Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 : Sicherheitscenter bleibt deaktiviert , Microsoft Security Essentials kann nicht gestartet werden (https://www.trojaner-board.de/140627-windows-7-sicherheitscenter-bleibt-deaktiviert-microsoft-security-essentials-gestartet.html)

Chrissi1111 29.08.2013 00:42
Windows 7 : Sicherheitscenter bleibt deaktiviert , Microsoft Security Essentials kann nicht gestartet werden
 
Hallo :)
Ich habe Windows 7 und seit einigen Stunden das Problem, das wenn ich etwas auf Google suche ich zu anderen unbekannten Seiten weitergeleitet werden, die nichts mit dem gesuchten Thema zutun haben.
Als ich deshalb bei meinen Microsoft Security Essentials scannen lassen wollte, habe ich feststellen dürfen, das dieses auf einmal geschlossen war und seitdem bekomme ich es nicht mehr geöffnet ( beim Versuch öffnet es sich -schließt sich aber wieder sofort nach 1 Sekunde)
Bei der Systemwiederherstellung, die ich durchführen wollte steht: Der Computerschutz ist deaktiviert.
Beim Sicherheitscenter steht nun als Starttyp ebenfalls "deaktiviert"
habe dann auf automatisch übernommen und auf starten geklickt, doch da kommt die Fehlermeldung Fehler1079: Das für diesen Dienst angegebene Konto unterscheidet sich von dem für andere Dienste angegebenen Konto, die in diesem Prozess ausgeführt werden.
Ich hoffe ihr könnt mir helfen. DANKE

FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Chrissi (administrator) on 29-08-2013 01:04:19
Running from C:\Users\Chrissi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Windows\system32\dmwu.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\system32\mmc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [DriverScanner] - C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe [338848 2012-07-10] (Uniblue Systems Limited)
MountPoints2: E - E:\Startme.exe
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6R8SQbflTy&i=26
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.autocompletepro.com/?si=10214&bi=400
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6R8SQbflTy&i=26
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.autocompletepro.com/?si=10214&bi=400&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6R8SQbflTy&i=26
BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\64\AutocompletePro64.dll (SimplyGen)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default
FF user.js: detected! => C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\user.js
FF SelectedSearchEngine: MyStart Search
FF Homepage: hxxp://mystart.incredibar.com/mb203?a=6R8SQbflTy&i=26|hxxp://de.msn.com/
FF Keyword.URL: hxxp://mystart.incredibar.com/mb203?a=6R8SQbflTy&i=26&search=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Chrissi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [gamescenter@gamescenter.com] C:\Program Files (x86)\GamesCenter\GamesCenter.xpi
FF Extension: No Name - C:\Program Files (x86)\GamesCenter\GamesCenter.xpi
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox

==================== Services (Whitelisted) =================

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
S2 Yontoo Desktop Updater; "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Chrissi\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-06] (GFI Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 01:01 - 2013-08-29 01:02 - 01579080 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2013-08-29 01:01 - 2013-08-29 01:02 - 00000476 _____ C:\Users\Chrissi\Downloads\defogger_disable.log
2013-08-29 01:01 - 2013-08-29 01:01 - 00050477 _____ C:\Users\Chrissi\Downloads\Defogger.exe
2013-08-29 01:01 - 2013-08-29 01:01 - 00000000 _____ C:\Users\Chrissi\defogger_reenable
2013-08-29 00:51 - 2013-08-29 00:51 - 00000056 _____ C:\Windows\setupact.log
2013-08-29 00:51 - 2013-08-29 00:51 - 00000000 _____ C:\Windows\setuperr.log
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456}
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86}
2013-08-27 23:17 - 2013-08-29 00:51 - 00000318 _____ C:\Windows\Tasks\PELDTPPZ.job
2013-08-27 23:17 - 2013-08-27 23:17 - 00458752 __RSH C:\Windows\SysWOW64\iassam1.dll
2013-08-27 23:17 - 2013-08-27 23:17 - 00002598 _____ C:\Windows\System32\Tasks\PELDTPPZ
2013-08-22 10:02 - 2013-08-22 10:02 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-19 13:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-19 13:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-19 13:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-19 13:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-19 13:09 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-19 13:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-19 13:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-19 13:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-19 13:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-19 13:09 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-19 13:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-19 13:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 12:47 - 2013-08-19 12:50 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 19:10 - 2013-08-17 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 13:22 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 13:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 13:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 13:19 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 13:19 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 13:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 13:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 13:18 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 13:18 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 13:18 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 13:18 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 13:18 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 13:18 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 13:18 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 13:18 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 13:18 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 13:18 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 13:18 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 13:18 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 13:18 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 13:17 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

==================== One Month Modified Files and Folders =======

2013-08-29 01:04 - 2013-08-29 01:04 - 00000000 ____D C:\FRST
2013-08-29 01:02 - 2013-08-29 01:01 - 01579080 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2013-08-29 01:02 - 2013-08-29 01:01 - 00000476 _____ C:\Users\Chrissi\Downloads\defogger_disable.log
2013-08-29 01:01 - 2013-08-29 01:01 - 00050477 _____ C:\Users\Chrissi\Downloads\Defogger.exe
2013-08-29 01:01 - 2013-08-29 01:01 - 00000000 _____ C:\Users\Chrissi\defogger_reenable
2013-08-29 01:01 - 2012-03-03 17:57 - 00000000 ____D C:\Users\Chrissi
2013-08-29 00:59 - 2012-11-10 13:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 00:59 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 00:59 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 00:55 - 2012-03-03 17:47 - 01456910 _____ C:\Windows\WindowsUpdate.log
2013-08-29 00:52 - 2013-05-11 12:47 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-08-29 00:52 - 2013-01-13 21:27 - 00000344 _____ C:\Windows\Tasks\DriverScanner.job
2013-08-29 00:52 - 2012-09-11 01:40 - 00000000 ____D C:\Users\Chrissi\AppData\Local\Htc
2013-08-29 00:51 - 2013-08-29 00:51 - 00000056 _____ C:\Windows\setupact.log
2013-08-29 00:51 - 2013-08-29 00:51 - 00000000 _____ C:\Windows\setuperr.log
2013-08-29 00:51 - 2013-08-27 23:17 - 00000318 _____ C:\Windows\Tasks\PELDTPPZ.job
2013-08-29 00:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456}
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86}
2013-08-29 00:01 - 2012-03-03 17:59 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F99FFB5-B081-4B1E-A27A-96C6AA5B16C0}
2013-08-27 23:17 - 2013-08-27 23:17 - 00458752 __RSH C:\Windows\SysWOW64\iassam1.dll
2013-08-27 23:17 - 2013-08-27 23:17 - 00002598 _____ C:\Windows\System32\Tasks\PELDTPPZ
2013-08-27 12:34 - 2012-03-05 04:01 - 00003072 ____H C:\Users\Chrissi\Desktop\photothumb.db
2013-08-24 11:38 - 2013-06-10 21:46 - 00000000 ____D C:\Users\Chrissi\Desktop\noch anschauen ob okay
2013-08-23 18:36 - 2013-06-11 13:42 - 00000000 ____D C:\Users\Chrissi\Desktop\brennen
2013-08-23 00:41 - 2013-06-18 13:26 - 00000000 ____D C:\Users\Chrissi\Desktop\konvertieren
2013-08-23 00:01 - 2012-03-04 01:51 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Orbit
2013-08-22 23:15 - 2012-03-03 17:44 - 00000000 ____D C:\Windows\Panther
2013-08-22 10:11 - 2012-11-10 13:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-22 10:11 - 2012-11-10 13:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-22 10:11 - 2012-03-03 18:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-22 10:02 - 2013-08-22 10:02 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-20 10:19 - 2012-10-15 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 12:57 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-19 12:57 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-19 12:57 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 12:50 - 2013-08-19 12:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 12:47 - 2013-01-08 16:12 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-17 19:11 - 2013-08-17 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 00:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-05 23:42 - 2012-03-05 04:14 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\vlc
2013-07-31 22:11 - 2012-03-03 17:57 - 00000000 ____D C:\Users\Chrissi\AppData\Local\VirtualStore

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-02-05 02:14

==================== End Of Log ============================
--- --- ---

Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by Chrissi at 2013-08-29 01:05:45
Running from C:\Users\Chrissi\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4)
ArcSoft Perfect365 (x32 Version: 1.1.0.9)
Ashampoo Burning Studio 2012 CBE v.11.0.4 (x32 Version: 11.0.4)
Audacity 1.2.6 (x32)
AutocompletePro (x32)
Avidemux 2.5 (32-bit) (x32 Version: 2.5.6.7716)
Big Fish Games: Game Manager (x32 Version: 3.0.1.60)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
eaner (Version: 3.22)
Free WAV to MP3 Converter (x32 Version: 1.0)
Free YouTube Download version 3.0.22.221 (x32 Version: 3.0.22.221)
Free YouTube to MP3 Converter version 3.11.32.918 (x32 Version: 3.11.32.918)
Freez FLV to MP3 Converter (x32 Version: 1.5)
GamesCenter (x32)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Hilfe (x32 Version: 140.0.66.66)
HP Photo Creations (x32 Version: 1.0.0.3781)
HP Update (x32 Version: 5.002.006.003)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 3.0.0.021)
HTC Sync (x32 Version: 3.2.20)
IB Updater Service (x32 Version: 3.0.4.6)
ICQ7M (x32 Version: 7.8)
iLivid (x32 Version: 4.0.0.2466)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
JMicron Flash Media Controller Driver (x32 Version: 1.00.29.02)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Orbit Downloader (x32)
PhotoScape (x32)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32)
RealUpgrade 1.1 (x32 Version: 1.1.0)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (x32 Version: 3.51.01)
Roadkil's Unstoppable Copier Version 5.2 (x32)
Software Version Updater (x32 Version: 1.1.3.7)
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (Version: 22.50.231.0)
SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (x32 Version: +Recorder.2013.55)
TagScanner 5.1.611 (x32)
TeamViewer 7 (x32 Version: 7.0.13989)
TuneUp Utilities 2011 (x32 Version: 10.0.4500.45)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4500.45)
Uniblue DriverScanner (x32 Version: 4.0.9.10)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.2 (x32 Version: 2.0.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {038AC7C9-1A67-460B-98B0-0B4539C9CF37} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {371B5793-8DFB-44C4-B1F9-4A870C6EA766} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {410FA241-D51F-4996-99BF-DCF65AAC240E} - System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27] (Microsoft Corporation)
Task: {4247B9CC-BD21-4E3C-93CF-F88B9A13BD21} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)
Task: {4E3413C2-CAD2-4F40-98F6-A3DD59B5E450} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-08] (TuneUp Software)
Task: {50F62AA9-7C7F-481F-A1B7-EBFC56D71C63} - System32\Tasks\PELDTPPZ => C:\Windows\SysWOW64\iassam1.dll [2013-08-27] ()
Task: {519EDAD5-302D-4778-B9A1-3934563F1B36} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {56E91EDA-26B9-4B3C-AF5F-205966974A98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {7C2E319D-E52A-4B91-9595-F47A0080100C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-751161945-1929235623-774014638-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {823801B7-4813-40B2-8AB8-AD24CF57A8E8} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {88B99F78-4AF0-473F-BB29-4C79F8864E1C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)
Task: {99EDFC8B-2949-4040-97D7-436CAFCCC5DF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-751161945-1929235623-774014638-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)
Task: {B0F6399D-8FF2-4037-B078-BC9B6DEA2FFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-22] (Adobe Systems Incorporated)
Task: {B58F95E8-63F1-4722-83EA-DDAAAC1D2534} - System32\Tasks\WPD\SqmUpload_S-1-5-21-751161945-1929235623-774014638-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {BA18D777-04F0-4291-8FC8-3C2809718561} - System32\Tasks\AmiUpdXp => C:\Users\Chrissi\AppData\Local\SwvUpdater\Updater.exe [2013-07-21] (Amonetize ltd.)
Task: {C5E5CC8F-8FD6-477C-BC4F-E439ED1D18AE} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe No File
Task: {CFEFD9A0-0897-41A9-9346-942F2A0CC7AB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {D9E3A3E4-29F5-4C70-AC5A-16EAAF5F2372} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)
Task: {E2D07D81-5503-4932-86CE-F44DFDFDE64B} - System32\Tasks\DriverScanner => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-07-10] (Uniblue Systems Limited)
Task: {F961B6DC-1E68-4A64-9F56-46E554F1D588} - System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27] (Microsoft Corporation)
Task: {FC2797D1-B5B4-4D47-BB6E-BA13A6ECE3DE} - System32\Tasks\User_Feed_Synchronization-{7F99FFB5-B081-4B1E-A27A-96C6AA5B16C0} => C:\Windows\system32\msfeedssync.exe [2013-04-09] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Chrissi\AppData\Local\SwvUpdater\Updater.exe
Task: C:\Windows\Tasks\DriverScanner.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\PELDTPPZ.job => C:\Windows\SysWOW64\iassam1.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:122B409D
AlternateDataStreams: C:\ProgramData\TEMP:18897B1D
AlternateDataStreams: C:\ProgramData\TEMP:3A4C8FE7
AlternateDataStreams: C:\ProgramData\TEMP:A039EDF9
AlternateDataStreams: C:\ProgramData\TEMP:A561576B
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2013 09:24:19 AM) (Source: ESENT) (User: )
Description: taskhost (1464) WebCacheLocal: Fehler -1811 beim Öffnen von Protokolldatei C:\Users\Chrissi\AppData\Local\Microsoft\Windows\WebCache\V010012A.log.

Error: (08/22/2013 11:25:49 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc252
Name des fehlerhaften Moduls: xul.dll, Version: 23.0.1.4974, Zeitstempel: 0x520bc166
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017af08
ID des fehlerhaften Prozesses: 0x59c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (08/21/2013 11:03:19 PM) (Source: Application Hang) (User: )
Description: Programm SUPER.exe, Version 2.0.13.55 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 24c

Startzeit: 01ce9eb1b75fd2fd

Endzeit: 250

Anwendungspfad: C:\Program Files (x86)\eRightSoft\SUPER\SUPER.exe

Berichts-ID: 13c781c7-0aa5-11e3-b8d8-00238b3b5a12

Error: (08/18/2013 09:25:14 AM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm dmwu.exe wurde wegen dieses Fehlers geschlossen.

Programm: dmwu.exe
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (08/18/2013 09:25:13 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: dmwu.exe, Version: 3.0.4.6, Zeitstempel: 0x51613458
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c
Ausnahmecode: 0xc0000096
Fehleroffset: 0x0000000000182948
ID des fehlerhaften Prozesses: 0x93c
Startzeit der fehlerhaften Anwendung: 0xdmwu.exe0
Pfad der fehlerhaften Anwendung: dmwu.exe1
Pfad des fehlerhaften Moduls: dmwu.exe2
Berichtskennung: dmwu.exe3

Error: (08/16/2013 02:14:29 PM) (Source: Application Hang) (User: )
Description: Programm SUPER.exe, Version 2.0.13.55 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16c

Startzeit: 01ce9a73e3778c6a

Endzeit: 1013

Anwendungspfad: C:\Program Files (x86)\eRightSoft\SUPER\SUPER.exe

Berichts-ID: 3d157a4b-066d-11e3-b7d4-00238b3b5a12

Error: (08/16/2013 02:12:08 PM) (Source: Application Hang) (User: )
Description: Programm SUPER.exe, Version 2.0.13.55 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1374

Startzeit: 01ce9a7494fd0359

Endzeit: 12576

Anwendungspfad: C:\Program Files (x86)\eRightSoft\SUPER\SUPER.exe

Berichts-ID: b19b3e40-066c-11e3-b7d4-00238b3b5a12

Error: (08/15/2013 08:19:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: dmwu.exe, Version: 3.0.4.6, Zeitstempel: 0x51613458
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x74c
Startzeit der fehlerhaften Anwendung: 0xdmwu.exe0
Pfad der fehlerhaften Anwendung: dmwu.exe1
Pfad des fehlerhaften Moduls: dmwu.exe2
Berichtskennung: dmwu.exe3

Error: (08/12/2013 00:31:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x14c4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (08/12/2013 00:29:23 PM) (Source: Application Hang) (User: )
Description: Programm SUPER.exe, Version 2.0.13.55 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17a4

Startzeit: 01ce96bcb93787d1

Endzeit: 4776

Anwendungspfad: C:\Program Files (x86)\eRightSoft\SUPER\SUPER.exe

Berichts-ID:


System errors:
=============
Error: (08/29/2013 00:52:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (08/29/2013 00:52:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Yontoo Desktop Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/29/2013 00:42:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1079

Error: (08/29/2013 00:32:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1079

Error: (08/29/2013 00:30:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1079

Error: (08/29/2013 00:28:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1079

Error: (08/29/2013 00:25:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1079

Error: (08/28/2013 11:57:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (08/28/2013 11:57:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Yontoo Desktop Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/28/2013 09:43:12 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.


Microsoft Office Sessions:
=========================
Error: (08/23/2013 09:24:19 AM) (Source: ESENT)(User: )
Description: taskhost1464WebCacheLocal: C:\Users\Chrissi\AppData\Local\Microsoft\Windows\WebCache\V010012A.log-1811

Error: (08/22/2013 11:25:49 AM) (Source: Application Error)(User: )
Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af0859c01ce9f173a25d1b7C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dlld4a1e0e8-0b0c-11e3-b813-00238b3b5a12

Error: (08/21/2013 11:03:19 PM) (Source: Application Hang)(User: )
Description: SUPER.exe2.0.13.5524c01ce9eb1b75fd2fd250C:\Program Files (x86)\eRightSoft\SUPER\SUPER.exe13c781c7-0aa5-11e3-b8d8-00238b3b5a12

Error: (08/18/2013 09:25:14 AM) (Source: Application Error)(User: )
Description: dmwu.exe000000000

Error: (08/18/2013 09:25:13 AM) (Source: Application Error)(User: )
Description: dmwu.exe3.0.4.651613458ole32.dll6.1.7601.175144ce7c92cc0000096000000000018294893c01ce99e40cd57c46C:\Windows\system32\dmwu.exeC:\Windows\system32\ole32.dll5201b8c3-07d7-11e3-b7d4-00238b3b5a12

Error: (08/16/2013 02:14:29 PM) (Source: Application Hang)(User: )
Description: SUPER.exe2.0.13.5516c01ce9a73e3778c6a1013C:\Program Files (x86)\eRightSoft\SUPER\SUPER.exe3d157a4b-066d-11e3-b7d4-00238b3b5a12

Error: (08/16/2013 02:12:08 PM) (Source: Application Hang)(User: )
Description: SUPER.exe2.0.13.55137401ce9a7494fd035912576C:\Program Files (x86)\eRightSoft\SUPER\SUPER.exeb19b3e40-066c-11e3-b7d4-00238b3b5a12

Error: (08/15/2013 08:19:22 PM) (Source: Application Error)(User: )
Description: dmwu.exe3.0.4.651613458unknown0.0.0.000000000c0000005000000000000000074c01ce98ccccd5cb63C:\Windows\system32\dmwu.exeunknown34dd9bf3-05d7-11e3-b7d4-00238b3b5a12

Error: (08/12/2013 00:31:07 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc00000050017366814c401ce9746d248e2d8C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll4bf04e20-033a-11e3-b472-00238b3b5a12

Error: (08/12/2013 00:29:23 PM) (Source: Application Hang)(User: )
Description: SUPER.exe2.0.13.5517a401ce96bcb93787d14776C:\Program Files (x86)\eRightSoft\SUPER\SUPER.exe


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 1976.88 MB
Available physical RAM: 980.52 MB
Total Pagefile: 3953.77 MB
Available Pagefile: 2583.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:73.14 GB) (Free:13.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (TOSHIBA) (Removable) (Total:7.26 GB) (Free:0.04 GB) FAT32
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D4A35C9B)
Partition 1: (Active) - (Size=73 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================
.

schrauber 29.08.2013 03:53
hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Chrissi1111 29.08.2013 10:56
So habe es eben heruntergeladen, meine Frage jetzt : Wie kann ich denn das Microsoft Security Essentials deaktivieren, da sich ja das Programm nicht mehr öffnen lässt.

schrauber 29.08.2013 11:10
Dann ist er auch aus :)

Chrissi1111 29.08.2013 11:41
Das ist ja das witzige, das habe ich auch gedacht, aber ComboFix gibt die Meldung das ich dies noch deaktivieren soll, damit es nicht zu schäden usw. kommt

schrauber 29.08.2013 12:51
Klick einfach ok.

Chrissi1111 29.08.2013 16:31
So hier das Ergebnis

Code:
ComboFix 13-08-29.01 - Chrissi 29.08.2013  17:03:21.1.1 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1977.1155 [GMT 2:00]
ausgeführt von:: c:\users\Chrissi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\config.bin
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\64\AutocompletePro64.dll
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\ChromeSetSearchInBrowser.exe
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\users\Chrissi\AppData\Local\.#
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-28 bis 2013-08-29  ))))))))))))))))))))))))))))))
.
.
2013-08-29 15:15 . 2013-08-29 15:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-08-28 23:04 . 2013-08-28 23:04        --------        d-----w-        C:\FRST
2013-08-28 19:44 . 2013-08-06 08:58        9515512        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEADF34B-3D11-4203-BD07-20FFAAE7848B}\mpengine.dll
2013-08-27 21:17 . 2013-08-27 21:17        458752        --sha-r-        c:\windows\SysWow64\iassam1.dll
2013-08-27 18:23 . 2013-08-06 08:58        9515512        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 11:43 . 2013-08-23 11:35        941720        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD31BB61-FB5D-4B8B-88B4-BE4A7ACE94D9}\gapaengine.dll
2013-08-22 08:02 . 2013-08-22 08:02        17737608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-19 10:47 . 2013-08-19 10:50        --------        d-----w-        c:\windows\system32\MRT
2013-08-14 11:22 . 2013-06-15 04:32        39936        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 11:21 . 2013-07-09 05:51        1217024        ----a-w-        c:\windows\system32\rpcrt4.dll
2013-08-14 11:21 . 2013-07-09 04:52        663552        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2013-08-14 11:19 . 2013-07-09 05:52        224256        ----a-w-        c:\windows\system32\wintrust.dll
2013-08-14 11:19 . 2013-07-09 05:46        1472512        ----a-w-        c:\windows\system32\crypt32.dll
2013-08-14 11:19 . 2013-07-09 04:46        1166848        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-08-14 11:19 . 2013-07-09 05:46        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-08-14 11:19 . 2013-07-09 05:46        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-08-14 11:19 . 2013-07-09 04:52        175104        ----a-w-        c:\windows\SysWow64\wintrust.dll
2013-08-14 11:19 . 2013-07-09 04:46        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-08-14 11:19 . 2013-07-09 04:46        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-08-14 11:17 . 2013-07-06 06:03        1910208        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 08:11 . 2012-11-10 11:30        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-22 08:11 . 2012-03-03 16:06        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-19 10:47 . 2013-01-08 14:12        78161360        ----a-w-        c:\windows\system32\MRT.exe
2013-07-18 14:49 . 2013-03-12 09:07        941720        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-14 11:18        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-06-17 09:30 . 2013-06-17 09:30        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-17 09:30 . 2012-03-03 22:48        866720        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-06-17 09:30 . 2012-03-03 22:33        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-06-05 03:34 . 2013-07-10 14:14        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 14:19        624128        ----a-w-        c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 14:19        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2006-05-03 10:06        163328        --sha-r-        c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47        31232        --sha-r-        c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30        216064        --sha-r-        c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00        107520        --sha-r-        c:\windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 18:54        188416        --sha-r-        c:\windows\SysWOW64\winDCE32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 08:11]
.
2013-08-29 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Chrissi\AppData\Local\SwvUpdater\Updater.exe [2013-05-11 15:01]
.
2013-08-29 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-13 11:51]
.
2013-08-29 c:\windows\Tasks\PELDTPPZ.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb201?a=6R8SQbflTy&i=26
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb203?a=6R8SQbflTy&i=26&search=
FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-29  17:27:15
ComboFix-quarantined-files.txt  2013-08-29 15:27
.
Vor Suchlauf: 12 Verzeichnis(se), 13.940.318.208 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 13.785.952.256 Bytes frei
.
- - End Of File - - 7B9685422DFC96BE33DAE0F9035994BF
A36C5E4F47E84449FF07ED3517B43A31
Liebe Grüße

schrauber 29.08.2013 17:58
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Chrissi1111 29.08.2013 23:38
Das kam dabei raus:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Chrissi :: CHRISSI-PC [Administrator]

Schutz: Aktiviert

29.08.2013 19:48:54
mbam-log-2013-08-29 (19-48-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220955
Laufzeit: 4 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 5
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Chrissi\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Chrissi\AppData\Roaming\OpenCandy\A6631361ADD542439503FD921EFFED63 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 8
C:\Users\Chrissi\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Chrissi\AppData\Roaming\OpenCandy\A6631361ADD542439503FD921EFFED63\driverscannerROE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
# AdwCleaner v3.001 - Report created 30/08/2013 at 00:09:59
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chrissi - CHRISSI-PC
# Running from : C:\Users\Chrissi\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Yontoo Desktop Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\Uniblue\DriverScanner
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ARFC
Folder Deleted : C:\Users\Chrissi\AppData\Local\Ilivid
Folder Deleted : C:\Users\Chrissi\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Chrissi\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Chrissi\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Chrissi\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Chrissi\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Chrissi\AppData\Roaming\Uniblue\DriverScanner
Folder Deleted : C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\adawaretb
Folder Deleted : C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\jetpack
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\user.js
File Deleted : C:\Windows\Tasks\driverscanner.job
File Deleted : C:\Windows\System32\Tasks\driverscanner

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_perfect365_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_perfect365_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_colour-master-touch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_colour-master-touch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freez-flv-to-mp3-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freez-flv-to-mp3-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_koyote-free-video-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_koyote-free-video-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tagscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tagscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
Key Deleted : [x64] HKLM\SOFTWARE\WNLT

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\prefs.js ]

Line Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1359500295952");
Line Deleted : user_pref("extensions.incredibar.admin", false);
Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Line Deleted : user_pref("extensions.incredibar.cntry", "DE");
Line Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Line Deleted : user_pref("extensions.incredibar.dfltlng", "en");
Line Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Line Deleted : user_pref("extensions.incredibar.did", "10643");
Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar.hdrMd5", "4B9270BD374F4BF2CE0F5D4705BF4CF2");
Line Deleted : user_pref("extensions.incredibar.hmpg", false);
Line Deleted : user_pref("extensions.incredibar.hrdid", "8aa8e93600000000000006234e404b15");
Line Deleted : user_pref("extensions.incredibar.id", "8aa8e93600000000000006234e404b15");
Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar.instlDay", "15734");
Line Deleted : user_pref("extensions.incredibar.instlRef", "");
Line Deleted : user_pref("extensions.incredibar.instlday", "15734");
Line Deleted : user_pref("extensions.incredibar.instlref", "");
Line Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Line Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Line Deleted : user_pref("extensions.incredibar.keywordurl", "");
Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1423:58:05");
Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Deleted : user_pref("extensions.incredibar.newTab", false);
Line Deleted : user_pref("extensions.incredibar.newtab", "false");
Line Deleted : user_pref("extensions.incredibar.newtaburl", "");
Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.incredibar.ppd", "6666660837");
Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar.productid", "26");
Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.sg", "none");
Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Line Deleted : user_pref("extensions.incredibar.srch", "");
Line Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8SQbflTy&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Line Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8SQbflTy&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar.upn2", "6R8SQbflTy");
Line Deleted : user_pref("extensions.incredibar.upn2n", "92825832808258048");
Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1423:58:05");
Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1423:58:05");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10643");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "8aa8e93600000000000006234e404b15");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15734");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "6666660837");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8SQbflTy&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6R8SQbflTy");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92825832808258048");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:58:05");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

*************************

AdwCleaner[R0].txt - [14819 octets] - [30/08/2013 00:08:51]
AdwCleaner[S0].txt - [14189 octets] - [30/08/2013 00:09:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14250 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 7 Home Premium x64
Ran by Chrissi on 30.08.2013 at  0:19:09,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driverscanner
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-751161945-1929235623-774014638-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\uniblue



~~~ Files

Successfully deleted: [File] "C:\Users\Chrissi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Chrissi\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Chrissi\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{01D31D39-9438-4179-8C4E-9DB8B9B2247A}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{04426254-2200-47EC-A18F-48A63F115C1A}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{07CA3EEC-435C-43D7-954D-CA456268B7C7}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{0E0B093B-161A-4E93-9E79-7C4D5C32F27B}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{0F96EF2D-10FE-4316-B45A-0E5E9D8437FE}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{10754297-C7C5-4897-AEB9-9901CA1C7282}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{154970DF-9CE0-487C-8BC7-1E462540058C}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{1726BC4D-0554-432E-94BC-CC0E9C255C60}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{18569A99-664A-4CFA-BA4E-31F5570EA924}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{1AA414FC-0D07-4842-9A9C-0CDA6A8472A0}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{1F48F895-CD32-4BC6-9CE7-472A2776B317}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{20AE1232-AE98-4F0A-9659-F4CC9EF1B877}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{224F1DC7-4736-494F-9BA1-2A51EB31140C}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{23815DEC-3ED9-474E-BBBB-28FD60709DB0}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{24332F78-A56D-4B44-A37F-B97ACA72ACCF}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{2796B60F-6489-464C-9AB6-913E806B04DF}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{29301FDF-FB51-4DEE-B54D-860264D2B5BD}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{2EEB023F-A84C-434D-B06F-1CB5CBB16536}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{31D1AC56-250C-416F-A31C-348280B576D3}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{353AF88E-F4D1-41A7-A291-1B0A19A8A826}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{36AE4F7B-5153-4564-B63F-1027EEFC972C}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{36B7DB16-87A6-4BA2-84CF-BFAA26DB3D0A}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{387FF840-068F-4F93-9EBB-62B4F34AC969}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{3A911DFE-3C7F-4D7B-81FB-18FC6F5B4FA5}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{3B3D531C-8FFC-4A99-BDBF-791182DD8EE3}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{3DEC162B-F685-421B-ABB9-A0F57BC79EB8}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{44278ABC-BA28-48A8-963B-60D3EB404B49}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{487C68AC-8861-41D2-BC93-8047153983C4}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{4B879399-C8B9-4C99-9E0E-B8404E36DBA4}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{4C445EA3-65A2-45E3-84AE-40490C00D297}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{4EA9C416-C5A6-4194-8866-1550CF2E1C6B}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{500D7DCE-A715-471C-B730-CCC5BBC0FDFE}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{50543CF6-4459-4310-920E-CD773F5A609D}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{51139659-8667-488A-9310-6924424EF7FD}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{51650ED0-880C-4BD4-8580-BBD83905A628}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{5295CA00-0C19-471A-B5B1-F931C923B28F}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{57C67E52-F0CA-4E91-8B14-CFA10BCB4CDE}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{5880C6F4-AD08-49A0-88A3-89269AC5C529}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{599FE8B9-ECE2-4AAF-B6CA-9187E03E58B6}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{5C0A2BFE-962C-4166-8C4F-C9C67DBA4486}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{5C7637D0-BF3A-4BD5-A89F-605294C29457}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{5F2580FB-97AC-48D9-97F8-3CCE613D5B9F}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{5FB8E1F5-E718-4B26-8EB1-9E634AE10985}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{6153CC58-2599-48BB-B418-69CF6B71F0E2}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{61AC2F6A-5FE2-412E-8E4B-521B3BD26DC2}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{636211AB-FE72-4FAC-80E0-6C8EB0BFEE6A}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{677A6539-5CB1-44A2-93AB-FF3976DE76D5}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{686BDCD2-3BB9-442E-98B6-A1523EF5D7BE}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{6BA5D747-A8D5-450F-91EE-B6C24E724551}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{6C44EBB6-7E53-4FE7-B87E-5D71283B207C}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{6C6E7456-2B83-451D-ABAE-C60901AD1650}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{6C94C0FE-B683-4FF3-A1C9-F9E075B36499}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{6D2D5ACA-489C-4C86-96B8-6E195EFD3C94}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{6D4116BC-4EEC-43BE-8493-D065184B3C44}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{6EAD4D7A-1991-4F4A-B717-B6A5C25A2E3E}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{744142B2-B5DB-4126-BC0A-4EB5E9EDE7B3}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{74E1E708-D4A3-4C53-9597-C855420A96D9}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{78AD6D1E-C66E-428C-A180-EAF75C86AC56}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{79AF7B88-FF0E-47B1-8B3C-57CF860DC1FE}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{80F8934B-DEE3-471D-8DC5-6BEC99CA67B8}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{8460AF9A-6BA2-43C7-8E93-56D304DD965F}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{854290CA-E63E-41C9-85F9-31CB82C2B49A}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{980CFC4A-192E-4525-A3E2-737BD209BBE1}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{9A4DE791-AD50-4259-9B46-F0867E81DC80}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{9AE45D94-54AB-461A-9638-296910118A94}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{A1FFDE1E-0BA6-4F15-9117-8018DE18E53B}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{A6DC2CF7-791D-4C24-A5D6-5F5CD848F947}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{A7506E46-739D-40E7-AC43-A9622BE62CD7}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{A847ECC6-B592-4AEA-88BA-7C5FCDDC877D}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{A8BA3655-784E-4661-8D4F-D4C9EBE19939}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{A93A82FF-9686-4CD4-8C25-DF905620F847}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{A93E53E4-F30E-4929-A66D-BE86943006FD}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{A9A7FD77-3F4D-4429-B98F-C880D562A828}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{AB08CB6E-9191-438F-A51D-870193645F6B}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{ADF50777-079B-4369-BF0F-470C9F3FC187}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{AF51DAB6-54D7-4945-BA41-E9167424DD72}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{AF89D185-281A-4A26-9BE9-2621AF1AF5F4}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{B3F4B363-4F34-4529-B6BC-946722E066A8}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{B4259ACE-D80C-4D4F-8F86-53957D81BF25}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{B92FA015-F4C3-4469-BB65-1AB5DC30210C}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{BF1C9B6A-3AE4-407A-858B-2FF331F8B8BF}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{C58813A2-27A4-4697-A2B0-D3BAF2C871FA}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{C6BE9C9F-4246-4F20-9AE4-E34A7C192A8F}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{CC7D559F-177B-4CBA-83D8-E578262B5954}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{D0A1B98E-198E-4A9D-9BAB-C51BD580DA09}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{D2619C55-0DAF-474E-81CA-2707A908D10E}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{D345B396-7AE4-4494-8358-A8DE1B702712}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{D657E461-6A93-4757-8277-B56E42065CBF}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{D7F8EE5C-6495-4F6F-8A3A-58446F68CB5D}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{D8D427F8-798B-4418-9482-BFEC381A7018}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{DAB7E7FE-3555-423B-A9B7-427446E04866}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{DED42EFB-6412-49EB-B919-04F5DA9F45AF}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{E127B45A-1B89-49D0-8C26-1BD85C63CE7A}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{E1996002-A9D5-489C-81C2-320FAB6F74D6}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{E1C62D2E-4F91-4029-A228-D0362CF931B2}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{E2DDB73E-B0AA-4412-8E64-85E75B5FD274}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{E3F25A46-D4E0-4C50-84A5-60FAAD60D96C}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{E42C7348-F63C-4D8C-8743-33A31FB5AB33}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{E6D3ABAF-D7D9-463D-8E11-F02334050695}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{E7F220F2-058E-4F13-B375-AADEA1451B08}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{EA5F471C-67B1-43F1-AF21-678B99BF705A}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{EF0BC6F2-AF93-4ABC-B617-BB355BA2DE00}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{F2FDE86E-2C2D-455B-BBD2-3711BE7742BA}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{F4A3F5E0-85F3-473B-A6D6-FC280C4E635B}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{FA0E0B22-4FCC-418D-B08E-D809C4590E87}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{FAE17749-57D9-4140-A02F-0957699B4AA1}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{FC78A2FE-1EDD-41A9-81D9-4526BFC6256F}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Chrissi\AppData\Roaming\mozilla\firefox\profiles\n3pp6cdz.default\extensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Successfully deleted the following from C:\Users\Chrissi\AppData\Roaming\mozilla\firefox\profiles\n3pp6cdz.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=751E51B9856869C31BCE5C521F8E63DA");
user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\Chrissi\AppData\Roaming\mozilla\firefox\profiles\n3pp6cdz.default\minidumps [96 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.08.2013 at  0:28:14,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Chrissi (administrator) on 30-08-2013 00:32:17
Running from C:\Users\Chrissi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Chrissi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [gamescenter@gamescenter.com] C:\Program Files (x86)\GamesCenter\GamesCenter.xpi
FF Extension: No Name - C:\Program Files (x86)\GamesCenter\GamesCenter.xpi

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-30 00:19 - 2013-08-30 00:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 00:08 - 2013-08-30 00:10 - 00000000 ____D C:\AdwCleaner
2013-08-29 20:11 - 2013-08-30 00:13 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-29 20:04 - 2013-08-29 20:04 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-08-29 19:56 - 2013-08-29 19:56 - 00004128 _____ C:\Windows\PFRO.log
2013-08-29 19:43 - 2013-08-29 19:43 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 19:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 19:41 - 2013-08-29 19:42 - 00994642 _____ C:\Users\Chrissi\Downloads\adwcleaner.exe
2013-08-29 19:41 - 2013-08-29 19:41 - 01023533 _____ (Thisisu) C:\Users\Chrissi\Desktop\JRT.exe
2013-08-29 19:39 - 2013-08-29 19:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chrissi\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 17:27 - 2013-08-29 17:27 - 00012732 _____ C:\ComboFix.txt
2013-08-29 17:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-29 17:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-29 17:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-29 11:33 - 2013-08-29 17:28 - 00000000 ____D C:\Qoobox
2013-08-29 11:32 - 2013-08-29 17:24 - 00000000 ____D C:\Windows\erdnt
2013-08-29 11:27 - 2013-08-29 11:29 - 05115711 ____R (Swearware) C:\Users\Chrissi\Desktop\ComboFix.exe
2013-08-29 09:59 - 2013-08-29 09:59 - 00003304 ____N C:\bootsqm.dat
2013-08-29 02:00 - 2013-08-29 02:00 - 354462448 _____ C:\Windows\MEMORY.DMP
2013-08-29 02:00 - 2013-08-29 02:00 - 00521008 _____ C:\Windows\Minidump\082913-14757-01.dmp
2013-08-29 01:19 - 2013-08-30 00:30 - 00000000 ____D C:\Users\Chrissi\Desktop\pc
2013-08-29 01:10 - 2013-08-29 01:10 - 00377856 _____ C:\Users\Chrissi\Downloads\gmer_2.1.19163.exe
2013-08-29 01:04 - 2013-08-29 01:04 - 00000000 ____D C:\FRST
2013-08-29 01:01 - 2013-08-29 01:02 - 01579080 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2013-08-29 01:01 - 2013-08-29 01:02 - 00000476 _____ C:\Users\Chrissi\Downloads\defogger_disable.log
2013-08-29 01:01 - 2013-08-29 01:01 - 00050477 _____ C:\Users\Chrissi\Downloads\Defogger.exe
2013-08-29 01:01 - 2013-08-29 01:01 - 00000000 _____ C:\Users\Chrissi\defogger_reenable
2013-08-29 00:51 - 2013-08-30 00:11 - 00000448 _____ C:\Windows\setupact.log
2013-08-29 00:51 - 2013-08-29 00:51 - 00000000 _____ C:\Windows\setuperr.log
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456}
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86}
2013-08-27 23:17 - 2013-08-30 00:21 - 00000318 _____ C:\Windows\Tasks\PELDTPPZ.job
2013-08-27 23:17 - 2013-08-27 23:17 - 00458752 __RSH C:\Windows\SysWOW64\iassam1.dll
2013-08-27 23:17 - 2013-08-27 23:17 - 00002598 _____ C:\Windows\System32\Tasks\PELDTPPZ
2013-08-22 10:02 - 2013-08-22 10:02 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-19 13:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-19 13:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-19 13:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-19 13:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-19 13:09 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-19 13:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-19 13:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-19 13:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-19 13:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-19 13:09 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-19 13:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-19 13:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 12:47 - 2013-08-19 12:50 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 19:10 - 2013-08-17 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 13:22 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 13:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 13:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 13:19 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 13:19 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 13:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 13:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 13:18 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 13:18 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 13:18 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 13:18 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 13:18 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 13:18 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 13:18 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 13:18 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 13:18 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 13:18 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 13:18 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 13:18 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 13:18 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 13:17 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

==================== One Month Modified Files and Folders =======

2013-08-30 00:30 - 2013-08-29 01:19 - 00000000 ____D C:\Users\Chrissi\Desktop\pc
2013-08-30 00:29 - 2012-03-03 17:47 - 01753720 _____ C:\Windows\WindowsUpdate.log
2013-08-30 00:28 - 2013-08-30 00:28 - 00015098 _____ C:\Users\Chrissi\Desktop\JRT.txt
2013-08-30 00:21 - 2013-08-27 23:17 - 00000318 _____ C:\Windows\Tasks\PELDTPPZ.job
2013-08-30 00:19 - 2013-08-30 00:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 00:19 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 00:19 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 00:13 - 2013-08-29 20:11 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-08-30 00:13 - 2012-09-11 01:40 - 00000000 ____D C:\Users\Chrissi\AppData\Local\Htc
2013-08-30 00:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 00:11 - 2013-08-29 00:51 - 00000448 _____ C:\Windows\setupact.log
2013-08-30 00:10 - 2013-08-30 00:08 - 00000000 ____D C:\AdwCleaner
2013-08-29 23:59 - 2012-11-10 13:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 20:33 - 2013-01-06 02:55 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\LavasoftStatistics
2013-08-29 20:33 - 2013-01-06 02:45 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-29 20:04 - 2013-08-29 20:04 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-08-29 20:04 - 2013-01-06 02:45 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-08-29 19:56 - 2013-08-29 19:56 - 00004128 _____ C:\Windows\PFRO.log
2013-08-29 19:43 - 2013-08-29 19:43 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 19:42 - 2013-08-29 19:41 - 00994642 _____ C:\Users\Chrissi\Downloads\adwcleaner.exe
2013-08-29 19:41 - 2013-08-29 19:41 - 01023533 _____ (Thisisu) C:\Users\Chrissi\Desktop\JRT.exe
2013-08-29 19:41 - 2013-08-29 19:39 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chrissi\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 17:28 - 2013-08-29 11:33 - 00000000 ____D C:\Qoobox
2013-08-29 17:27 - 2013-08-29 17:27 - 00012732 _____ C:\ComboFix.txt
2013-08-29 17:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-29 17:24 - 2013-08-29 11:32 - 00000000 ____D C:\Windows\erdnt
2013-08-29 17:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-29 11:29 - 2013-08-29 11:27 - 05115711 ____R (Swearware) C:\Users\Chrissi\Desktop\ComboFix.exe
2013-08-29 09:59 - 2013-08-29 09:59 - 00003304 ____N C:\bootsqm.dat
2013-08-29 02:00 - 2013-08-29 02:00 - 354462448 _____ C:\Windows\MEMORY.DMP
2013-08-29 02:00 - 2013-08-29 02:00 - 00521008 _____ C:\Windows\Minidump\082913-14757-01.dmp
2013-08-29 02:00 - 2013-03-08 16:42 - 00000000 ____D C:\Windows\Minidump
2013-08-29 01:10 - 2013-08-29 01:10 - 00377856 _____ C:\Users\Chrissi\Downloads\gmer_2.1.19163.exe
2013-08-29 01:04 - 2013-08-29 01:04 - 00000000 ____D C:\FRST
2013-08-29 01:02 - 2013-08-29 01:01 - 01579080 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2013-08-29 01:02 - 2013-08-29 01:01 - 00000476 _____ C:\Users\Chrissi\Downloads\defogger_disable.log
2013-08-29 01:01 - 2013-08-29 01:01 - 00050477 _____ C:\Users\Chrissi\Downloads\Defogger.exe
2013-08-29 01:01 - 2013-08-29 01:01 - 00000000 _____ C:\Users\Chrissi\defogger_reenable
2013-08-29 01:01 - 2012-03-03 17:57 - 00000000 ____D C:\Users\Chrissi
2013-08-29 00:51 - 2013-08-29 00:51 - 00000000 _____ C:\Windows\setuperr.log
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456}
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86}
2013-08-29 00:01 - 2012-03-03 17:59 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F99FFB5-B081-4B1E-A27A-96C6AA5B16C0}
2013-08-27 23:17 - 2013-08-27 23:17 - 00458752 __RSH C:\Windows\SysWOW64\iassam1.dll
2013-08-27 23:17 - 2013-08-27 23:17 - 00002598 _____ C:\Windows\System32\Tasks\PELDTPPZ
2013-08-27 12:34 - 2012-03-05 04:01 - 00003072 ____H C:\Users\Chrissi\Desktop\photothumb.db
2013-08-24 11:38 - 2013-06-10 21:46 - 00000000 ____D C:\Users\Chrissi\Desktop\noch anschauen ob okay
2013-08-23 18:36 - 2013-06-11 13:42 - 00000000 ____D C:\Users\Chrissi\Desktop\brennen
2013-08-23 00:41 - 2013-06-18 13:26 - 00000000 ____D C:\Users\Chrissi\Desktop\konvertieren
2013-08-23 00:01 - 2012-03-04 01:51 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Orbit
2013-08-22 23:15 - 2012-03-03 17:44 - 00000000 ____D C:\Windows\Panther
2013-08-22 10:11 - 2012-11-10 13:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-22 10:11 - 2012-11-10 13:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-22 10:11 - 2012-03-03 18:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-22 10:02 - 2013-08-22 10:02 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-20 10:19 - 2012-10-15 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 12:57 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-19 12:57 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-19 12:57 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 12:50 - 2013-08-19 12:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 12:47 - 2013-01-08 16:12 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-17 19:11 - 2013-08-17 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 00:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-05 23:42 - 2012-03-05 04:14 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\vlc
2013-07-31 22:11 - 2012-03-03 17:57 - 00000000 ____D C:\Users\Chrissi\AppData\Local\VirtualStore

Files to move or delete:
====================
C:\Users\Chrissi\AppData\Local\Temp\5dce5bbf-e477-4d7b-8db1-979ce6c19d95.exe
C:\Users\Chrissi\AppData\Local\Temp\af8964fa-f763-47e2-a9aa-00fd05224349.exe
C:\Users\Chrissi\AppData\Local\Temp\db8f4fbf-2009-46bf-ad53-b4de7f0059cf.exe
C:\Users\Chrissi\AppData\Local\Temp\Quarantine.exe
C:\Users\Chrissi\AppData\Local\Temp\{EF629AEC-F597-4278-A993-7F220D4D165C}\ISBEW64.exe
C:\Users\Chrissi\AppData\Local\Temp\{CB1785BF-805E-4F2C-A593-B42E712CA6E4}\ISBEW64.exe
C:\Users\Chrissi\AppData\Local\Temp\{73D3C2D9-2F95-45E4-A4C6-674AE2AC865A}\ISBEW64.exe
C:\Users\Chrissi\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Chrissi\AppData\Local\Temp\b249740f-5c71-4e7d-ba13-76e2bde44a27\Statistics.dll
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\CartSdk.dll
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\CartSdk64.exe
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\sbrc.exe
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\i386\sbbd.exe
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\amd64\sbbd.exe
C:\Users\Chrissi\AppData\Local\Temp\0464013f-93c7-42c0-9968-22f340a6da56\Statistics.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-02-05 02:14

==================== End Of Log ============================
--- --- ---

schrauber 30.08.2013 15:26

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Chrissi1111 30.08.2013 21:31
So habe nun alles erledigt, bis auf SecurityCheck, dies passt nicht zu meinem Betriebssystem. Deswegen habe ich alles erstmal so versucht und siehe da, Google läuft ohne Fehler & auch Microsoft Security Essentials lässt sich wieder problemlos öffnen und auch das Sicherheitscenter ist nicht mehr deaktiviert.
Habe trotzdem die fertigen Logs von FRST & ESET nocheinmal mit dran gehangen, aber ich möchte mich schon jetzt für die SCHNELLE & PERFEKTE Hilfe bedanken =)


Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9eda40c63ce1a1419db77433f0fd0741
# engine=14953
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-30 05:14:27
# local_time=2013-08-30 07:14:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 4086098 129512717 0 0
# scanned=146227
# found=0
# cleaned=0
# scan_time=6858

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Chrissi (administrator) on 30-08-2013 19:39:24
Running from C:\Users\Chrissi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Chrissi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [gamescenter@gamescenter.com] C:\Program Files (x86)\GamesCenter\GamesCenter.xpi
FF Extension: No Name - C:\Program Files (x86)\GamesCenter\GamesCenter.xpi

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-30 00:19 - 2013-08-30 00:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 00:08 - 2013-08-30 00:10 - 00000000 ____D C:\AdwCleaner
2013-08-29 20:11 - 2013-08-30 13:20 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-29 20:04 - 2013-08-29 20:04 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-08-29 19:56 - 2013-08-29 19:56 - 00004128 _____ C:\Windows\PFRO.log
2013-08-29 19:43 - 2013-08-29 19:43 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 19:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 19:41 - 2013-08-29 19:42 - 00994642 _____ C:\Users\Chrissi\Downloads\adwcleaner.exe
2013-08-29 19:41 - 2013-08-29 19:41 - 01023533 _____ (Thisisu) C:\Users\Chrissi\Desktop\JRT.exe
2013-08-29 17:27 - 2013-08-29 17:27 - 00012732 _____ C:\ComboFix.txt
2013-08-29 17:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-29 17:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-29 17:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-29 17:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-29 11:33 - 2013-08-29 17:28 - 00000000 ____D C:\Qoobox
2013-08-29 11:32 - 2013-08-29 17:24 - 00000000 ____D C:\Windows\erdnt
2013-08-29 11:27 - 2013-08-29 11:29 - 05115711 ____R (Swearware) C:\Users\Chrissi\Desktop\ComboFix.exe
2013-08-29 09:59 - 2013-08-29 09:59 - 00003304 ____N C:\bootsqm.dat
2013-08-29 02:00 - 2013-08-29 02:00 - 354462448 _____ C:\Windows\MEMORY.DMP
2013-08-29 02:00 - 2013-08-29 02:00 - 00521008 _____ C:\Windows\Minidump\082913-14757-01.dmp
2013-08-29 01:19 - 2013-08-30 00:34 - 00000000 ____D C:\Users\Chrissi\Desktop\pc
2013-08-29 01:10 - 2013-08-29 01:10 - 00377856 _____ C:\Users\Chrissi\Downloads\gmer_2.1.19163.exe
2013-08-29 01:04 - 2013-08-29 01:04 - 00000000 ____D C:\FRST
2013-08-29 01:01 - 2013-08-29 01:02 - 01579080 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2013-08-29 01:01 - 2013-08-29 01:02 - 00000476 _____ C:\Users\Chrissi\Downloads\defogger_disable.log
2013-08-29 01:01 - 2013-08-29 01:01 - 00050477 _____ C:\Users\Chrissi\Downloads\Defogger.exe
2013-08-29 01:01 - 2013-08-29 01:01 - 00000000 _____ C:\Users\Chrissi\defogger_reenable
2013-08-29 00:51 - 2013-08-30 00:11 - 00000448 _____ C:\Windows\setupact.log
2013-08-29 00:51 - 2013-08-29 00:51 - 00000000 _____ C:\Windows\setuperr.log
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456}
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86}
2013-08-27 23:17 - 2013-08-30 00:21 - 00000318 _____ C:\Windows\Tasks\PELDTPPZ.job
2013-08-27 23:17 - 2013-08-27 23:17 - 00458752 __RSH C:\Windows\SysWOW64\iassam1.dll
2013-08-27 23:17 - 2013-08-27 23:17 - 00002598 _____ C:\Windows\System32\Tasks\PELDTPPZ
2013-08-22 10:02 - 2013-08-22 10:02 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-19 13:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-19 13:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-19 13:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-19 13:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-19 13:09 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-19 13:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-19 13:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-19 13:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-19 13:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-19 13:09 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-19 13:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-19 13:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 12:47 - 2013-08-19 12:50 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 19:10 - 2013-08-17 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 13:22 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 13:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 13:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 13:19 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 13:19 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 13:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 13:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 13:18 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 13:18 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 13:18 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 13:18 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 13:18 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 13:18 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 13:18 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 13:18 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 13:18 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 13:18 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 13:18 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 13:18 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 13:18 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 13:17 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

==================== One Month Modified Files and Folders =======

2013-08-30 19:32 - 2013-08-30 19:32 - 00891115 _____ C:\Users\Chrissi\Desktop\SecurityCheck.exe
2013-08-30 18:59 - 2012-11-10 13:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 18:37 - 2012-03-03 17:47 - 01930162 _____ C:\Windows\WindowsUpdate.log
2013-08-30 13:20 - 2013-08-29 20:11 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-08-30 10:18 - 2013-06-10 21:46 - 00000000 ____D C:\Users\Chrissi\Desktop\noch anschauen ob okay
2013-08-30 00:34 - 2013-08-29 01:19 - 00000000 ____D C:\Users\Chrissi\Desktop\pc
2013-08-30 00:21 - 2013-08-27 23:17 - 00000318 _____ C:\Windows\Tasks\PELDTPPZ.job
2013-08-30 00:19 - 2013-08-30 00:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 00:19 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 00:19 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 00:13 - 2012-09-11 01:40 - 00000000 ____D C:\Users\Chrissi\AppData\Local\Htc
2013-08-30 00:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 00:11 - 2013-08-29 00:51 - 00000448 _____ C:\Windows\setupact.log
2013-08-30 00:10 - 2013-08-30 00:08 - 00000000 ____D C:\AdwCleaner
2013-08-30 00:10 - 2013-02-04 14:33 - 00000000 ____D C:\ProgramData\Uniblue
2013-08-30 00:10 - 2013-01-13 21:26 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Uniblue
2013-08-30 00:10 - 2013-01-13 21:26 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-30 00:10 - 2012-03-04 01:28 - 00000000 ____D C:\ProgramData\ICQ
2013-08-29 20:33 - 2013-01-06 02:55 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\LavasoftStatistics
2013-08-29 20:33 - 2013-01-06 02:45 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-29 20:04 - 2013-08-29 20:04 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-08-29 20:04 - 2013-01-06 02:45 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-08-29 19:56 - 2013-08-29 19:56 - 00004128 _____ C:\Windows\PFRO.log
2013-08-29 19:43 - 2013-08-29 19:43 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 19:42 - 2013-08-29 19:41 - 00994642 _____ C:\Users\Chrissi\Downloads\adwcleaner.exe
2013-08-29 19:41 - 2013-08-29 19:41 - 01023533 _____ (Thisisu) C:\Users\Chrissi\Desktop\JRT.exe
2013-08-29 17:28 - 2013-08-29 11:33 - 00000000 ____D C:\Qoobox
2013-08-29 17:27 - 2013-08-29 17:27 - 00012732 _____ C:\ComboFix.txt
2013-08-29 17:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-29 17:24 - 2013-08-29 11:32 - 00000000 ____D C:\Windows\erdnt
2013-08-29 17:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-29 11:29 - 2013-08-29 11:27 - 05115711 ____R (Swearware) C:\Users\Chrissi\Desktop\ComboFix.exe
2013-08-29 09:59 - 2013-08-29 09:59 - 00003304 ____N C:\bootsqm.dat
2013-08-29 02:00 - 2013-08-29 02:00 - 354462448 _____ C:\Windows\MEMORY.DMP
2013-08-29 02:00 - 2013-08-29 02:00 - 00521008 _____ C:\Windows\Minidump\082913-14757-01.dmp
2013-08-29 02:00 - 2013-03-08 16:42 - 00000000 ____D C:\Windows\Minidump
2013-08-29 01:10 - 2013-08-29 01:10 - 00377856 _____ C:\Users\Chrissi\Downloads\gmer_2.1.19163.exe
2013-08-29 01:04 - 2013-08-29 01:04 - 00000000 ____D C:\FRST
2013-08-29 01:02 - 2013-08-29 01:01 - 01579080 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2013-08-29 01:02 - 2013-08-29 01:01 - 00000476 _____ C:\Users\Chrissi\Downloads\defogger_disable.log
2013-08-29 01:01 - 2013-08-29 01:01 - 00050477 _____ C:\Users\Chrissi\Downloads\Defogger.exe
2013-08-29 01:01 - 2013-08-29 01:01 - 00000000 _____ C:\Users\Chrissi\defogger_reenable
2013-08-29 01:01 - 2012-03-03 17:57 - 00000000 ____D C:\Users\Chrissi
2013-08-29 00:51 - 2013-08-29 00:51 - 00000000 _____ C:\Windows\setuperr.log
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456}
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86}
2013-08-29 00:01 - 2012-03-03 17:59 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F99FFB5-B081-4B1E-A27A-96C6AA5B16C0}
2013-08-27 23:17 - 2013-08-27 23:17 - 00458752 __RSH C:\Windows\SysWOW64\iassam1.dll
2013-08-27 23:17 - 2013-08-27 23:17 - 00002598 _____ C:\Windows\System32\Tasks\PELDTPPZ
2013-08-27 12:34 - 2012-03-05 04:01 - 00003072 ____H C:\Users\Chrissi\Desktop\photothumb.db
2013-08-23 18:36 - 2013-06-11 13:42 - 00000000 ____D C:\Users\Chrissi\Desktop\brennen
2013-08-23 00:41 - 2013-06-18 13:26 - 00000000 ____D C:\Users\Chrissi\Desktop\konvertieren
2013-08-23 00:01 - 2012-03-04 01:51 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Orbit
2013-08-22 23:15 - 2012-03-03 17:44 - 00000000 ____D C:\Windows\Panther
2013-08-22 10:11 - 2012-11-10 13:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-22 10:11 - 2012-11-10 13:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-22 10:11 - 2012-03-03 18:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-22 10:02 - 2013-08-22 10:02 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-20 10:19 - 2012-10-15 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 12:57 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-19 12:57 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-19 12:57 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 12:50 - 2013-08-19 12:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 12:47 - 2013-01-08 16:12 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-17 19:11 - 2013-08-17 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 00:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-05 23:42 - 2012-03-05 04:14 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\vlc
2013-07-31 22:11 - 2012-03-03 17:57 - 00000000 ____D C:\Users\Chrissi\AppData\Local\VirtualStore

Files to move or delete:
====================
C:\Users\Chrissi\AppData\Local\Temp\5dce5bbf-e477-4d7b-8db1-979ce6c19d95.exe
C:\Users\Chrissi\AppData\Local\Temp\af8964fa-f763-47e2-a9aa-00fd05224349.exe
C:\Users\Chrissi\AppData\Local\Temp\db8f4fbf-2009-46bf-ad53-b4de7f0059cf.exe
C:\Users\Chrissi\AppData\Local\Temp\Quarantine.exe
C:\Users\Chrissi\AppData\Local\Temp\{EF629AEC-F597-4278-A993-7F220D4D165C}\ISBEW64.exe
C:\Users\Chrissi\AppData\Local\Temp\{CB1785BF-805E-4F2C-A593-B42E712CA6E4}\ISBEW64.exe
C:\Users\Chrissi\AppData\Local\Temp\{73D3C2D9-2F95-45E4-A4C6-674AE2AC865A}\ISBEW64.exe
C:\Users\Chrissi\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Chrissi\AppData\Local\Temp\b249740f-5c71-4e7d-ba13-76e2bde44a27\Statistics.dll
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\CartSdk.dll
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\CartSdk64.exe
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\sbrc.exe
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\i386\sbbd.exe
C:\Users\Chrissi\AppData\Local\Temp\53a5f003-8fb7-4071-8ddc-7cd879f6f809\amd64\sbbd.exe
C:\Users\Chrissi\AppData\Local\Temp\0464013f-93c7-42c0-9968-22f340a6da56\Statistics.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-02-05 02:14

==================== End Of Log ============================
--- --- ---

schrauber 31.08.2013 13:04
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Chrissi1111 31.08.2013 21:08
Vielen vielen Dank, habe alles erledigt & keine Fragen mehr :)

schrauber 01.09.2013 10:27
Gern Geschehen :)

Chrissi1111 03.09.2013 10:33
Wie angekündigt liegen die selben Probleme nun wieder vor, bis auf Google das läuft ohne Probleme.
Es fing erst wieder an nachdem ich den PC heruntergefahren habe, als ich ihn wieder an machte ging Microsoft Security Essentials nicht an & auch das Sicherheitscenter bleibt wieder deaktiviert.
Ich habe hier frische Logs:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2013 01
Ran by Chrissi at 2013-09-03 11:08:01
Running from C:\Users\Chrissi\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.5) - Deutsch (x32 Version: 10.1.5)
ArcSoft Perfect365 (x32 Version: 1.1.0.9)
Ashampoo Burning Studio 2012 CBE v.11.0.4 (x32 Version: 11.0.4)
Audacity 1.2.6 (x32)
Avidemux 2.5 (32-bit) (x32 Version: 2.5.6.7716)
Big Fish Games: Game Manager (x32 Version: 3.0.1.60)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
eaner (Version: 3.22)
Free WAV to MP3 Converter (x32 Version: 1.0)
Free YouTube Download version 3.0.22.221 (x32 Version: 3.0.22.221)
Free YouTube to MP3 Converter version 3.11.32.918 (x32 Version: 3.11.32.918)
Freez FLV to MP3 Converter (x32 Version: 1.5)
GamesCenter (x32)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Hilfe (x32 Version: 140.0.66.66)
HP Photo Creations (x32 Version: 1.0.0.3781)
HP Update (x32 Version: 5.002.006.003)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 3.0.0.021)
HTC Sync (x32 Version: 3.2.20)
ICQ7M (x32 Version: 7.8)
Java 7 Update 25 (x32 Version: 7.0.250)
JMicron Flash Media Controller Driver (x32 Version: 1.00.29.02)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Orbit Downloader (x32)
PhotoScape (x32)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32)
RealUpgrade 1.1 (x32 Version: 1.1.0)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (x32 Version: 3.51.01)
Roadkil's Unstoppable Copier Version 5.2 (x32)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (Version: 22.50.231.0)
SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (x32 Version: +Recorder.2013.55)
TagScanner 5.1.611 (x32)
TeamViewer 7 (x32 Version: 7.0.13989)
TuneUp Utilities 2011 (x32 Version: 10.0.4500.45)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4500.45)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)

==================== Restore Points  =========================

31-08-2013 19:26:39 Ende der Bereinigung
01-09-2013 09:27:06 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-29 17:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {0F570D9D-B087-41C2-B57F-FB8B374949D4} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {371B5793-8DFB-44C4-B1F9-4A870C6EA766} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {410FA241-D51F-4996-99BF-DCF65AAC240E} - System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20] (Microsoft Corporation)
Task: {4E3413C2-CAD2-4F40-98F6-A3DD59B5E450} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-08] (TuneUp Software)
Task: {50F62AA9-7C7F-481F-A1B7-EBFC56D71C63} - System32\Tasks\PELDTPPZ => C:\Windows\SysWOW64\iassam1.dll [2013-08-27] ()
Task: {56E91EDA-26B9-4B3C-AF5F-205966974A98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {73C2448F-473D-4FB3-953E-7AD81041F042} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {7C2E319D-E52A-4B91-9595-F47A0080100C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-751161945-1929235623-774014638-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {823801B7-4813-40B2-8AB8-AD24CF57A8E8} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {88B99F78-4AF0-473F-BB29-4C79F8864E1C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {99EDFC8B-2949-4040-97D7-436CAFCCC5DF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-751161945-1929235623-774014638-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {B0F6399D-8FF2-4037-B078-BC9B6DEA2FFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-22] (Adobe Systems Incorporated)
Task: {CFEFD9A0-0897-41A9-9346-942F2A0CC7AB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D40D6E4F-6F8C-4962-AD42-16AC16B90D64} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc
Task: {D9E3A3E4-29F5-4C70-AC5A-16EAAF5F2372} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe No File
Task: {E2D07D81-5503-4932-86CE-F44DFDFDE64B} - \DriverScanner No Task File
Task: {F109E124-6F2D-45E8-9C4E-2D9CF6AEAD5C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {F961B6DC-1E68-4A64-9F56-46E554F1D588} - System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20] (Microsoft Corporation)
Task: {FC2797D1-B5B4-4D47-BB6E-BA13A6ECE3DE} - System32\Tasks\User_Feed_Synchronization-{7F99FFB5-B081-4B1E-A27A-96C6AA5B16C0} => C:\Windows\system32\msfeedssync.exe [2013-04-09] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PELDTPPZ.job => C:\Windows\SysWOW64\iassam1.dll

==================== Loaded Modules (whitelisted) =============

2009-07-13 23:59 - 2009-07-14 03:41 - 03451904 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2012-03-05 20:14 - 2010-11-20 15:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll
2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2013-06-13 02:27 - 2013-06-13 02:27 - 01280896 _____ (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll
2012-03-03 18:10 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-12-08 17:55 - 2011-12-08 17:55 - 00028480 _____ (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\SDShelEx-x64.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2009-07-14 02:00 - 2009-07-14 03:41 - 00283648 _____ (Microsoft Corporation) C:\Windows\System32\LocationApi.dll
2009-07-14 02:00 - 2009-07-14 03:41 - 00174592 _____ (Microsoft Corporation) C:\Windows\System32\SensorsApi.dll
2009-07-14 01:28 - 2009-07-14 03:41 - 00271360 _____ (Microsoft Corporation) C:\Windows\System32\WDSCORE.dll
2013-04-09 16:40 - 2013-04-09 16:40 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2013-04-09 16:44 - 2013-04-09 16:44 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-04-09 16:44 - 2013-04-09 16:44 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\Dxtrans.dll
2009-07-14 01:41 - 2009-07-14 03:40 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\ddrawex.dll
2013-04-09 16:44 - 2013-04-09 16:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\Dxtmsft.dll
2009-07-14 01:56 - 2009-07-14 03:41 - 00163328 _____ (Microsoft Corporation) C:\Program Files\Windows Sidebar\wlsrvc.dll
2010-02-28 02:24 - 2010-02-28 02:24 - 00056192 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
2012-04-17 15:05 - 2012-04-17 15:05 - 00103936 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 01047552 _____ (Microsoft Corporation) C:\Program Files (x86)\HTC\HTC Sync 3.0\MFC71U.DLL
2012-04-17 15:05 - 2012-04-17 15:05 - 00176128 _____ (FutureDial) C:\Program Files (x86)\HTC\HTC Sync 3.0\UPCT_DB.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00151552 _____ (FutureDial) C:\Program Files (x86)\HTC\HTC Sync 3.0\PIMAccess.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00047104 _____ (FutureDial LTD.) C:\Program Files (x86)\HTC\HTC Sync 3.0\UpdateHelper.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2010-02-28 02:13 - 2010-02-28 02:13 - 00049024 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
2012-04-17 15:05 - 2012-04-17 15:05 - 00389120 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00151552 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00011776 _____ (FutureDial Ltd.) C:\Program Files (x86)\HTC\HTC Sync 3.0\AutoplayControl.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00159744 _____ (TODO: <Company name>) C:\Program Files (x86)\HTC\HTC Sync 3.0\FileSyncEngine.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00176128 _____ (FutureDial Ltd.) C:\Program Files (x86)\HTC\HTC Sync 3.0\Utility.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00577536 _____ (FutureDial) C:\Program Files (x86)\HTC\HTC Sync 3.0\ItemSyncEngine.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00217088 _____ (FutureDial) C:\Program Files (x86)\HTC\HTC Sync 3.0\MsgSyncEngine.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2013-07-10 16:14 - 2013-04-24 00:57 - 05932696 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
2013-07-14 12:41 - 2013-07-14 12:41 - 11499520 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00165376 _____ (ROUTE 66) C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\SyncEngine.API.dll
2013-01-09 12:19 - 2012-10-05 12:53 - 00364656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00510976 _____ (ROUTE 66) C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\SyncEngine.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00074752 _____ (ROUTE 66) C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\ApplicationUtils.dll
2013-08-20 16:12 - 2013-08-20 16:12 - 07989760 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00027136 _____ (ROUTE 66) C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\DevicesCommon.dll
2013-08-20 16:12 - 2013-08-20 16:12 - 00978432 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
2013-08-20 16:12 - 2013-08-20 16:12 - 05464064 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
2013-08-20 16:14 - 2013-08-20 16:14 - 06611456 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
2012-03-05 20:17 - 2010-11-05 03:58 - 02927616 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00029184 _____ (ROUTE 66) C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\DeviceScanning.dll
2013-01-09 12:17 - 2010-11-13 02:08 - 00315392 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00249856 _____ (FutureDial) C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcUpctApi.dll
2009-07-14 01:50 - 2009-07-14 03:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\security.dll
2012-03-05 20:14 - 2010-11-05 03:58 - 00212992 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
2012-03-05 20:15 - 2010-11-05 03:57 - 00572760 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
2013-07-15 23:09 - 2013-07-15 23:09 - 00318864 _____ (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll
2013-08-17 19:10 - 2013-08-17 19:10 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-22 10:11 - 2013-08-22 10:11 - 16166280 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:122B409D
AlternateDataStreams: C:\ProgramData\TEMP:18897B1D
AlternateDataStreams: C:\ProgramData\TEMP:3A4C8FE7
AlternateDataStreams: C:\ProgramData\TEMP:A039EDF9
AlternateDataStreams: C:\ProgramData\TEMP:A561576B
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2013 05:54:14 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: adawarebp.exe, Version: 1.0.1.110, Zeitstempel: 0x51c4a8e2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x009c78a0
ID des fehlerhaften Prozesses: 0x9ac
Startzeit der fehlerhaften Anwendung: 0xadawarebp.exe0
Pfad der fehlerhaften Anwendung: adawarebp.exe1
Pfad des fehlerhaften Moduls: adawarebp.exe2
Berichtskennung: adawarebp.exe3

Error: (09/02/2013 11:40:54 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (09/02/2013 07:34:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: adawarebp.exe, Version: 1.0.1.110, Zeitstempel: 0x51c4a8e2
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003aff8
ID des fehlerhaften Prozesses: 0xaec
Startzeit der fehlerhaften Anwendung: 0xadawarebp.exe0
Pfad der fehlerhaften Anwendung: adawarebp.exe1
Pfad des fehlerhaften Moduls: adawarebp.exe2
Berichtskennung: adawarebp.exe3

Error: (08/31/2013 08:58:02 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 23.0.1.4974 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1278

Startzeit: 01cea6732785e5af

Endzeit: 514

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:

Error: (08/30/2013 07:29:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/30/2013 07:24:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/03/2013 10:54:13 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.

Error: (09/03/2013 10:53:41 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.

Error: (09/03/2013 10:53:11 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.

Error: (09/03/2013 10:52:41 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.

Error: (09/03/2013 10:52:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (09/03/2013 05:54:48 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.

Error: (09/03/2013 05:54:05 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (09/03/2013 05:53:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (09/03/2013 05:53:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (09/03/2013 05:53:26 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/03/2013 05:54:14 AM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.11051c4a8e2unknown0.0.0.000000000c0000005009c78a09ac01cea8261bbcecd6C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeunknown7f59246d-144c-11e3-9288-00238b3b5a12

Error: (09/02/2013 11:40:54 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (09/02/2013 07:34:42 PM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.11051c4a8e2ole32.dll6.1.7601.175144ce7b96fc00000050003aff8aec01cea7fed6c01bf8C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Windows\syswow64\ole32.dllf3272b04-13f5-11e3-b0c3-00238b3b5a12

Error: (08/31/2013 08:58:02 PM) (Source: Application Hang)(User: )
Description: firefox.exe23.0.1.4974127801cea6732785e5af514C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (08/30/2013 07:29:47 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Chrissi\Downloads\esetsmartinstaller_enu.exe

Error: (08/30/2013 07:24:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


CodeIntegrity Errors:
===================================
  Date: 2013-08-29 17:10:29.777
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 17:10:29.496
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 1976.88 MB
Available physical RAM: 483.52 MB
Total Pagefile: 3953.77 MB
Available Pagefile: 1801.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:73.14 GB) (Free:10.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (TOSHIBA) (Removable) (Total:7.26 GB) (Free:0.04 GB) FAT32
Drive f: (TOSHIBA) (Removable) (Total:7.44 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D4A35C9B)
Partition 1: (Active) - (Size=73 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01
Ran by Chrissi (administrator) on CHRISSI-PC on 03-09-2013 11:03:37
Running from C:\Users\Chrissi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Chrissi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
FF Extension: No Name - C:\Users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\n3pp6cdz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [gamescenter@gamescenter.com] C:\Program Files (x86)\GamesCenter\GamesCenter.xpi
FF Extension: No Name - C:\Program Files (x86)\GamesCenter\GamesCenter.xpi

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-03 11:02 - 2013-09-03 11:02 - 00377856 _____ C:\Users\Chrissi\Downloads\gmer_2.1.19163.exe
2013-09-03 11:01 - 2013-09-03 11:02 - 01950474 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2013-09-02 23:00 - 2013-09-02 23:00 - 01037134 _____ C:\Users\Chrissi\Desktop\adwcleaner.exe
2013-09-02 19:07 - 2013-09-02 19:07 - 00000000 ____D C:\Users\Chrissi\AppData\Local\adawarebp
2013-09-02 19:06 - 2013-09-02 23:47 - 00000168 _____ C:\Windows\setupact.log
2013-09-02 19:06 - 2013-09-02 19:06 - 00000810 _____ C:\Windows\PFRO.log
2013-09-02 19:06 - 2013-09-02 19:06 - 00000000 _____ C:\Windows\setuperr.log
2013-09-01 11:19 - 2013-09-01 11:18 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-01 11:19 - 2013-09-01 11:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-01 11:19 - 2013-09-01 11:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-01 11:19 - 2013-09-01 11:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-01 11:18 - 2013-09-01 11:18 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-31 22:22 - 2013-08-31 22:22 - 00773296 _____ (RealNetworks, Inc.) C:\Users\Chrissi\Downloads\RealPlayer.exe
2013-08-31 22:20 - 2013-09-01 11:24 - 42599472 _____ (HP) C:\Users\Chrissi\Downloads\hppc-hpcom.11942.exe
2013-08-31 22:13 - 2013-08-31 22:13 - 00000000 ____D C:\Users\Chrissi\AppData\Local\Secunia PSI
2013-08-31 22:12 - 2013-08-31 22:12 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-31 21:49 - 2013-08-31 21:50 - 03272136 _____ (Secunia) C:\Users\Chrissi\Downloads\PSISetup711.exe
2013-08-31 21:26 - 2013-08-31 21:27 - 00000947 _____ C:\DelFix.txt
2013-08-30 00:19 - 2013-08-31 21:26 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 00:08 - 2013-09-02 23:15 - 00000000 ____D C:\AdwCleaner
2013-08-29 20:11 - 2013-09-02 23:48 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-29 20:04 - 2013-08-29 20:04 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-08-29 19:43 - 2013-08-29 19:43 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 19:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 11:32 - 2013-08-31 21:01 - 00000000 ____D C:\Windows\erdnt
2013-08-29 09:59 - 2013-08-29 09:59 - 00003304 ____N C:\bootsqm.dat
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456}
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86}
2013-08-27 23:17 - 2013-09-02 23:47 - 00000318 _____ C:\Windows\Tasks\PELDTPPZ.job
2013-08-27 23:17 - 2013-08-27 23:17 - 00458752 __RSH C:\Windows\SysWOW64\iassam1.dll
2013-08-27 23:17 - 2013-08-27 23:17 - 00002598 _____ C:\Windows\System32\Tasks\PELDTPPZ
2013-08-22 10:02 - 2013-08-22 10:02 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-19 13:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-19 13:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-19 13:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-19 13:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-19 13:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-19 13:09 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-19 13:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-19 13:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-19 13:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-19 13:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-19 13:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-19 13:09 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-19 13:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-19 13:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 12:47 - 2013-08-19 12:50 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 19:10 - 2013-09-01 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 13:22 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 13:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 13:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 13:19 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 13:19 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 13:19 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 13:19 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 13:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 13:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 13:18 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 13:18 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 13:18 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 13:18 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 13:18 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 13:18 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 13:18 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 13:18 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 13:18 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 13:18 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 13:18 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 13:18 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 13:18 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 13:17 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

==================== One Month Modified Files and Folders =======

2013-09-03 11:05 - 2012-03-03 17:47 - 01751998 _____ C:\Windows\WindowsUpdate.log
2013-09-03 11:03 - 2013-09-03 11:03 - 00000000 ____D C:\FRST
2013-09-03 11:02 - 2013-09-03 11:02 - 00377856 _____ C:\Users\Chrissi\Downloads\gmer_2.1.19163.exe
2013-09-03 11:02 - 2013-09-03 11:01 - 01950474 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2013-09-03 10:59 - 2012-11-10 13:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-03 10:56 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 10:56 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 23:48 - 2013-08-29 20:11 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-09-02 23:48 - 2012-09-11 01:40 - 00000000 ____D C:\Users\Chrissi\AppData\Local\Htc
2013-09-02 23:47 - 2013-09-02 19:06 - 00000168 _____ C:\Windows\setupact.log
2013-09-02 23:47 - 2013-08-27 23:17 - 00000318 _____ C:\Windows\Tasks\PELDTPPZ.job
2013-09-02 23:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 23:45 - 2013-01-08 16:33 - 00002155 _____ C:\Windows\epplauncher.mif
2013-09-02 23:45 - 2013-01-08 16:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-02 23:44 - 2013-01-08 16:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-02 23:15 - 2013-08-30 00:08 - 00000000 ____D C:\AdwCleaner
2013-09-02 23:04 - 2013-01-06 02:56 - 00004224 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-02 23:04 - 2013-01-06 02:41 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Ad-Aware Antivirus
2013-09-02 23:00 - 2013-09-02 23:00 - 01037134 _____ C:\Users\Chrissi\Desktop\adwcleaner.exe
2013-09-02 19:17 - 2012-03-03 17:59 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F99FFB5-B081-4B1E-A27A-96C6AA5B16C0}
2013-09-02 19:07 - 2013-09-02 19:07 - 00000000 ____D C:\Users\Chrissi\AppData\Local\adawarebp
2013-09-02 19:06 - 2013-09-02 19:06 - 00000810 _____ C:\Windows\PFRO.log
2013-09-02 19:06 - 2013-09-02 19:06 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 18:15 - 2013-06-18 13:26 - 00000000 ____D C:\Users\Chrissi\Desktop\konvertieren
2013-09-02 18:14 - 2012-03-04 01:51 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Orbit
2013-09-02 18:12 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-02 18:12 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-02 18:12 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 14:32 - 2013-06-11 13:42 - 00000000 ____D C:\Users\Chrissi\Desktop\brennen
2013-09-02 14:32 - 2013-06-10 21:46 - 00000000 ____D C:\Users\Chrissi\Desktop\noch anschauen ob okay
2013-09-01 11:24 - 2013-08-31 22:20 - 42599472 _____ (HP) C:\Users\Chrissi\Downloads\hppc-hpcom.11942.exe
2013-09-01 11:18 - 2013-09-01 11:19 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-01 11:18 - 2013-09-01 11:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-01 11:18 - 2013-09-01 11:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-01 11:18 - 2013-09-01 11:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-01 11:18 - 2013-09-01 11:18 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-01 11:18 - 2012-03-04 00:48 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-09-01 11:18 - 2012-03-04 00:33 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-01 11:17 - 2013-08-17 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-31 22:26 - 2013-01-30 01:01 - 00000994 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-31 22:22 - 2013-08-31 22:22 - 00773296 _____ (RealNetworks, Inc.) C:\Users\Chrissi\Downloads\RealPlayer.exe
2013-08-31 22:13 - 2013-08-31 22:13 - 00000000 ____D C:\Users\Chrissi\AppData\Local\Secunia PSI
2013-08-31 22:12 - 2013-08-31 22:12 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-31 21:50 - 2013-08-31 21:49 - 03272136 _____ (Secunia) C:\Users\Chrissi\Downloads\PSISetup711.exe
2013-08-31 21:27 - 2013-08-31 21:26 - 00000947 _____ C:\DelFix.txt
2013-08-31 21:26 - 2013-08-30 00:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-31 21:01 - 2013-08-29 11:32 - 00000000 ____D C:\Windows\erdnt
2013-08-31 20:24 - 2012-03-03 17:57 - 00000000 ____D C:\Users\Chrissi
2013-08-30 23:30 - 2013-03-08 16:42 - 00000000 ____D C:\Windows\Minidump
2013-08-30 23:21 - 2012-03-05 04:01 - 00007168 ____H C:\Users\Chrissi\Desktop\photothumb.db
2013-08-30 00:10 - 2013-02-04 14:33 - 00000000 ____D C:\ProgramData\Uniblue
2013-08-30 00:10 - 2013-01-13 21:26 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Uniblue
2013-08-30 00:10 - 2013-01-13 21:26 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-30 00:10 - 2012-03-04 01:28 - 00000000 ____D C:\ProgramData\ICQ
2013-08-29 20:33 - 2013-01-06 02:55 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\LavasoftStatistics
2013-08-29 20:33 - 2013-01-06 02:45 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-29 20:10 - 2013-08-29 20:10 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-29 20:04 - 2013-08-29 20:04 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-08-29 20:04 - 2013-01-06 02:45 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-08-29 19:43 - 2013-08-29 19:43 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 19:43 - 2013-08-29 19:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 17:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-29 17:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-29 09:59 - 2013-08-29 09:59 - 00003304 ____N C:\bootsqm.dat
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{F94307F9-E964-4C11-93B3-9779DDD76456}
2013-08-29 00:02 - 2013-08-29 00:02 - 00002982 _____ C:\Windows\System32\Tasks\{B5C0825F-D13C-4A5F-9739-B33444950E86}
2013-08-27 23:17 - 2013-08-27 23:17 - 00458752 __RSH C:\Windows\SysWOW64\iassam1.dll
2013-08-27 23:17 - 2013-08-27 23:17 - 00002598 _____ C:\Windows\System32\Tasks\PELDTPPZ
2013-08-22 23:15 - 2012-03-03 17:44 - 00000000 ____D C:\Windows\Panther
2013-08-22 10:11 - 2012-11-10 13:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-22 10:11 - 2012-11-10 13:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-22 10:11 - 2012-03-03 18:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-22 10:02 - 2013-08-22 10:02 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-20 10:19 - 2012-10-15 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 12:50 - 2013-08-19 12:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 12:47 - 2013-01-08 16:12 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 00:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-05 23:42 - 2012-03-05 04:14 - 00000000 ____D C:\Users\Chrissi\AppData\Roaming\vlc

Files to move or delete:
====================
C:\Users\Chrissi\AppData\Local\Temp\lowproc.exe
C:\Users\Chrissi\AppData\Local\Temp\Quarantine.exe
C:\Users\Chrissi\AppData\Local\Temp\stubhelper.dll
C:\Users\Chrissi\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-02-05 02:14

==================== End Of Log ============================
--- --- ---


Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-03 11:23:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Chrissi\AppData\Local\Temp\kwliafod.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [920:3580]                      000007fef5bb44e0
Thread  C:\Windows\System32\svchost.exe [920:3472]                      000007fef79314a0
Thread  C:\Windows\System32\svchost.exe [920:3208]                      000007fef7a9a2b0
Thread  C:\Windows\System32\svchost.exe [920:5104]                      000007fef7cb88f8
Thread  C:\Windows\System32\svchost.exe [920:2892]                      000007fef5bcd710
Thread  C:\Windows\system32\svchost.exe [860:1860]                      000007fefa88bd88
Thread  C:\Windows\system32\svchost.exe [860:2120]                      000007fef5b583d8
Thread  C:\Windows\system32\svchost.exe [860:964]                      000007fef9145170
Thread  C:\Windows\system32\svchost.exe [860:2472]                      000007fef4873f1c
Thread  C:\Windows\system32\svchost.exe [860:836]                      000007fefb5a22b8
Thread  C:\Windows\system32\svchost.exe [860:804]                      000007fefb5a1a38
Thread  C:\Windows\system32\svchost.exe [860:1876]                      000007fef4c45388
Thread  C:\Windows\system32\svchost.exe [860:2832]                      000007fef4317738
Thread  C:\Windows\system32\svchost.exe [860:2080]                      000007fef4291f90
Thread  C:\Windows\system32\svchost.exe [860:3732]                      000007fef8015124
Thread  C:\Windows\system32\svchost.exe [860:2132]                      000007feeec7341c
Thread  C:\Windows\system32\svchost.exe [860:4260]                      000007feeec73a2c
Thread  C:\Windows\system32\svchost.exe [860:4464]                      000007feeec73768
Thread  C:\Windows\system32\svchost.exe [860:2372]                      000007feeec75c20
Thread  C:\Windows\System32\spoolsv.exe [1300:1168]                    000007fef22510c8
Thread  C:\Windows\System32\spoolsv.exe [1300:3036]                    000007fef2146144
Thread  C:\Windows\System32\spoolsv.exe [1300:2684]                    000007fef8b75fd0
Thread  C:\Windows\System32\spoolsv.exe [1300:356]                      000007fef21e3438
Thread  C:\Windows\System32\spoolsv.exe [1300:536]                      000007fef8b763ec
Thread  C:\Windows\System32\spoolsv.exe [1300:2424]                    000007fef2315e5c
Thread  C:\Windows\System32\spoolsv.exe [1300:3092]                    000007fef2325074
Thread  C:\Windows\System32\spoolsv.exe [1300:3592]                    000007fef2392288
Thread  C:\Windows\SysWOW64\rundll32.exe [1724:1736]                    00000000001f8930
Thread  C:\Windows\SysWOW64\rundll32.exe [1724:1740]                    0000000000173a80
Thread  C:\Windows\SysWOW64\rundll32.exe [1724:1812]                    0000000000173a10
Thread  C:\Windows\SysWOW64\rundll32.exe [1724:3076]                    0000000000a5832b
Thread  C:\Windows\SysWOW64\rundll32.exe [1724:3084]                    0000000000a55514
Thread  C:\Windows\SysWOW64\rundll32.exe [1724:3100]                    0000000000a55a5e
Thread  C:\Windows\System32\WUDFHost.exe [3212:3964]                    000007fef0ef24a0
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3984:4676]  000007fefbe42a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3984:5000]  000007feefbed618

---- EOF - GMER 2.1 ----


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:37 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131