users\Tom\AppData\Local\Temp\rmupdateres_pl.dll.old28610

C:\Users\Tom\AppData\Local\Temp\rmupdateres_pl.dll.old468a1

C:\Users\Tom\AppData\Local\Temp\rmupdateres_pt-BR.dll.old2863f

C:\Users\Tom\AppData\Local\Temp\rmupdateres_pt-BR.dll.old468b1

C:\Users\Tom\AppData\Local\Temp\rmupdateres_pt-PT.dll.old2866d

C:\Users\Tom\AppData\Local\Temp\rmupdateres_pt-PT.dll.old468d0

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ro.dll.old2869c

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ro.dll.old468ef

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ru.dll.old286bb

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ru.dll.old468ff

C:\Users\Tom\AppData\Local\Temp\rmupdateres_sk.dll.old28709

C:\Users\Tom\AppData\Local\Temp\rmupdateres_sk.dll.old4691e

C:\Users\Tom\AppData\Local\Temp\rmupdateres_sl.dll.old28729

C:\Users\Tom\AppData\Local\Temp\rmupdateres_sl.dll.old4692d

C:\Users\Tom\AppData\Local\Temp\rmupdateres_sr.dll.old28748

C:\Users\Tom\AppData\Local\Temp\rmupdateres_sr.dll.old4694d

C:\Users\Tom\AppData\Local\Temp\rmupdateres_sv.dll.old28786

C:\Users\Tom\AppData\Local\Temp\rmupdateres_sv.dll.old4697b

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ta.dll.old287a5

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ta.dll.old4699b

C:\Users\Tom\AppData\Local\Temp\rmupdateres_te.dll.old287b5

C:\Users\Tom\AppData\Local\Temp\rmupdateres_te.dll.old469e9

C:\Users\Tom\AppData\Local\Temp\rmupdateres_th.dll.old287f3

C:\Users\Tom\AppData\Local\Temp\rmupdateres_th.dll.old46a27

C:\Users\Tom\AppData\Local\Temp\rmupdateres_tr.dll.old28832

C:\Users\Tom\AppData\Local\Temp\rmupdateres_tr.dll.old46a46

C:\Users\Tom\AppData\Local\Temp\rmupdateres_uk.dll.old28870

C:\Users\Tom\AppData\Local\Temp\rmupdateres_uk.dll.old46a75

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ur.dll.old288be

C:\Users\Tom\AppData\Local\Temp\rmupdateres_ur.dll.old46a94

C:\Users\Tom\AppData\Local\Temp\rmupdateres_vi.dll.old2891c

C:\Users\Tom\AppData\Local\Temp\rmupdateres_vi.dll.old46ab3

C:\Users\Tom\AppData\Local\Temp\rmupdateres_zh-CN.dll.old2895a

C:\Users\Tom\AppData\Local\Temp\rmupdateres_zh-CN.dll.old46ac3

C:\Users\Tom\AppData\Local\Temp\rmupdateres_zh-TW.dll.old28979

C:\Users\Tom\AppData\Local\Temp\rmupdateres_zh-TW.dll.old46af2

C:\Users\Tom\AppData\Local\Temp\RockMeltCrashHandler.exe.old27e33

C:\Users\Tom\AppData\Local\Temp\RockMeltCrashHandler.exe.old462c7

C:\Users\Tom\AppData\Local\Temp\RockMeltUpdate.exe.old27cdc

C:\Users\Tom\AppData\Local\Temp\RockMeltUpdate.exe.old28d31

C:\Users\Tom\AppData\Local\Temp\RockMeltUpdate.exe.old46180

C:\Users\Tom\AppData\Local\Temp\RockMeltUpdate.exe.old46e0d

C:\Users\Tom\AppData\Local\Temp\RockMeltUpdate.exe603554

C:\Users\Tom\AppData\Local\Temp\vlc-2.0.5-win32.exe

C:\Users\Tom\AppData\Local\Temp\wzff4a\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzf622\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzf4dc\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzf1ed\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzf097\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzed0d\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzed0c\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wze0b2\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzde45\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzdb37\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzd4af\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzcf5f\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzcdba\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzb51d\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzb49f\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzb372\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzb26e\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzaf51\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wzaa28\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wza93c\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wza8a0\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wza6db\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wza663\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wza596\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wza337\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wza101\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wza0f1\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz9924\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz95ea\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz9111\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz8c98\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz89b9\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz89ad\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz7eef\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz7d52\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz7c02\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz77ae\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz75ad\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz7541\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz74f2\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz6de6\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz6da2\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz6cbb\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz5dae\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz55dd\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz4425\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz43f2\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz42bb\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz3ee7\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz3e28\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz3718\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz3389\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz31cc\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz2c80\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz2981\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz2696\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz24d2\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz1b8b\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz164f\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz0f0a\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz0eef\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz0e61\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz0ccd\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz0b55\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz0a7f\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz0764\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz03e7\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz0024\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\wz0010\VisualBoyAdvance.exe

C:\Users\Tom\AppData\Local\Temp\VCB\NewUI.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Setup.exe

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\ZHH\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\TRK\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\THA\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\SVE\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\RUS\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\PTG\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\PLK\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\NOR\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\NLD\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\KOR\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\JPN\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\ITA\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\HUN\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\HEB\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\FRC\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\FRA\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\FIN\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\ESP\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\ESM\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\ENU\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\ENG\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\ELL\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\DEU\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\DAN\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\CSY\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\CHT\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\CHS\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Languages\ARB\VCBResources.dll

C:\Users\Tom\AppData\Local\Temp\VCB\Graphics\NewUI.dll

C:\Users\Tom\AppData\Local\Temp\Temp1_TheWitchsHouse106.zip\Game.exe

C:\Users\Tom\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.136_NetStorage.exe

C:\Users\Tom\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.155_NetStorage.exe

C:\Users\Tom\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.165_NetStorage.exe

C:\Users\Tom\AppData\Local\Temp\nsq4F7D.tmp\BgWorker.dll

C:\Users\Tom\AppData\Local\Temp\nsq4F7D.tmp\FindProcDLL.dll

C:\Users\Tom\AppData\Local\Temp\nsq4F7D.tmp\KillProcDLL.dll

C:\Users\Tom\AppData\Local\Temp\nsq4F7D.tmp\nsDialogs.dll

C:\Users\Tom\AppData\Local\Temp\nsq4F7D.tmp\SkinBtn.dll

C:\Users\Tom\AppData\Local\Temp\nsq4F7D.tmp\SkinProgress.dll

C:\Users\Tom\AppData\Local\Temp\nsq4F7D.tmp\System.dll

C:\Users\Tom\AppData\Local\Temp\nsq4F7D.tmp\WebCtrl.dll

C:\Users\Tom\AppData\Local\Temp\nsq4F7D.tmp\WndProc.dll
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-22 13:25
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2013

Ran by Tom at 2013-08-25 16:01:40

Running from C:\Users\Tom\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

   

Adobe AIR (x32 Version: 3.1.0.4880)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)

Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634)

Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)

Apowersoft Free Screen Recorder V1.1.0 (x32 Version: 1.1.0)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Aufstieg des Hexenkönigs™ (x32)

AVM FRITZ!WLAN (x32)

Bonjour (Version: 3.0.0.10)

Canon Easy-PhotoPrint EX (x32 Version: 4.1.6)

CDBurnerXP (Version: 4.4.0.2905)

D3DX10 (x32 Version: 15.4.2368.0902)

Die Schlacht um Mittelerde™ II (x32)

el(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)

ESET Smart Security (Version: 5.0.95.0)

Fotogalerie (x32 Version: 16.4.3505.0912)

Fotor 1.1.0 (x32 Version: 1.1.0)

Google Chrome (x32 Version: 29.0.1547.57)

Google Update Helper (x32 Version: 1.3.21.153)

Intel(R) Management Engine Interface

Intel® Active-Management-Technologie

iTunes (Version: 11.0.3.42)

Java Auto Updater (x32 Version: 2.0.7.1)

Java(TM) 6 Update 31 (x32 Version: 6.0.310)

Kalkules 1.9.1.20 (x32)

LastChaosGER (x32 Version: 1.00.000)

LibreOffice 3.5 (x32 Version: 3.5.0.13)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Corporation (Version: 9.1.0.0)

Microsoft Corporation (x32 Version: 9.1.0.0)

Microsoft LifeCam (Version: 3.22.270.0)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Movie Maker (x32 Version: 16.4.3505.0912)

Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)

Mozilla Maintenance Service (x32 Version: 23.0.1)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

NETGEAR Genie (x32 Version: 2.2.27.1 )

Photo Gallery (x32 Version: 16.4.3505.0912)

RockMelt (HKCU Version: 0.16.91.483)

Skype™ 6.1 (x32 Version: 6.1.129)

Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305)

Sony PC Companion 2.10.165 (x32 Version: 2.10.165)

SoundMAX (x32 Version: 6.10.2.6595)

swMSM (x32 Version: 12.0.0.1)

Trojan Remover 6.8.8 (x32 Version: 6.8.8)

TrojanHunter 5.5 (x32 Version: 5.5)

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update für Microsoft Office Excel 2007 Help (KB963678) (x32)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update für Microsoft Office Word 2007 Help (KB963665) (x32)

VLC media player 2.0.0 (x32 Version: 2.0.0)

VoiceOver Kit (x32 Version: 1.42.128.0)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912)

Windows Live Essentials (x32 Version: 16.4.3505.0912)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)

Windows Live Installer (x32 Version: 16.4.3505.0912)

Windows Live Photo Common (x32 Version: 16.4.3505.0912)

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)

Windows Live SOXE (x32 Version: 16.4.3505.0912)

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)

Windows Live UX Platform (x32 Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2012-04-25 13:46 - 00000889 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       dyndhcp-10-252-136-128.muc # LMS GENERATED LINE
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {00E5EB9C-78FA-4E5A-813B-740B36F36D1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)

Task: {09A1740D-F306-4F49-A543-5B5A1C95442F} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-917700457-1158450599-239899679-1000Core => C:\Users\Tom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2013-02-07] (Google Inc.)

Task: {21D81AA2-4008-4552-9CF0-C4ED615F2051} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-917700457-1158450599-239899679-1000UA => C:\Users\Tom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2013-02-07] (Google Inc.)

Task: {22D6D1BC-D057-4448-8D3F-CE9FFC031867} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)

Task: {34292C3D-21CB-4DE3-9CCA-CC465040A9AF} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {5F2C71F1-EDD7-41C1-9D75-A441CE047251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)

Task: {C2C1948A-288A-4E95-AD58-2BCF8B7964C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E26202FB-1A05-4990-8330-81C3087FC50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)

Task: {E2C1111C-469C-4ACD-A397-EF81C923944F} - System32\Tasks\TrojanHunter Scanner => C:\Program Files (x86)\TrojanHunter 5.5\thcl.exe [2012-10-23] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-917700457-1158450599-239899679-1000Core.job => C:\Users\Tom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe

Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-917700457-1158450599-239899679-1000UA.job => C:\Users\Tom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe

Task: C:\Windows\Tasks\TrojanHunter Scanner.job => C:\Program Files (x86)\TrojanHunter 5.5\thcl.exe
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/25/2013 03:47:02 PM) (Source: Google Update) (User: Tom-PC)

Description: Network Request Error.

Error: 0x80042194. Http status code: 404.

Url=https://us-w1.rockmelt.com/update/1.0/update

Trying config: source=IE, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80042194. Http status code 404.
 

Error: (08/25/2013 02:47:04 PM) (Source: Google Update) (User: Tom-PC)

Description: Network Request Error.

Error: 0x80042194. Http status code: 404.

Url=https://us-w1.rockmelt.com/update/1.0/update

Trying config: source=IE, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80042194. Http status code 404.
 

Error: (08/25/2013 02:25:36 PM) (Source: Google Update) (User: Tom-PC)

Description: Network Request Error.

Error: 0x80042194. Http status code: 404.

Url=https://us-w1.rockmelt.com/update/1.0/update

Trying config: source=IE, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072efe. Http status code 0.

trying WinHTTP.

Send request returned 0x80042194. Http status code 404.

Trying config: source=, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80042194. Http status code 404.

Trying config: source=IE, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80042194. Http status code 404.
 

Error: (08/25/2013 00:45:50 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 18689
 

Error: (08/25/2013 00:45:50 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 18689
 

Error: (08/25/2013 00:45:50 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (08/25/2013 00:45:49 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 17675
 

Error: (08/25/2013 00:45:49 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 17675
 

Error: (08/25/2013 00:45:49 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (08/25/2013 00:45:48 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 16629
 
 

System errors:

=============

Error: (08/19/2013 11:19:11 AM) (Source: Service Control Manager) (User: )

Description: Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (08/05/2013 03:27:47 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
 

Error: (08/02/2013 09:34:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.155.1346.0)
 

Error: (07/28/2013 10:39:31 PM) (Source: DCOM) (User: )

Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 

Error: (07/19/2013 03:20:48 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
 

Error: (07/17/2013 02:57:24 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
 

Error: (07/17/2013 09:26:42 AM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom
 

Error: (07/16/2013 11:35:13 PM) (Source: cdrom) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 

Error: (07/16/2013 11:35:13 PM) (Source: atapi) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.
 

Error: (07/16/2013 11:35:13 PM) (Source: cdrom) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Percentage of memory in use: 79%

Total physical RAM: 2021.3 MB

Available physical RAM: 412.76 MB

Total Pagefile: 4042.6 MB

Available Pagefile: 2164.27 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:148.85 GB) (Free:80.57 GB) NTFS

Drive d: (SuperBowlXLVChampions) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 8A42734E)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Ich hoffe sie sind aufschlussreich.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hier ist der Log von Combofix:

Code:

ComboFix 13-08-25.01 - Tom 25.08.2013  22:06:45.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2021.1072 [GMT 2:00]

ausgeführt von:: c:\users\Tom\Downloads\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal Firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\wpcap.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-07-25 bis 2013-08-25  ))))))))))))))))))))))))))))))

.

.

2013-08-25 14:00 . 2013-08-25 14:00        --------        d-----w-        C:\FRST

2013-08-25 13:23 . 2013-08-25 13:23        --------        d-----w-        c:\users\Tom\AppData\Roaming\Simply Super Software

2013-08-25 13:23 . 2013-08-25 13:23        --------        d-----w-        c:\program files (x86)\Trojan Remover

2013-08-25 13:23 . 2013-08-25 13:23        --------        d-----w-        c:\programdata\Simply Super Software

2013-08-25 13:22 . 2013-08-25 13:22        --------        d-----w-        c:\users\Tom\AppData\Roaming\TrojanHunter

2013-08-25 12:33 . 2013-08-25 12:33        --------        d-----w-        c:\programdata\TrojanHunter

2013-08-25 12:33 . 2013-08-25 13:26        --------        d-----w-        c:\program files (x86)\TrojanHunter 5.5

2013-08-23 09:03 . 2013-08-06 08:58        9515512        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A4234BA-2154-4D8C-AFB5-7649736F2B48}\mpengine.dll

2013-08-14 21:05 . 2013-07-26 05:12        15405056        ----a-w-        c:\windows\system32\ieframe.dll

2013-08-14 21:05 . 2013-07-26 05:12        19239424        ----a-w-        c:\windows\system32\mshtml.dll

2013-08-14 06:17 . 2013-07-09 05:52        224256        ----a-w-        c:\windows\system32\wintrust.dll

2013-08-14 06:17 . 2013-07-09 05:46        184320        ----a-w-        c:\windows\system32\cryptsvc.dll

2013-08-14 06:17 . 2013-07-09 05:46        1472512        ----a-w-        c:\windows\system32\crypt32.dll

2013-08-14 06:17 . 2013-07-09 04:52        175104        ----a-w-        c:\windows\SysWow64\wintrust.dll

2013-08-14 06:17 . 2013-07-09 04:46        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll

2013-08-14 06:17 . 2013-07-09 04:46        1166848        ----a-w-        c:\windows\SysWow64\crypt32.dll

2013-08-14 06:17 . 2013-07-09 05:46        139776        ----a-w-        c:\windows\system32\cryptnet.dll

2013-08-14 06:17 . 2013-07-09 04:46        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-21 10:47 . 2013-02-04 13:46        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-21 10:47 . 2012-02-24 15:39        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-09 04:45 . 2013-08-14 06:16        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2013-06-25 00:27 . 2013-06-25 00:27        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll

2013-06-25 00:27 . 2013-06-25 00:27        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll

2013-06-25 00:27 . 2013-06-25 00:27        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll

2013-06-25 00:27 . 2013-06-25 00:27        226304        ----a-w-        c:\windows\system32\elshyph.dll

2013-06-25 00:27 . 2013-06-25 00:27        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll

2013-06-25 00:27 . 2013-06-25 00:27        158720        ----a-w-        c:\windows\SysWow64\msls31.dll

2013-06-25 00:27 . 2013-06-25 00:27        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2013-06-25 00:27 . 2013-06-25 00:27        138752        ----a-w-        c:\windows\SysWow64\wextract.exe

2013-06-25 00:27 . 2013-06-25 00:27        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2013-06-25 00:27 . 2013-06-25 00:27        12800        ----a-w-        c:\windows\SysWow64\mshta.exe

2013-06-25 00:27 . 2013-06-25 00:27        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2013-06-25 00:27 . 2013-06-25 00:27        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2013-06-25 00:27 . 2013-06-25 00:27        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2013-06-25 00:27 . 2013-06-25 00:27        81408        ----a-w-        c:\windows\system32\icardie.dll

2013-06-25 00:27 . 2013-06-25 00:27        762368        ----a-w-        c:\windows\system32\ieapfltr.dll

2013-06-25 00:27 . 2013-06-25 00:27        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2013-06-25 00:27 . 2013-06-25 00:27        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx

2013-06-25 00:27 . 2013-06-25 00:27        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2013-06-25 00:27 . 2013-06-25 00:27        452096        ----a-w-        c:\windows\system32\dxtmsft.dll

2013-06-25 00:27 . 2013-06-25 00:27        441856        ----a-w-        c:\windows\system32\html.iec

2013-06-25 00:27 . 2013-06-25 00:27        361984        ----a-w-        c:\windows\SysWow64\html.iec

2013-06-25 00:27 . 2013-06-25 00:27        281600        ----a-w-        c:\windows\system32\dxtrans.dll

2013-06-25 00:27 . 2013-06-25 00:27        27648        ----a-w-        c:\windows\system32\licmgr10.dll

2013-06-25 00:27 . 2013-06-25 00:27        270848        ----a-w-        c:\windows\system32\iedkcs32.dll

2013-06-25 00:27 . 2013-06-25 00:27        247296        ----a-w-        c:\windows\system32\webcheck.dll

2013-06-25 00:27 . 2013-06-25 00:27        235008        ----a-w-        c:\windows\system32\url.dll

2013-06-25 00:27 . 2013-06-25 00:27        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2013-06-25 00:27 . 2013-06-25 00:27        216064        ----a-w-        c:\windows\system32\msls31.dll

2013-06-25 00:27 . 2013-06-25 00:27        197120        ----a-w-        c:\windows\system32\msrating.dll

2013-06-25 00:27 . 2013-06-25 00:27        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-06-25 00:27 . 2013-06-25 00:27        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2013-06-25 00:27 . 2013-06-25 00:27        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat

2013-06-25 00:27 . 2013-06-25 00:27        102912        ----a-w-        c:\windows\system32\inseng.dll

2013-06-25 00:27 . 2013-06-25 00:27        97280        ----a-w-        c:\windows\system32\mshtmled.dll

2013-06-25 00:27 . 2013-06-25 00:27        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2013-06-25 00:27 . 2013-06-25 00:27        77312        ----a-w-        c:\windows\system32\tdc.ocx

2013-06-25 00:27 . 2013-06-25 00:27        62976        ----a-w-        c:\windows\system32\pngfilt.dll

2013-06-25 00:27 . 2013-06-25 00:27        599552        ----a-w-        c:\windows\system32\vbscript.dll

2013-06-25 00:27 . 2013-06-25 00:27        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll

2013-06-25 00:27 . 2013-06-25 00:27        51200        ----a-w-        c:\windows\system32\imgutil.dll

2013-06-25 00:27 . 2013-06-25 00:27        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2013-06-25 00:27 . 2013-06-25 00:27        173568        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-06-25 00:27 . 2013-06-25 00:27        167424        ----a-w-        c:\windows\system32\iexpress.exe

2013-06-25 00:27 . 2013-06-25 00:27        149504        ----a-w-        c:\windows\system32\occache.dll

2013-06-25 00:27 . 2013-06-25 00:27        144896        ----a-w-        c:\windows\system32\wextract.exe

2013-06-25 00:27 . 2013-06-25 00:27        13824        ----a-w-        c:\windows\system32\mshta.exe

2013-06-25 00:27 . 2013-06-25 00:27        136192        ----a-w-        c:\windows\system32\iepeers.dll

2013-06-25 00:27 . 2013-06-25 00:27        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll

2013-06-25 00:27 . 2013-06-25 00:27        12800        ----a-w-        c:\windows\system32\msfeedssync.exe

2013-06-05 03:34 . 2013-07-10 11:39        3153920        ----a-w-        c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-10 11:40        624128        ----a-w-        c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 11:40        509440        ----a-w-        c:\windows\SysWow64\qedit.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]

"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-10-16 1041736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"THGuard"="c:\program files (x86)\TrojanHunter 5.5\THGuard.exe" [2012-10-22 1086880]

"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2013-07-19 1655568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]

S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]

S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files (x86)\Intel\AMT\UNS.exe;c:\program files (x86)\Intel\AMT\UNS.exe [x]

S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]

S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - NPF

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-21 15:43        1177552        ----a-w-        c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-04 10:47]

.

2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15 17:18]

.

2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15 17:18]

.

2013-08-25 c:\windows\Tasks\TrojanHunter Scanner.job

- c:\program files (x86)\TrojanHunter 5.5\thcl.exe [2013-08-25 22:01]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\l8991ut4.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-RockMelt Update - c:\users\Tom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\avmwlanstick\WlanNetService.exe

c:\program files (x86)\Intel\AMT\LMS.exe

c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

c:\program files (x86)\NETGEAR Genie\bin\genie2_tray.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-08-25  22:20:04 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-08-25 20:20

.

Vor Suchlauf: 10 Verzeichnis(se), 86.394.695.680 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 86.853.763.072 Bytes frei

.

- - End Of File - - 5F3D5A7D6B69F90EF2007BF0858A0997

A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hier die Logs:

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.25.06
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Tom :: TOM-PC [Administrator]
 

Schutz: Aktiviert
 

26.08.2013 10:07:14

mbam-log-2013-08-26 (10-07-14).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 222779

Laufzeit: 3 Minute(n), 16 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

# AdwCleaner v3.001 - Report created 26/08/2013 at 10:15:41

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Tom - TOM-PC

# Running from : C:\Users\Tom\Downloads\adwcleaner.exe

# Option : Clean
 

***** [ Services ] *****
 
 

***** [ Files / Folders ] *****
 
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v10.0.9200.16660
 
 

-\\ Mozilla Firefox v23.0.1 (de)
 

[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\l8991ut4.default\prefs.js ]
 
 

-\\ Google Chrome v29.0.1547.57
 

[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [886 octets] - [26/08/2013 10:14:44]

AdwCleaner[S0].txt - [808 octets] - [26/08/2013 10:15:41]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [867 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.4 (08.22.2013:1)

OS: Windows 7 Home Premium x64

Ran by Tom on 26.08.2013 at 10:22:00,80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\l8991ut4.default\minidumps [28 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26.08.2013 at 10:29:22,43

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013

Ran by Tom (administrator) on 26-08-2013 10:31:20

Running from C:\Users\Tom\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

(Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe

() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET)

HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)

HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [THGuard] - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe [1086880 2012-10-23] (Mischel Internet Security)

HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-07-19] (Simply Super Software)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\l8991ut4.default

FF SelectedSearchEngine: Wikipedia (de)

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @us-w1.rockmelt.com/RockMelt Update;version=8 - C:\Users\Tom\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File

CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RockMelt Update) - C:\Users\Tom\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 

==================== Services (Whitelisted) =================
 

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)

R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)

R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel)
 

==================== Drivers (Whitelisted) ====================
 

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)

R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)

R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)

R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2013-02-06] (CACE Technologies, Inc.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-26 10:29 - 2013-08-26 10:29 - 00000753 _____ C:\Users\Tom\Desktop\JRT.txt

2013-08-26 10:21 - 2013-08-26 10:21 - 01021434 _____ (Thisisu) C:\Users\Tom\Downloads\JRT.exe

2013-08-26 10:21 - 2013-08-26 10:21 - 00000000 ____D C:\Windows\ERUNT

2013-08-26 10:13 - 2013-08-26 10:15 - 00000000 ____D C:\AdwCleaner

2013-08-26 10:13 - 2013-08-26 10:13 - 00994642 _____ C:\Users\Tom\Downloads\adwcleaner.exe

2013-08-26 10:04 - 2013-08-26 10:04 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Malwarebytes

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-26 10:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-26 10:03 - 2013-08-26 10:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tom\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-25 22:20 - 2013-08-25 22:20 - 00019980 _____ C:\ComboFix.txt

2013-08-25 22:05 - 2013-08-25 22:20 - 00000000 ____D C:\Qoobox

2013-08-25 22:05 - 2013-08-25 22:05 - 00013453 _____ C:\Users\Tom\Desktop\combofix - Verknüpfung.lnk

2013-08-25 22:05 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-25 22:05 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-25 22:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-25 22:04 - 2013-08-25 22:18 - 00000000 ____D C:\Windows\erdnt

2013-08-25 22:04 - 2013-08-25 22:04 - 05113393 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe

2013-08-25 16:01 - 2013-08-25 16:02 - 00013584 _____ C:\Users\Tom\Downloads\Addition.txt

2013-08-25 16:00 - 2013-08-25 16:00 - 00000000 ____D C:\FRST

2013-08-25 15:59 - 2013-08-25 15:59 - 00714352 _____ C:\Users\Tom\Downloads\ZipOpenerSetup.exe

2013-08-25 15:48 - 2013-08-25 15:48 - 00055754 _____ C:\Users\Tom\Downloads\Extras.Txt

2013-08-25 15:47 - 2013-08-25 15:47 - 00076084 _____ C:\Users\Tom\Downloads\OTL.Txt

2013-08-25 15:40 - 2013-08-25 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe

2013-08-25 15:23 - 2013-08-25 15:23 - 00001146 _____ C:\Users\Public\Desktop\Trojan Remover.lnk

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\Documents\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\ProgramData\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Program Files (x86)\Trojan Remover

2013-08-25 15:22 - 2013-08-25 15:23 - 23334896 _____ (Simply Super Software                                       ) C:\Users\Tom\Downloads\trjsetup_688.exe

2013-08-25 15:22 - 2013-08-25 15:22 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TrojanHunter

2013-08-25 15:15 - 2013-08-25 17:12 - 00000346 _____ C:\Windows\Tasks\TrojanHunter Scanner.job

2013-08-25 15:15 - 2013-08-25 15:15 - 00003008 _____ C:\Windows\System32\Tasks\TrojanHunter Scanner

2013-08-25 14:33 - 2013-08-25 15:26 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5

2013-08-25 14:33 - 2013-08-25 14:33 - 05843488 _____ (Mischel Internet Security                                   ) C:\Users\Tom\Downloads\TrojanHunterSetup_5.5_Build_1003.exe

2013-08-25 14:33 - 2013-08-25 14:33 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll

2013-08-25 14:33 - 2013-08-25 14:33 - 00001092 _____ C:\Users\Tom\Desktop\TrojanHunter.lnk

2013-08-25 14:33 - 2013-08-25 14:33 - 00000000 ____D C:\ProgramData\TrojanHunter

2013-08-19 16:40 - 2013-08-19 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-14 23:06 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 23:06 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 23:06 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-14 23:06 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-14 23:06 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 23:06 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-14 23:06 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-14 23:06 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-14 23:06 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-14 23:06 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-14 23:06 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-14 23:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 23:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 23:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-14 23:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-14 08:17 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 08:17 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 08:17 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 08:17 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 08:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 08:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 08:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 08:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 08:16 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 08:16 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 08:16 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 08:16 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 08:16 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 08:16 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 08:16 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 08:16 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 08:16 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 08:16 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 08:16 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 08:16 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 08:16 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 08:16 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 08:16 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 08:16 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 08:16 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 08:16 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 08:16 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 

==================== One Month Modified Files and Folders =======
 

2013-08-26 10:29 - 2013-08-26 10:29 - 00000753 _____ C:\Users\Tom\Desktop\JRT.txt

2013-08-26 10:25 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-26 10:25 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-26 10:21 - 2013-08-26 10:21 - 01021434 _____ (Thisisu) C:\Users\Tom\Downloads\JRT.exe

2013-08-26 10:21 - 2013-08-26 10:21 - 00000000 ____D C:\Windows\ERUNT

2013-08-26 10:17 - 2013-02-15 19:18 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-26 10:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-26 10:17 - 2009-07-14 06:51 - 00054439 _____ C:\Windows\setupact.log

2013-08-26 10:16 - 2012-02-24 15:30 - 01559407 _____ C:\Windows\WindowsUpdate.log

2013-08-26 10:15 - 2013-08-26 10:13 - 00000000 ____D C:\AdwCleaner

2013-08-26 10:13 - 2013-08-26 10:13 - 00994642 _____ C:\Users\Tom\Downloads\adwcleaner.exe

2013-08-26 10:04 - 2013-08-26 10:04 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Malwarebytes

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-26 10:03 - 2013-08-26 10:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tom\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-26 09:47 - 2013-02-04 15:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-26 09:43 - 2013-02-15 19:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-25 22:20 - 2013-08-25 22:20 - 00019980 _____ C:\ComboFix.txt

2013-08-25 22:20 - 2013-08-25 22:05 - 00000000 ____D C:\Qoobox

2013-08-25 22:20 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default

2013-08-25 22:18 - 2013-08-25 22:04 - 00000000 ____D C:\Windows\erdnt

2013-08-25 22:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2013-08-25 22:14 - 2010-11-21 05:47 - 00029376 _____ C:\Windows\PFRO.log

2013-08-25 22:13 - 2009-07-14 04:34 - 64487424 _____ C:\Windows\system32\config\SOFTWARE.bak

2013-08-25 22:13 - 2009-07-14 04:34 - 14417920 _____ C:\Windows\system32\config\SYSTEM.bak

2013-08-25 22:13 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak

2013-08-25 22:13 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2013-08-25 22:13 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2013-08-25 22:05 - 2013-08-25 22:05 - 00013453 _____ C:\Users\Tom\Desktop\combofix - Verknüpfung.lnk

2013-08-25 22:04 - 2013-08-25 22:04 - 05113393 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe

2013-08-25 17:12 - 2013-08-25 15:15 - 00000346 _____ C:\Windows\Tasks\TrojanHunter Scanner.job

2013-08-25 16:02 - 2013-08-25 16:01 - 00013584 _____ C:\Users\Tom\Downloads\Addition.txt

2013-08-25 16:00 - 2013-08-25 16:00 - 00000000 ____D C:\FRST

2013-08-25 15:59 - 2013-08-25 15:59 - 00714352 _____ C:\Users\Tom\Downloads\ZipOpenerSetup.exe

2013-08-25 15:48 - 2013-08-25 15:48 - 00055754 _____ C:\Users\Tom\Downloads\Extras.Txt

2013-08-25 15:47 - 2013-08-25 15:47 - 00076084 _____ C:\Users\Tom\Downloads\OTL.Txt

2013-08-25 15:41 - 2013-08-25 15:40 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe

2013-08-25 15:26 - 2013-08-25 14:33 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5

2013-08-25 15:23 - 2013-08-25 15:23 - 00001146 _____ C:\Users\Public\Desktop\Trojan Remover.lnk

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\Documents\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\ProgramData\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Program Files (x86)\Trojan Remover

2013-08-25 15:23 - 2013-08-25 15:22 - 23334896 _____ (Simply Super Software                                       ) C:\Users\Tom\Downloads\trjsetup_688.exe

2013-08-25 15:22 - 2013-08-25 15:22 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TrojanHunter

2013-08-25 15:15 - 2013-08-25 15:15 - 00003008 _____ C:\Windows\System32\Tasks\TrojanHunter Scanner

2013-08-25 14:33 - 2013-08-25 14:33 - 05843488 _____ (Mischel Internet Security                                   ) C:\Users\Tom\Downloads\TrojanHunterSetup_5.5_Build_1003.exe

2013-08-25 14:33 - 2013-08-25 14:33 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll

2013-08-25 14:33 - 2013-08-25 14:33 - 00001092 _____ C:\Users\Tom\Desktop\TrojanHunter.lnk

2013-08-25 14:33 - 2013-08-25 14:33 - 00000000 ____D C:\ProgramData\TrojanHunter

2013-08-21 17:51 - 2013-02-15 19:18 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-21 12:47 - 2013-02-04 15:46 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-08-21 12:47 - 2013-02-04 15:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-08-21 12:47 - 2012-02-24 17:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-08-20 09:44 - 2013-01-07 19:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-19 16:40 - 2013-08-19 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-15 15:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2013-08-14 23:03 - 2010-11-21 08:50 - 00653928 _____ C:\Windows\system32\perfh007.dat

2013-08-14 23:03 - 2010-11-21 08:50 - 00129800 _____ C:\Windows\system32\perfc007.dat

2013-08-14 23:03 - 2009-07-14 07:13 - 01518986 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-14 23:01 - 2013-01-12 12:34 - 00000000 ____D C:\ProgramData\Microsoft Help
 

Files to move or delete:

====================

C:\Users\Tom\AppData\Local\Temp\Quarantine.exe

C:\Users\Tom\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-22 13:25
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-08-2013

Ran by Tom at 2013-08-26 10:31:50

Running from C:\Users\Tom\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

   

Adobe AIR (x32 Version: 3.1.0.4880)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)

Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634)

Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)

Apowersoft Free Screen Recorder V1.1.0 (x32 Version: 1.1.0)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Aufstieg des Hexenkönigs™ (x32)

AVM FRITZ!WLAN (x32)

Bonjour (Version: 3.0.0.10)

Canon Easy-PhotoPrint EX (x32 Version: 4.1.6)

CDBurnerXP (Version: 4.4.0.2905)

D3DX10 (x32 Version: 15.4.2368.0902)

Die Schlacht um Mittelerde™ II (x32)

el(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)

ESET Smart Security (Version: 5.0.95.0)

Fotogalerie (x32 Version: 16.4.3505.0912)

Fotor 1.1.0 (x32 Version: 1.1.0)

Google Chrome (x32 Version: 29.0.1547.57)

Google Update Helper (x32 Version: 1.3.21.153)

Intel(R) Management Engine Interface

Intel® Active-Management-Technologie

iTunes (Version: 11.0.3.42)

Java Auto Updater (x32 Version: 2.0.7.1)

Java(TM) 6 Update 31 (x32 Version: 6.0.310)

Kalkules 1.9.1.20 (x32)

LastChaosGER (x32 Version: 1.00.000)

LibreOffice 3.5 (x32 Version: 3.5.0.13)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Corporation (Version: 9.1.0.0)

Microsoft Corporation (x32 Version: 9.1.0.0)

Microsoft LifeCam (Version: 3.22.270.0)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Movie Maker (x32 Version: 16.4.3505.0912)

Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)

Mozilla Maintenance Service (x32 Version: 23.0.1)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

NETGEAR Genie (x32 Version: 2.2.27.1 )

Photo Gallery (x32 Version: 16.4.3505.0912)

RockMelt (HKCU Version: 0.16.91.483)

Skype™ 6.1 (x32 Version: 6.1.129)

Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305)

Sony PC Companion 2.10.165 (x32 Version: 2.10.165)

SoundMAX (x32 Version: 6.10.2.6595)

swMSM (x32 Version: 12.0.0.1)

Trojan Remover 6.8.8 (x32 Version: 6.8.8)

TrojanHunter 5.5 (x32 Version: 5.5)

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update für Microsoft Office Excel 2007 Help (KB963678) (x32)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update für Microsoft Office Word 2007 Help (KB963665) (x32)

VLC media player 2.0.0 (x32 Version: 2.0.0)

VoiceOver Kit (x32 Version: 1.42.128.0)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912)

Windows Live Essentials (x32 Version: 16.4.3505.0912)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)

Windows Live Installer (x32 Version: 16.4.3505.0912)

Windows Live Photo Common (x32 Version: 16.4.3505.0912)

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)

Windows Live SOXE (x32 Version: 16.4.3505.0912)

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)

Windows Live UX Platform (x32 Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2013-08-25 22:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {00E5EB9C-78FA-4E5A-813B-740B36F36D1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)

Task: {34292C3D-21CB-4DE3-9CCA-CC465040A9AF} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {48BE6096-D792-450D-ABA2-34286FA3C46E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)

Task: {5F2C71F1-EDD7-41C1-9D75-A441CE047251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)

Task: {C2C1948A-288A-4E95-AD58-2BCF8B7964C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E26202FB-1A05-4990-8330-81C3087FC50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)

Task: {E2C1111C-469C-4ACD-A397-EF81C923944F} - System32\Tasks\TrojanHunter Scanner => C:\Program Files (x86)\TrojanHunter 5.5\thcl.exe [2012-10-23] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\TrojanHunter Scanner.job => C:\Program Files (x86)\TrojanHunter 5.5\thcl.exe
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2013-08-25 22:11:53.106

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-08-25 22:11:53.070

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 63%

Total physical RAM: 2021.3 MB

Available physical RAM: 738.81 MB

Total Pagefile: 4042.6 MB

Available Pagefile: 2429.06 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:148.85 GB) (Free:80.95 GB) NTFS

Drive d: (SuperBowlXLVChampions) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 8A42734E)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Von mir aus keine Probleme

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=74ad7f5ee7c5e84dbf76fdbce7f41e72

# engine=14908

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-08-26 05:20:41

# local_time=2013-08-26 07:20:41 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 31961 129167491 0 0

# compatibility_mode=8208 16776701 100 98 42092296 127546993 0 0

# scanned=186431

# found=0

# cleaned=0

# scan_time=6204

# nod_component=V3 Build:0x30000000

Code:

 Results of screen317's Security Check version 0.99.72  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  
 ``````````````Antivirus/Firewall Check:`````````````` 

ESET Smart Security 5.0   

 Antivirus out of date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Trojan Remover 6.8.8   

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Java(TM) 6 Update 31  

 Java version out of Date! 

 Adobe Flash Player 11.8.800.94  

 Adobe Reader XI  

 Mozilla Firefox (23.0.1) 

 Google Chrome 28.0.1500.95  

 Google Chrome 29.0.1547.57  
 ````````Process Check: objlist.exe by Laurent````````  

 ESET NOD32 Antivirus egui.exe  

 ESET NOD32 Antivirus ekrn.exe  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013

Ran by Tom (administrator) on 26-08-2013 19:26:34

Running from C:\Users\Tom\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

(Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

(Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe

() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(RockMelt, Inc.) C:\Users\Tom\AppData\Local\RockMelt\Application\rockmelt.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET)

HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)

HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [THGuard] - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe [1086880 2012-10-23] (Mischel Internet Security)

HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-07-19] (Simply Super Software)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\l8991ut4.default

FF SelectedSearchEngine: Wikipedia (de)

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @us-w1.rockmelt.com/RockMelt Update;version=8 - C:\Users\Tom\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File

CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RockMelt Update) - C:\Users\Tom\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 

==================== Services (Whitelisted) =================
 

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)

R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)

R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel)
 

==================== Drivers (Whitelisted) ====================
 

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)

R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)

R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)

R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2013-02-06] (CACE Technologies, Inc.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-26 17:35 - 2013-08-26 17:35 - 00000000 ____D C:\Program Files (x86)\ESET

2013-08-26 17:34 - 2013-08-26 17:35 - 02347384 _____ (ESET) C:\Users\Tom\Downloads\esetsmartinstaller_enu.exe

2013-08-26 10:31 - 2013-08-26 10:31 - 01577068 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe

2013-08-26 10:29 - 2013-08-26 10:29 - 00000753 _____ C:\Users\Tom\Desktop\JRT.txt

2013-08-26 10:21 - 2013-08-26 10:21 - 01021434 _____ (Thisisu) C:\Users\Tom\Downloads\JRT.exe

2013-08-26 10:21 - 2013-08-26 10:21 - 00000000 ____D C:\Windows\ERUNT

2013-08-26 10:13 - 2013-08-26 10:15 - 00000000 ____D C:\AdwCleaner

2013-08-26 10:13 - 2013-08-26 10:13 - 00994642 _____ C:\Users\Tom\Downloads\adwcleaner.exe

2013-08-26 10:04 - 2013-08-26 10:04 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Malwarebytes

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-26 10:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-26 10:03 - 2013-08-26 10:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tom\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-25 22:20 - 2013-08-25 22:20 - 00019980 _____ C:\ComboFix.txt

2013-08-25 22:05 - 2013-08-25 22:20 - 00000000 ____D C:\Qoobox

2013-08-25 22:05 - 2013-08-25 22:05 - 00013453 _____ C:\Users\Tom\Desktop\combofix - Verknüpfung.lnk

2013-08-25 22:05 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-25 22:05 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-25 22:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-25 22:05 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-25 22:04 - 2013-08-25 22:18 - 00000000 ____D C:\Windows\erdnt

2013-08-25 22:04 - 2013-08-25 22:04 - 05113393 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe

2013-08-25 16:01 - 2013-08-26 10:32 - 00009762 _____ C:\Users\Tom\Downloads\Addition.txt

2013-08-25 16:00 - 2013-08-25 16:00 - 00000000 ____D C:\FRST

2013-08-25 15:59 - 2013-08-25 15:59 - 00714352 _____ C:\Users\Tom\Downloads\ZipOpenerSetup.exe

2013-08-25 15:48 - 2013-08-25 15:48 - 00055754 _____ C:\Users\Tom\Downloads\Extras.Txt

2013-08-25 15:47 - 2013-08-25 15:47 - 00076084 _____ C:\Users\Tom\Downloads\OTL.Txt

2013-08-25 15:40 - 2013-08-25 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe

2013-08-25 15:23 - 2013-08-25 15:23 - 00001146 _____ C:\Users\Public\Desktop\Trojan Remover.lnk

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\Documents\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\ProgramData\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Program Files (x86)\Trojan Remover

2013-08-25 15:22 - 2013-08-25 15:23 - 23334896 _____ (Simply Super Software                                       ) C:\Users\Tom\Downloads\trjsetup_688.exe

2013-08-25 15:22 - 2013-08-25 15:22 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TrojanHunter

2013-08-25 15:15 - 2013-08-25 17:12 - 00000346 _____ C:\Windows\Tasks\TrojanHunter Scanner.job

2013-08-25 15:15 - 2013-08-25 15:15 - 00003008 _____ C:\Windows\System32\Tasks\TrojanHunter Scanner

2013-08-25 14:33 - 2013-08-25 15:26 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5

2013-08-25 14:33 - 2013-08-25 14:33 - 05843488 _____ (Mischel Internet Security                                   ) C:\Users\Tom\Downloads\TrojanHunterSetup_5.5_Build_1003.exe

2013-08-25 14:33 - 2013-08-25 14:33 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll

2013-08-25 14:33 - 2013-08-25 14:33 - 00001092 _____ C:\Users\Tom\Desktop\TrojanHunter.lnk

2013-08-25 14:33 - 2013-08-25 14:33 - 00000000 ____D C:\ProgramData\TrojanHunter

2013-08-19 16:40 - 2013-08-19 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-14 23:06 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 23:06 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 23:06 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-14 23:06 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 23:06 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-14 23:06 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 23:06 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-14 23:06 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-14 23:06 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-14 23:06 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-14 23:06 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-14 23:06 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-14 23:06 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-14 23:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 23:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 23:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-14 23:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-14 08:17 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 08:17 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 08:17 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 08:17 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 08:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 08:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 08:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 08:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 08:16 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 08:16 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 08:16 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 08:16 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 08:16 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 08:16 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 08:16 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 08:16 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 08:16 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 08:16 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 08:16 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 08:16 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 08:16 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 08:16 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 08:16 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 08:16 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 08:16 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 08:16 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 08:16 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 

==================== One Month Modified Files and Folders =======
 

2013-08-26 19:23 - 2013-08-26 19:22 - 00891115 _____ C:\Users\Tom\Downloads\SecurityCheck.exe

2013-08-26 18:47 - 2013-02-04 15:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-26 18:43 - 2013-02-15 19:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-26 17:35 - 2013-08-26 17:35 - 00000000 ____D C:\Program Files (x86)\ESET

2013-08-26 17:35 - 2013-08-26 17:34 - 02347384 _____ (ESET) C:\Users\Tom\Downloads\esetsmartinstaller_enu.exe

2013-08-26 17:15 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-26 17:15 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-26 17:10 - 2012-02-24 15:30 - 01577814 _____ C:\Windows\WindowsUpdate.log

2013-08-26 17:06 - 2013-02-15 19:18 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-26 17:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-26 17:06 - 2009-07-14 06:51 - 00054495 _____ C:\Windows\setupact.log

2013-08-26 10:32 - 2013-08-25 16:01 - 00009762 _____ C:\Users\Tom\Downloads\Addition.txt

2013-08-26 10:31 - 2013-08-26 10:31 - 01577068 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe

2013-08-26 10:29 - 2013-08-26 10:29 - 00000753 _____ C:\Users\Tom\Desktop\JRT.txt

2013-08-26 10:21 - 2013-08-26 10:21 - 01021434 _____ (Thisisu) C:\Users\Tom\Downloads\JRT.exe

2013-08-26 10:21 - 2013-08-26 10:21 - 00000000 ____D C:\Windows\ERUNT

2013-08-26 10:15 - 2013-08-26 10:13 - 00000000 ____D C:\AdwCleaner

2013-08-26 10:13 - 2013-08-26 10:13 - 00994642 _____ C:\Users\Tom\Downloads\adwcleaner.exe

2013-08-26 10:04 - 2013-08-26 10:04 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Malwarebytes

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-26 10:04 - 2013-08-26 10:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-26 10:03 - 2013-08-26 10:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tom\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-25 22:20 - 2013-08-25 22:20 - 00019980 _____ C:\ComboFix.txt

2013-08-25 22:20 - 2013-08-25 22:05 - 00000000 ____D C:\Qoobox

2013-08-25 22:20 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default

2013-08-25 22:18 - 2013-08-25 22:04 - 00000000 ____D C:\Windows\erdnt

2013-08-25 22:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2013-08-25 22:14 - 2010-11-21 05:47 - 00029376 _____ C:\Windows\PFRO.log

2013-08-25 22:13 - 2009-07-14 04:34 - 64487424 _____ C:\Windows\system32\config\SOFTWARE.bak

2013-08-25 22:13 - 2009-07-14 04:34 - 14417920 _____ C:\Windows\system32\config\SYSTEM.bak

2013-08-25 22:13 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak

2013-08-25 22:13 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2013-08-25 22:13 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2013-08-25 22:05 - 2013-08-25 22:05 - 00013453 _____ C:\Users\Tom\Desktop\combofix - Verknüpfung.lnk

2013-08-25 22:04 - 2013-08-25 22:04 - 05113393 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe

2013-08-25 17:12 - 2013-08-25 15:15 - 00000346 _____ C:\Windows\Tasks\TrojanHunter Scanner.job

2013-08-25 16:00 - 2013-08-25 16:00 - 00000000 ____D C:\FRST

2013-08-25 15:59 - 2013-08-25 15:59 - 00714352 _____ C:\Users\Tom\Downloads\ZipOpenerSetup.exe

2013-08-25 15:48 - 2013-08-25 15:48 - 00055754 _____ C:\Users\Tom\Downloads\Extras.Txt

2013-08-25 15:47 - 2013-08-25 15:47 - 00076084 _____ C:\Users\Tom\Downloads\OTL.Txt

2013-08-25 15:41 - 2013-08-25 15:40 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe

2013-08-25 15:26 - 2013-08-25 14:33 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5

2013-08-25 15:23 - 2013-08-25 15:23 - 00001146 _____ C:\Users\Public\Desktop\Trojan Remover.lnk

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\Documents\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\ProgramData\Simply Super Software

2013-08-25 15:23 - 2013-08-25 15:23 - 00000000 ____D C:\Program Files (x86)\Trojan Remover

2013-08-25 15:23 - 2013-08-25 15:22 - 23334896 _____ (Simply Super Software                                       ) C:\Users\Tom\Downloads\trjsetup_688.exe

2013-08-25 15:22 - 2013-08-25 15:22 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TrojanHunter

2013-08-25 15:15 - 2013-08-25 15:15 - 00003008 _____ C:\Windows\System32\Tasks\TrojanHunter Scanner

2013-08-25 14:33 - 2013-08-25 14:33 - 05843488 _____ (Mischel Internet Security                                   ) C:\Users\Tom\Downloads\TrojanHunterSetup_5.5_Build_1003.exe

2013-08-25 14:33 - 2013-08-25 14:33 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll

2013-08-25 14:33 - 2013-08-25 14:33 - 00001092 _____ C:\Users\Tom\Desktop\TrojanHunter.lnk

2013-08-25 14:33 - 2013-08-25 14:33 - 00000000 ____D C:\ProgramData\TrojanHunter

2013-08-21 17:51 - 2013-02-15 19:18 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-21 12:47 - 2013-02-04 15:46 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-08-21 12:47 - 2013-02-04 15:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-08-21 12:47 - 2012-02-24 17:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-08-20 09:44 - 2013-01-07 19:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-19 16:40 - 2013-08-19 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-15 15:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2013-08-14 23:03 - 2010-11-21 08:50 - 00653928 _____ C:\Windows\system32\perfh007.dat

2013-08-14 23:03 - 2010-11-21 08:50 - 00129800 _____ C:\Windows\system32\perfc007.dat

2013-08-14 23:03 - 2009-07-14 07:13 - 01518986 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-14 23:01 - 2013-01-12 12:34 - 00000000 ____D C:\ProgramData\Microsoft Help
 

Files to move or delete:

====================

C:\Users\Tom\AppData\Local\Temp\Quarantine.exe

C:\Users\Tom\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe

C:\Users\Tom\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe

C:\Users\Tom\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe

C:\Users\Tom\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe

C:\Users\Tom\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe

C:\Users\Tom\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe

C:\Users\Tom\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe

C:\Users\Tom\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-22 13:25
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-08-2013

Ran by Tom at 2013-08-26 19:27:11

Running from C:\Users\Tom\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

   

Adobe AIR (x32 Version: 3.1.0.4880)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)

Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634)

Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)

Apowersoft Free Screen Recorder V1.1.0 (x32 Version: 1.1.0)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Aufstieg des Hexenkönigs™ (x32)

AVM FRITZ!WLAN (x32)

Bonjour (Version: 3.0.0.10)

Canon Easy-PhotoPrint EX (x32 Version: 4.1.6)

CDBurnerXP (Version: 4.4.0.2905)

D3DX10 (x32 Version: 15.4.2368.0902)

Die Schlacht um Mittelerde™ II (x32)

el(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)

ESET Online Scanner v3 (x32)

ESET Smart Security (Version: 5.0.95.0)

Fotogalerie (x32 Version: 16.4.3505.0912)

Fotor 1.1.0 (x32 Version: 1.1.0)

Google Chrome (x32 Version: 29.0.1547.57)

Google Update Helper (x32 Version: 1.3.21.153)

Intel(R) Management Engine Interface

Intel® Active-Management-Technologie

iTunes (Version: 11.0.3.42)

Java Auto Updater (x32 Version: 2.0.7.1)

Java(TM) 6 Update 31 (x32 Version: 6.0.310)

Kalkules 1.9.1.20 (x32)

LastChaosGER (x32 Version: 1.00.000)

LibreOffice 3.5 (x32 Version: 3.5.0.13)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Corporation (Version: 9.1.0.0)

Microsoft Corporation (x32 Version: 9.1.0.0)

Microsoft LifeCam (Version: 3.22.270.0)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Movie Maker (x32 Version: 16.4.3505.0912)

Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)

Mozilla Maintenance Service (x32 Version: 23.0.1)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

NETGEAR Genie (x32 Version: 2.2.27.1 )

Photo Gallery (x32 Version: 16.4.3505.0912)

RockMelt (HKCU Version: 0.16.91.483)

Skype™ 6.1 (x32 Version: 6.1.129)

Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305)

Sony PC Companion 2.10.165 (x32 Version: 2.10.165)

SoundMAX (x32 Version: 6.10.2.6595)

swMSM (x32 Version: 12.0.0.1)

Trojan Remover 6.8.8 (x32 Version: 6.8.8)

TrojanHunter 5.5 (x32 Version: 5.5)

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update für Microsoft Office Excel 2007 Help (KB963678) (x32)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update für Microsoft Office Word 2007 Help (KB963665) (x32)

VLC media player 2.0.0 (x32 Version: 2.0.0)

VoiceOver Kit (x32 Version: 1.42.128.0)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912)

Windows Live Essentials (x32 Version: 16.4.3505.0912)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)

Windows Live Installer (x32 Version: 16.4.3505.0912)

Windows Live Photo Common (x32 Version: 16.4.3505.0912)

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)

Windows Live SOXE (x32 Version: 16.4.3505.0912)

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)

Windows Live UX Platform (x32 Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2013-08-25 22:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {00E5EB9C-78FA-4E5A-813B-740B36F36D1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)

Task: {34292C3D-21CB-4DE3-9CCA-CC465040A9AF} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {3FABC825-2915-406F-91CE-C93B1D274EEA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)

Task: {5F2C71F1-EDD7-41C1-9D75-A441CE047251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)

Task: {C2C1948A-288A-4E95-AD58-2BCF8B7964C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E26202FB-1A05-4990-8330-81C3087FC50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)

Task: {E2C1111C-469C-4ACD-A397-EF81C923944F} - System32\Tasks\TrojanHunter Scanner => C:\Program Files (x86)\TrojanHunter 5.5\thcl.exe [2012-10-23] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\TrojanHunter Scanner.job => C:\Program Files (x86)\TrojanHunter 5.5\thcl.exe
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/26/2013 07:22:25 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (08/26/2013 05:35:49 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (08/26/2013 05:08:19 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/26/2013 01:31:28 PM) (Source: System Restore) (User: )

Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
 
 

System errors:

=============

Error: (08/26/2013 10:47:49 AM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2013-08-25 22:11:53.106

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-08-25 22:11:53.070

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 64%

Total physical RAM: 2021.3 MB

Available physical RAM: 711.27 MB

Total Pagefile: 4042.6 MB

Available Pagefile: 2275.43 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:148.85 GB) (Free:80.82 GB) NTFS

Drive d: (SuperBowlXLVChampions) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 8A42734E)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-08-2013 01

Ran by Tom at 2013-08-27 10:27:01 Run:1

Running from C:\Users\Tom\Downloads

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

         

*****************
 

X6va011 => Service deleted successfully.

X6va012 => Service deleted successfully.
 

==== End of Fixlog ====