Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Kurzweilig Paßwörter fürs Web falsch (https://www.trojaner-board.de/137044-kurzweilig-passwoerter-fuers-web-falsch.html)

Trakki2013 23.06.2013 07:32
Kurzweilig Paßwörter fürs Web falsch
 
Hallo,

vor ein paar Tagen wollte ich mich abends bei facebook über google-Chrome anmelden.
Nach etlichen Versuchen, die nichts brachten, probierte es dann bei zwei meiner e-mail-Adressen.
Es war kein Anmelden möglich.
Über das Smartphone ging es.
Dann habe ich es auf dem Laptop über firefox versucht, auch das brachte keinen Erfolg.
Ich habe AVG einen Computercheck machen lassen. Keine Funde.
Dann googelte ich weiter über Chrome nach entsprechenden Themen, versuchte eine Anmeldung erneut und es funktionierte alles wieder.

Ich habe jetzt Angst, daß meine Paßwörter gehackt worden sind.

Und nun???

VG und schon mal Danke im Voraus.

schrauber 23.06.2013 08:02
Hi,

auf jeden Fall mal von einem anderen PC die Passwörter ändern.

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Trakki2013 23.06.2013 09:34

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by Barbara (administrator) on 23-06-2013 10:29:04
Running from C:\Users\Barbara\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3  [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-16] (Google Inc.)
HKCU\...\Run: [Facebook Update] "C:\Users\Barbara\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-24] (Facebook Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
MountPoints2: {2b810bad-aefe-11e1-bc5a-742f68698f9e} - F:\AutoRun.exe
MountPoints2: {2e72a7a0-d898-11e1-8480-742f68698f9e} - F:\AutoRun.exe
MountPoints2: {323ec756-ce2d-11e0-9c31-742f68698f9e} - F:\AutoRun.exe
MountPoints2: {98fcccf8-b8b1-11e1-96c6-742f68698f9e} - F:\AutoRun.exe
MountPoints2: {b02f7b99-de2a-11e1-88cd-742f68698f9e} - F:\AutoRun.exe
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-21] (AVG Secure Search)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-05-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKCU SearchScopes: DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PicBadges - {11111111-1111-1111-1111-110111561186} - C:\Program Files (x86)\PicBadges\PicBadges.dll (PicBadges.com)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default
FF user.js: detected! => C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default\user.js
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=14.2.0.1&pid=avg&sg=&sap=hp
FF Keyword.URL: hxxp://isearch.avg.com/search?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: No Name - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default\Extensions\crossriderapp15686@crossrider.com
FF Extension: No Name - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

Chrome:
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=14.2.0.1&pid=avg&sg=&sap=hp"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Barbara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SweetIM for Facebook) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0
CHR Extension: (PicBadges) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kioiabaigfcehjmemdmnnmjegnjjckai\1.23.34_0
CHR Extension: (Skype Click to Call) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0
CHR Extension: (Gmail) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-21] (AVG Technologies)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2007-08-09] (Huawei Tech. Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-23 10:27 - 2013-06-23 10:27 - 01931364 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64.exe
2013-06-23 10:27 - 2013-06-23 10:27 - 00000000 ____D C:\FRST
2013-06-17 22:20 - 2013-06-17 22:20 - 00000000 ____D C:\Users\Barbara\Documents\Bauen und Basteln
2013-06-08 22:24 - 2013-06-08 22:24 - 00000000 ____D C:\Users\Barbara\AppData\Local\{665199F2-D059-4A8C-8488-7E794BD676B8}
2013-06-03 10:01 - 2013-06-18 21:26 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

==================== One Month Modified Files and Folders =======

2013-06-23 10:27 - 2013-06-23 10:27 - 01931364 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64.exe
2013-06-23 10:27 - 2013-06-23 10:27 - 00000000 ____D C:\FRST
2013-06-23 10:14 - 2011-08-25 14:33 - 00000000 ____D C:\ProgramData\MFAData
2013-06-23 10:09 - 2013-03-15 21:28 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 10:09 - 2012-08-24 20:45 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA.job
2013-06-23 10:09 - 2011-11-16 12:51 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA.job
2013-06-23 08:06 - 2012-08-24 20:56 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Skype
2013-06-23 08:06 - 2011-11-16 12:51 - 00001076 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core.job
2013-06-23 08:06 - 2011-08-24 18:50 - 01276845 ____A C:\Windows\WindowsUpdate.log
2013-06-22 20:50 - 2012-08-24 20:45 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core.job
2013-06-22 20:38 - 2013-03-15 21:28 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 22:15 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 22:15 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 17:23 - 2011-11-16 12:53 - 00002384 ____A C:\Users\Barbara\Desktop\Google Chrome.lnk
2013-06-18 21:26 - 2013-06-03 10:01 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-18 21:23 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 21:23 - 2009-07-14 06:51 - 00136173 ____A C:\Windows\setupact.log
2013-06-17 22:20 - 2013-06-17 22:20 - 00000000 ____D C:\Users\Barbara\Documents\Bauen und Basteln
2013-06-16 22:55 - 2011-08-24 19:18 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\SoftGrid Client
2013-06-16 22:27 - 2011-08-28 21:08 - 00000000 ____D C:\Users\Barbara\Documents\Barbara 1
2013-06-15 15:37 - 2011-02-19 06:24 - 00666256 ____A C:\Windows\System32\perfh007.dat
2013-06-15 15:37 - 2011-02-19 06:24 - 00134178 ____A C:\Windows\System32\perfc007.dat
2013-06-15 15:37 - 2009-07-14 07:13 - 01531014 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-11 22:17 - 2012-10-04 07:32 - 00000943 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-08 22:25 - 2012-12-18 19:54 - 00905216 __ASH C:\Users\Barbara\Downloads\Thumbs.db
2013-06-08 22:24 - 2013-06-08 22:24 - 00000000 ____D C:\Users\Barbara\AppData\Local\{665199F2-D059-4A8C-8488-7E794BD676B8}
2013-06-03 10:01 - 2012-10-04 07:32 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-05-31 20:46 - 2012-08-24 20:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-31 20:46 - 2012-08-24 20:56 - 00000000 ____D C:\ProgramData\Skype

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 20:36

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2013
Ran by Barbara at 2013-06-23 10:29:48
Running from C:\Users\Barbara\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? (x32 Version: 15.4.5722.2)
???? ??? Windows Live (x32 Version: 15.4.3502.0922)
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? (x32 Version: 15.4.5722.2)
???? Windows Live (x32 Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (x32 Version: 15.4.3502.0922)
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? (x32 Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (x32 Version: 15.4.5722.2)
???????? ?????????? Windows Live (x32 Version: 15.4.3502.0922)
?????????? Windows Live (x32 Version: 15.4.3502.0922)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.85.3)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.171)
Adobe Photoshop Elements 2.0 (x32 Version: 2.0)
ASUS AI Recovery (x32 Version: 1.0.13)
ASUS FancyStart (x32 Version: 1.0.8)
ASUS K3 Series ScreenSaver (x32 Version: 1.0.0002)
ASUS LifeFrame3 (x32 Version: 3.0.20)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0030)
ASUS Virtual Camera (x32 Version: 1.0.21)
ASUS WebStorage (x32 Version: 3.0.84.161)
AsusVibe2.0 (x32 Version: 2.0.4.617)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0010)
AVG 2013 (Version: 13.0.3199)
AVG 2013 (Version: 13.0.3345)
AVG 2013 (Version: 2013.0.3345)
AVG Security Toolbar (x32 Version: 15.2.0.5)
Bing Bar (x32 Version: 7.0.610.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Bookworm Deluxe (x32)
Canon Camera WIA Driver (x32 Version: 5.4)
Canon EOS 20D WIA-Treiber (x32 Version: 5.4)
Canon Utilities EOS Capture 1.1 (x32 Version: 1.1)
Canon Utilities EOS Viewer Utility 1.1 (x32 Version: 1.1)
Canon Utilities PhotoStitch 3.1 (x32 Version: 3.1.13)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Cooking Dash (x32)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
D3DX10 (x32 Version: 15.4.2368.0902)
ETDWare PS/2-X64 8.0.5.3_WHQL (Version: 8.0.5.3)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fast Boot (Version: 1.0.10)
FUJIFILM MyFinePix Studio 2.0 (x32)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Game Park Console (x32 Version: 6.2.1.1)
GIMP 2.6.8
Google Chrome (HKCU Version: 27.0.1453.116)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.145)
Governor of Poker (x32)
Hotel Dash Suite Success (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2291)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4)
Jewel Quest 3 (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Luxor 3 (x32)
Mahjongg dimensions (x32)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Partner (x32 Version: 11.300.05.03.40)
Mozilla Firefox 8.0.1 (x86 de) (x32 Version: 8.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Nuance PDF Reader (x32 Version: 6.00.0041)
NVIDIA Control Panel 268.56 (Version: 268.56)
NVIDIA Graphics Driver 268.56 (Version: 268.56)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA Optimus 1.0.22 (Version: 1.0.22)
NVIDIA Update Components (Version: 1.0.22)
PDFCreator (x32 Version: 1.2.3)
PhotoStitch (x32 Version: 3.1.13)
PicBadges (x32 Version: 1.23.151.151)
Plants vs Zombies (x32)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6373)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10001)
S?????? f?t???af??? t?? Windows Live (x32 Version: 15.4.3502.0922)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.3 (x32 Version: 6.3.107)
Sonic Focus (x32 Version: 1.0.0.4)
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (x32 Version: 15.4.5722.2)
syncables desktop SE (x32 Version: 5.5.746.11492)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live ??? (x32 Version: 15.4.3502.0922)
Windows Live ???? (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.0)
Wireless Console 3 (x32 Version: 3.0.19)
World of Goo (x32)

==================== Restore Points  =========================

09-03-2013 20:18:22 Geplanter Prüfpunkt
30-03-2013 09:13:00 Installed AVG 2013
30-03-2013 09:14:03 Installed AVG 2013
02-06-2013 21:18:05 Geplanter Prüfpunkt
12-06-2013 21:05:32 Geplanter Prüfpunkt

==================== Scheduled Tasks (whitelisted) =============

Task: {0AE86FBC-CDA2-4DAE-A001-56711EE90699} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {0F61FA3B-8844-447E-8D6B-147C09E1E9CA} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {2BF1CCEB-3346-4FDE-897A-F4EF0E6D37E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)
Task: {33BC61DE-ECD1-4CEE-B770-8EA62AEA9DC1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core => C:\Users\Barbara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-24] (Facebook Inc.)
Task: {46C594BE-C8E1-4B4C-9A43-A3156E4D768A} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{DE6A39A4-DABD-44B2-9C76-8F03B371B508}.exe [2013-06-03] (AVG Secure Search)
Task: {4FB5E01E-4EA2-420D-91E0-50F3ECE14D08} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {5A6988DB-3A60-4151-91EC-B8FE020DEE13} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {A5CF8149-1E58-4358-92DD-A76A05FD4DBF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA => C:\Users\Barbara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-24] (Facebook Inc.)
Task: {B2DA3543-35F1-407D-A179-FBA4A010650C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {CD96A081-AF03-4F9C-9688-980BE321A32B} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {CFDD3DE5-3C9E-4CC7-97CD-4AD02EF77BF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {FF141269-6E60-4DBB-9415-C172171A1B51} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 10:00:06 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/12/2013 09:31:31 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/05/2013 06:46:20 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/28/2013 08:43:48 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/20/2013 11:00:47 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/12/2013 08:03:42 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/05/2013 07:30:28 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/28/2013 04:53:39 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/21/2013 08:57:02 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2013 08:36:34 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)


System errors:
=============
Error: (06/18/2013 09:24:10 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/17/2013 10:47:57 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/17/2013 09:10:53 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.20
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (06/17/2013 07:20:59 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/16/2013 10:55:05 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/16/2013 03:04:44 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/15/2013 07:21:12 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/15/2013 04:25:48 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (06/15/2013 03:38:30 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ!NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FE9477FB-3568-4FB5-9273-9D8E308028E3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/15/2013 08:47:06 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5


Microsoft Office Sessions:
=========================
Error: (06/20/2013 10:00:06 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/12/2013 09:31:31 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/05/2013 06:46:20 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/28/2013 08:43:48 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/20/2013 11:00:47 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/12/2013 08:03:42 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/05/2013 07:30:28 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/28/2013 04:53:39 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/21/2013 08:57:02 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2013 08:36:34 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 6055.77 MB
Available physical RAM: 4415.52 MB
Total Pagefile: 12109.73 MB
Available Pagefile: 9612.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:196.29 GB) (Free:0.2 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:244.47 GB) (Free:244.36 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: EF24B474)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=196 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244 GB) - (Type=OF Extended)

==================== End Of Log ============================

schrauber 23.06.2013 15:51
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Trakki2013 23.06.2013 19:54
Combofix Logfile:
Code:
ComboFix 13-06-22.01 - Barbara 23.06.2013  20:42:58.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6056.4641 [GMT 2:00]
ausgeführt von:: c:\users\Barbara\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PicBadges\PiCBadges.dll
c:\programdata\FullRemove.exe
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-23 bis 2013-06-23  ))))))))))))))))))))))))))))))
.
.
2013-06-23 18:48 . 2013-06-23 18:48        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-23 18:48 . 2013-06-23 18:48        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-23 08:27 . 2013-06-23 08:27        --------        d-----w-        C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 17:23 . 2012-09-03 17:56        45856        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys
2013-05-11 09:28 . 2010-06-24 18:33        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-03-29 00:53 . 2013-03-29 00:53        246072        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-05-21 17:23        1991344        ----a-w-        c:\program files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-21 1991344]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Barbara\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-24 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-05-21 1226928]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-30 110592]
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-8-24 12862]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core.job
- c:\users\Barbara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-24 18:45]
.
2013-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA.job
- c:\users\Barbara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-24 18:45]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 19:28]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 19:28]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core.job
- c:\users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16 10:51]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA.job
- c:\users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16 10:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41        220160        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41        220160        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32&v=14.2.0.1&pid=avg&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110111561186} - c:\program files (x86)\PicBadges\PicBadges.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-23  20:51:54
ComboFix-quarantined-files.txt  2013-06-23 18:51
.
Vor Suchlauf: 4.364.677.120 Bytes frei
Nach Suchlauf: 4.426.887.168 Bytes frei
.
- - End Of File - - 878E559EB89F3D6412AD777222636480
--- --- ---
D41D8CD98F00B204E9800998ECF8427E

schrauber 23.06.2013 20:56
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte :)

Trakki2013 23.06.2013 21:46
Hallo,

das funktioniert nicht.

Unter Deinem link folgt eine Zipper-Datei.
Habe Zipper. exe bestätigt, aber unter C: ist nix von AdwCleaner zu entdecken.

Vielen Dank schon mal für Deine Hilfe..

VG

schrauber 24.06.2013 07:30
Wenn Du auf den Link klickst und rechts auf den grünen Download Button?

Trakki2013 24.06.2013 21:30
Jetzt hat er ZipOpenerSetup.exe runtergeladen.
Traue aber nicht, das anzuklicken.
Ist das richtig??

Zip Opener

schrauber 25.06.2013 07:57
Ehm, nö :D

Du bist aber schon auf filepony.de?

Trakki2013 25.06.2013 20:30
Hallo,

sorry ich bin immer erst so spät drinnen. Nach der Arbeit muß ich mich noch um die Tiere kümmern.

So... es ist ja kurios!!

Ich bin jetzt noch mal auf den link gegangen.
Komme auf filepony .. hier der link AdwCleaner - Download - Filepony

Klick auf den grünen Button rechts.

Und jetzt habe ich in den downloads den ZipOpenerSetup und den Zipper. Aber nichts mit der Bezeichnung adwcleaner.

Soll ich die beiden Dinge im Download-Ordner wieder löschen und noch mal downloaden?
Ist das vielleicht nur ne Datei um den Cleaner zu entpacken?

VG

Barbara

schrauber 26.06.2013 08:16
Du klickst rechts auf den grünen Download, dann geht in der mitte ne Zeile auf "Download wird vorbereitet", auf diese in der Mitte dann drauf klicken.

Trakki2013 26.06.2013 21:01
AdwCleaner:

Code:
# AdwCleaner v2.303 - Datei am 26/06/2013 um 21:46:04 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Barbara - BARBARA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Barbara\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gefunden : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Barbara\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gefunden : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Ordner Gefunden : C:\Users\Barbara\AppData\Local\Wajam
Ordner Gefunden : C:\Users\Barbara\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default\extensions\crossriderapp15686@crossrider.com
Ordner Gefunden : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default\SweetPacksToolbarData
Ordner Gefunden : C:\Users\Barbara\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\Software\AVG Security Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0015686.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0015686.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0015686.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111561186}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110111561186}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111561186}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111561186}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111561186}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKU\S-1-5-21-3397864116-3237469828-2232435618-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v8.0.1 (de)

Datei : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default\prefs.js

Gefunden : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.2.0.5");
Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gefunden : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.InstallationThankYouPage", true);
Gefunden : user_pref("extensions.crossriderapp15686.15686.InstallationTime", 1347388044);
Gefunden : user_pref("extensions.crossriderapp15686.15686.InstallationUserSettings.searchUserConifrmation", fal[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.InstallationUserSettings.setHomepage", false);
Gefunden : user_pref("extensions.crossriderapp15686.15686.InstallationUserSettings.setNewTab", false);
Gefunden : user_pref("extensions.crossriderapp15686.15686.InstallationUserSettings.setSearch", false);
Gefunden : user_pref("extensions.crossriderapp15686.15686.active", true);
Gefunden : user_pref("extensions.crossriderapp15686.15686.addressbar", "");
Gefunden : user_pref("extensions.crossriderapp15686.15686.backgroundjs", "\n\n\nappAPI.ready(function () {\n  v[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.backgroundver", 9);
Gefunden : user_pref("extensions.crossriderapp15686.15686.can_run_bg_code", true);
Gefunden : user_pref("extensions.crossriderapp15686.15686.certdomaininstaller", "");
Gefunden : user_pref("extensions.crossriderapp15686.15686.changeprevious", false);
Gefunden : user_pref("extensions.crossriderapp15686.15686.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.cookie.InstallationTime.value", "1347388044");
Gefunden : user_pref("extensions.crossriderapp15686.15686.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.cookie.plugin_installed.expiration", "Fri Feb 01 2030[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.cookie.plugin_installed.value", "true");
Gefunden : user_pref("extensions.crossriderapp15686.15686.description", "PicBadges");
Gefunden : user_pref("extensions.crossriderapp15686.15686.domain", "");
Gefunden : user_pref("extensions.crossriderapp15686.15686.enablesearch", false);
Gefunden : user_pref("extensions.crossriderapp15686.15686.fbremoteurl", "");
Gefunden : user_pref("extensions.crossriderapp15686.15686.group", 0);
Gefunden : user_pref("extensions.crossriderapp15686.15686.homepage", "");
Gefunden : user_pref("extensions.crossriderapp15686.15686.iframe", false);
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_appVer.value", "34");
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_lastVersion.value", "28");
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_meta.value", "%7B%22images/icon1[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_nextCheck.expiration", "Wed Jun [...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_nextCheck.value", "true");
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_queue.value", "%7B%7D");
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_resource_14495.expiration", "Mon[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_resource_14495.value", "%22data%[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.js", "\n\nappAPI.ready(function($) {\n\n        //open invis[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.manifesturl", "");
Gefunden : user_pref("extensions.crossriderapp15686.15686.name", "PicBadges");
Gefunden : user_pref("extensions.crossriderapp15686.15686.newtab", "");
Gefunden : user_pref("extensions.crossriderapp15686.15686.opensearch", "");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_1.name", "base");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_1.ver", 6);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_13.name", "CrossriderAppUtils");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_13.ver", 3);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_14.name", "CrossriderUtils");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_14.ver", 3);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_16.name", "FFAppAPIWrapper");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_16.ver", 7);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_17.name", "jQuery");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_17.ver", 4);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_21.name", "debug");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_21.ver", 4);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_22.name", "resources");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_22.ver", 4);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_28.name", "initializer");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_28.ver", 3);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_4.name", "jquery_1_7_1");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_4.ver", 4);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_47.name", "resources_background");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_47.ver", 3);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_64.name", "appApiMessage");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_64.ver", 2);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_72.name", "appApiValidation");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_72.ver", 3);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_78.name", "CrossriderInfo");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_78.ver", 3);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_98.code", "(function(){var b=\"cr_\"+a[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_98.name", "omniCommands");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins.plugin_98.ver", 2);
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98");
Gefunden : user_pref("extensions.crossriderapp15686.15686.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/a[...]
Gefunden : user_pref("extensions.crossriderapp15686.15686.pluginsversion", 8);
Gefunden : user_pref("extensions.crossriderapp15686.15686.publisher", "PicBadges.com");
Gefunden : user_pref("extensions.crossriderapp15686.15686.searchstatus", 0);
Gefunden : user_pref("extensions.crossriderapp15686.15686.setnewtab", false);
Gefunden : user_pref("extensions.crossriderapp15686.15686.settingsurl", "");
Gefunden : user_pref("extensions.crossriderapp15686.15686.thankyou", "hxxp://crossrider.com/thank_you/15686");
Gefunden : user_pref("extensions.crossriderapp15686.15686.updateinterval", 360);
Gefunden : user_pref("extensions.crossriderapp15686.15686.ver", 34);
Gefunden : user_pref("extensions.crossriderapp15686.adsOldValue", -1);
Gefunden : user_pref("extensions.crossriderapp15686.apps", "15686");
Gefunden : user_pref("extensions.crossriderapp15686.bic", "139c518423583331cb57589e90a2cfb6");
Gefunden : user_pref("extensions.crossriderapp15686.cid", 15686);
Gefunden : user_pref("extensions.crossriderapp15686.firstrun", false);
Gefunden : user_pref("extensions.crossriderapp15686.hadappinstalled", true);
Gefunden : user_pref("extensions.crossriderapp15686.installationdate", 1347631465);
Gefunden : user_pref("extensions.crossriderapp15686.lastcheck", 22859773);
Gefunden : user_pref("extensions.crossriderapp15686.lastcheckitem", 22859774);
Gefunden : user_pref("extensions.crossriderapp15686.modetype", "production");
Gefunden : user_pref("extensions.crossriderapp15686.reportInstall", true);
Gefunden : user_pref("extensions.enabledAddons", "crossriderapp15686@crossrider.com:0.84.20,{EEE6C361-6118-11DC[...]
Gefunden : user_pref("extensions.wajam.affiliate_id", "6447");
Gefunden : user_pref("extensions.wajam.firstrun", "false");
Gefunden : user_pref("extensions.wajam.log_send_info", "false");
Gefunden : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
Gefunden : user_pref("extensions.wajam.no_trace", "false");
Gefunden : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Gefunden : user_pref("extensions.wajam.trace_log", "1347631465811 - onFlagInfoReceived - Server mapping version[...]
Gefunden : user_pref("extensions.wajam.unique_id", "BB67FA639123A3207DF9D7B799F7D5E8");
Gefunden : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gefunden : user_pref("extensions.wajam.version", "1.25");
Gefunden : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&m[...]
Gefunden : user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gefunden : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gefunden : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gefunden : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.mode.debug", "false");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AVG Secure Search");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Gefunden : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gefunden : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gefunden : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.callback", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Gefunden : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Gefunden : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...]
Gefunden : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gefunden : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gefunden : user_pref("sweetim.toolbar.simapp_id", "{65F41F56-FC3E-11E1-BAAE-742F68698F9E}");
Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={65F4[...]

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.2330] : homepage = "hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=15.3.0.11&pid=avg&sg=0&sap=hp",
Gefunden [l.2606] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=15.3.0.11&pid=avg&sg=0&sap=hp" ]

*************************

AdwCleaner[R1].txt - [27472 octets] - [26/06/2013 21:46:04]

########## EOF - C:\AdwCleaner[R1].txt - [27533 octets] ##########




So hier von Junkware:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Barbara on 26.06.2013 at 21:50:04,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0015686.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0015686.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0015686.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0015686.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0015686.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0015686.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{11111111-1111-1111-1111-110111561186}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220122562286}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111561186}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{11111111-1111-1111-1111-110111561186}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220122562286}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Barbara\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Barbara\appdata\local\wajam"
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{00DFA715-D128-44DA-98D6-2033B2C69094}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{019255F0-ED03-4C17-BC92-91332B5B039E}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{088CE8A0-D5EA-42EA-BFCB-D345DCF5A3F6}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{08CAC72B-D09C-433B-AF40-D102761B0B13}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{0C282FB2-2844-47D7-B666-6D5D31F3C1A8}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{0D0D68A9-9CD8-4323-86C5-7EFAD960B119}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{10D90A17-A4C5-42B8-A512-61A0C50BF8C6}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{136D8B18-977F-4919-B2CB-575FD7C63ED8}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{19D1FE88-0112-457A-B8CF-DED062010F80}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{27FABE26-5DB0-4285-8AFE-BC788C7182A5}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{2BA0DF0B-7B3C-4A9D-BAB6-45A6D9E75067}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{410C6C0A-29AF-4C54-9E9B-51DF60D622F9}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{45FBA742-3528-48B5-A82C-92C7B4569CC2}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{47FD2E7A-607C-47CE-BD0F-CEF475F3B822}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{4F031F45-BBBA-4714-B5C1-A41B962CE6B8}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{4FC33A39-7659-44A2-BFC3-383BB3B8F6C6}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{512456E4-175A-42BC-890E-B21FFB6CC87E}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{5483BC24-4CFB-4BFA-A827-58D6FF13D246}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{561665D8-2F3F-45EE-B336-609EEFB93A72}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{5C09593C-66BC-46B0-AEF3-BC61B1812F81}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{665199F2-D059-4A8C-8488-7E794BD676B8}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{6B165FD9-DD01-48B4-A105-647432B677B0}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{6F15E1C5-0646-4D2E-B6F0-164A1B2F6ADA}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{7E227C9A-1DE2-4927-BC42-03F9F61AB655}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{8B374A94-C707-439F-96BD-03DC970D8A86}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{8E470616-88C3-4C4E-8C9E-69C1DA5BEAD6}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{8FEE3B00-D66B-4E7E-8901-EB9528A56642}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{A38B3199-3CB9-4DC4-9E4B-1E4DBC6B0292}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{B0AAFA67-0B2A-4387-A80C-18C3536A99FE}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{CE31F262-6C15-49D8-A286-129357D39E2A}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{CF3DFB81-2639-4E7D-87A7-D00FAD176CF4}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{D77ACFCF-B401-41B5-B631-613791601F61}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{E55783BC-11F8-40E0-A91D-D8F8B4BB8C37}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{E9F128F0-93D1-4D9F-B191-57E6105A2E6C}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{FA582DD8-121F-4413-94BA-2F7D9061FE91}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{FBB86723-6AB9-4FB2-928B-73DB77705070}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{FBC6A9AE-8F47-4F78-9A93-22FB37D65012}
Successfully deleted: [Empty Folder] C:\Users\Barbara\appdata\local\{FEDAABDD-0DB9-4B38-9E90-9709AAB23763}



~~~ FireFox

Successfully deleted: [File] C:\Users\Barbara\AppData\Roaming\mozilla\firefox\profiles\zsyftf4q.default\user.js
Successfully deleted: [File] C:\Users\Barbara\AppData\Roaming\mozilla\firefox\profiles\zsyftf4q.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\Barbara\AppData\Roaming\mozilla\firefox\profiles\zsyftf4q.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\Barbara\AppData\Roaming\mozilla\firefox\profiles\zsyftf4q.default\extensions\crossriderapp15686@crossrider.com
Successfully deleted the following from C:\Users\Barbara\AppData\Roaming\mozilla\firefox\profiles\zsyftf4q.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889
user_pref("extensions.crossrider.bic", "139c518423583331cb57589e90a2cfb6");
user_pref("extensions.crossriderapp15686.15686.InstallationThankYouPage", true);
user_pref("extensions.crossriderapp15686.15686.InstallationTime", 1347388044);
user_pref("extensions.crossriderapp15686.15686.InstallationUserSettings.searchUserConifrmation", false);
user_pref("extensions.crossriderapp15686.15686.InstallationUserSettings.setHomepage", false);
user_pref("extensions.crossriderapp15686.15686.InstallationUserSettings.setNewTab", false);
user_pref("extensions.crossriderapp15686.15686.InstallationUserSettings.setSearch", false);
user_pref("extensions.crossriderapp15686.15686.active", true);
user_pref("extensions.crossriderapp15686.15686.addressbar", "");
user_pref("extensions.crossriderapp15686.15686.backgroundjs", "\n\n\nappAPI.ready(function () {\n  var jewelTimeout = null;\n  var pbServer = 'www.picbadges.com';\n\n  // Brow
user_pref("extensions.crossriderapp15686.15686.backgroundver", 9);
user_pref("extensions.crossriderapp15686.15686.can_run_bg_code", true);
user_pref("extensions.crossriderapp15686.15686.certdomaininstaller", "");
user_pref("extensions.crossriderapp15686.15686.changeprevious", false);
user_pref("extensions.crossriderapp15686.15686.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp15686.15686.cookie.InstallationTime.value", "1347388044");
user_pref("extensions.crossriderapp15686.15686.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp15686.15686.cookie.plugin_installed.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp15686.15686.cookie.plugin_installed.value", "true");
user_pref("extensions.crossriderapp15686.15686.description", "PicBadges");
user_pref("extensions.crossriderapp15686.15686.domain", "");
user_pref("extensions.crossriderapp15686.15686.enablesearch", false);
user_pref("extensions.crossriderapp15686.15686.fbremoteurl", "");
user_pref("extensions.crossriderapp15686.15686.group", 0);
user_pref("extensions.crossriderapp15686.15686.homepage", "");
user_pref("extensions.crossriderapp15686.15686.iframe", false);
user_pref("extensions.crossriderapp15686.15686.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp15686.15686.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%223F35306FE11D41E8AD2E88AD825342B4IE%22%2C%22installer_verifi
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_appVer.value", "34");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_lastVersion.value", "28");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_meta.value", "%7B%22images/icon128.png%22%3A%7B%22id%22%3A14494%2C%22ver%22%3A24%2C%22status%22%3A1%2C%22na
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_nextCheck.expiration", "Wed Jun 19 2013 04:12:45 GMT+0200");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_resource_14495.expiration", "Mon Sep 16 2013 22:12:44 GMT+0200");
user_pref("extensions.crossriderapp15686.15686.internaldb.Resources_resource_14495.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAABmJL
user_pref("extensions.crossriderapp15686.15686.js", "\n\nappAPI.ready(function($) {\n\n        //open invisible iframe to send the trackEvent to GA\n        function sendTrackEvent(msg) {\n
user_pref("extensions.crossriderapp15686.15686.manifesturl", "");
user_pref("extensions.crossriderapp15686.15686.name", "PicBadges");
user_pref("extensions.crossriderapp15686.15686.newtab", "");
user_pref("extensions.crossriderapp15686.15686.opensearch", "");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return ap
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_1.ver", 6);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelect
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_13.ver", 3);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_14.ver", 3);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_16.ver", 7);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_17.ver", 4);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.d
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_21.ver", 4);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=fun
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_22.ver", 4);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferre
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_28.ver", 3);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"unde
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_4.ver", 4);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_47.ver", 3);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);}
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_64.ver", 2);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_72.ver", 3);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAge
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_78.ver", 3);
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===t
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_98.name", "omniCommands");
user_pref("extensions.crossriderapp15686.15686.plugins.plugin_98.ver", 2);
user_pref("extensions.crossriderapp15686.15686.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98");
user_pref("extensions.crossriderapp15686.15686.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,28");
user_pref("extensions.crossriderapp15686.15686.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/15686/plugins/084/ff/plugins.json");
user_pref("extensions.crossriderapp15686.15686.pluginsversion", 8);
user_pref("extensions.crossriderapp15686.15686.publisher", "PicBadges.com");
user_pref("extensions.crossriderapp15686.15686.searchstatus", 0);
user_pref("extensions.crossriderapp15686.15686.setnewtab", false);
user_pref("extensions.crossriderapp15686.15686.settingsurl", "");
user_pref("extensions.crossriderapp15686.15686.thankyou", "hxxp://crossrider.com/thank_you/15686");
user_pref("extensions.crossriderapp15686.15686.updateinterval", 360);
user_pref("extensions.crossriderapp15686.15686.ver", 34);
user_pref("extensions.crossriderapp15686.adsOldValue", -1);
user_pref("extensions.crossriderapp15686.apps", "15686");
user_pref("extensions.crossriderapp15686.bic", "139c518423583331cb57589e90a2cfb6");
user_pref("extensions.crossriderapp15686.cid", 15686);
user_pref("extensions.crossriderapp15686.firstrun", false);
user_pref("extensions.crossriderapp15686.hadappinstalled", true);
user_pref("extensions.crossriderapp15686.installationdate", 1347631465);
user_pref("extensions.crossriderapp15686.lastcheck", 22859773);
user_pref("extensions.crossriderapp15686.lastcheckitem", 22859774);
user_pref("extensions.crossriderapp15686.modetype", "production");
user_pref("extensions.crossriderapp15686.reportInstall", true);
user_pref("extensions.wajam.affiliate_id", "6447");
user_pref("extensions.wajam.firstrun", "false");
user_pref("extensions.wajam.log_send_info", "false");
user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\
user_pref("extensions.wajam.no_trace", "false");
user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
user_pref("extensions.wajam.trace_log", "1347631465811 - onFlagInfoReceived - Server mapping version: 0.21083\n1347631465811 - onFlagInfoReceived - No client-side server mappi
user_pref("extensions.wajam.unique_id", "BB67FA639123A3207DF9D7B799F7D5E8");
user_pref("extensions.wajam.user_current_mapping_version", "0");
user_pref("extensions.wajam.version", "1.25");
user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bb
user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AVG Secure Search");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.1.callback", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/predictadme.js");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
user_pref("sweetim.toolbar.searchguard.enable", "true");
user_pref("sweetim.toolbar.simapp_id", "{65F41F56-FC3E-11E1-BAAE-742F68698F9E}");
user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={65F41F56-FC3E-11E1-BAAE-742F68698F9E}");
Emptied folder: C:\Users\Barbara\AppData\Roaming\mozilla\firefox\profiles\zsyftf4q.default\minidumps [1 files]



~~~ Chrome

Failed to delete: [Folder] C:\Users\Barbara\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.06.2013 at 21:53:34,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und der log


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 02
Ran by Barbara (administrator) on 26-06-2013 21:59:59
Running from C:\Users\Barbara\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUS) C:\Windows\AsScrPro.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\Barbara\Downloads\adwcleaner.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() Q:\140066.deu\Office14\WINWORDC.EXE
() Q:\140066.deu\Office14\OffSpon.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\Barbara\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3  [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] "C:\Users\Barbara\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-24] (Facebook Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] ()
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-05-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKCU SearchScopes: DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default
FF SelectedSearchEngine: AVG Secure Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

Chrome:
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=15.3.0.11&pid=avg&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=15.3.0.11&pid=avg&sg=0&sap=hp"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Barbara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0
CHR Extension: (PicBadges) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kioiabaigfcehjmemdmnnmjegnjjckai\1.23.34_0
CHR Extension: (Skype Click to Call) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: () - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0
CHR Extension: (Gmail) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2007-08-09] (Huawei Tech. Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-26 21:59 - 2013-06-26 21:59 - 01931844 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64 (1).exe
2013-06-26 21:53 - 2013-06-26 21:53 - 00026058 ____A C:\Users\Barbara\Desktop\JRT.txt
2013-06-26 21:50 - 2013-06-26 21:50 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 21:49 - 2013-06-26 21:49 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Barbara\Downloads\JRT.exe
2013-06-26 21:49 - 2013-06-26 21:49 - 00000000 ____D C:\JRT
2013-06-26 21:46 - 2013-06-26 21:46 - 00027587 ____A C:\AdwCleaner[R1].txt
2013-06-26 21:42 - 2013-06-26 21:42 - 00648201 ____A C:\Users\Barbara\Downloads\adwcleaner.exe
2013-06-23 20:51 - 2013-06-23 20:51 - 00019902 ____A C:\ComboFix.txt
2013-06-23 20:40 - 2013-06-23 20:51 - 00000000 ____D C:\Qoobox
2013-06-23 20:40 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-23 20:40 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-23 20:40 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-23 20:39 - 2013-06-23 20:50 - 00000000 ____D C:\Windows\erdnt
2013-06-23 20:33 - 2013-06-23 20:33 - 05082201 ____R (Swearware) C:\Users\Barbara\Downloads\ComboFix.exe
2013-06-23 10:29 - 2013-06-23 10:30 - 00024074 ____A C:\Users\Barbara\Downloads\Addition.txt
2013-06-23 10:27 - 2013-06-23 10:27 - 01931364 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64.exe
2013-06-23 10:27 - 2013-06-23 10:27 - 00000000 ____D C:\FRST
2013-06-17 22:20 - 2013-06-17 22:20 - 00000000 ____D C:\Users\Barbara\Documents\Bauen und Basteln

==================== One Month Modified Files and Folders =======

2013-06-26 21:59 - 2013-06-26 21:59 - 01931844 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64 (1).exe
2013-06-26 21:53 - 2013-06-26 21:53 - 00026058 ____A C:\Users\Barbara\Desktop\JRT.txt
2013-06-26 21:50 - 2013-06-26 21:50 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 21:49 - 2013-06-26 21:49 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Barbara\Downloads\JRT.exe
2013-06-26 21:49 - 2013-06-26 21:49 - 00000000 ____D C:\JRT
2013-06-26 21:46 - 2013-06-26 21:46 - 00027587 ____A C:\AdwCleaner[R1].txt
2013-06-26 21:45 - 2011-08-24 18:50 - 01375915 ____A C:\Windows\WindowsUpdate.log
2013-06-26 21:42 - 2013-06-26 21:42 - 00648201 ____A C:\Users\Barbara\Downloads\adwcleaner.exe
2013-06-26 21:40 - 2011-11-16 12:51 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA.job
2013-06-26 21:38 - 2013-03-15 21:28 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-26 20:54 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 20:54 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 20:51 - 2012-06-05 14:40 - 00000000 ____D C:\Users\Barbara\AppData\Local\AVG Secure Search
2013-06-26 20:51 - 2011-08-25 14:33 - 00000000 ____D C:\ProgramData\MFAData
2013-06-26 20:50 - 2012-08-24 20:45 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA.job
2013-06-26 20:50 - 2012-08-24 20:45 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core.job
2013-06-26 20:49 - 2013-03-15 21:28 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 20:49 - 2011-08-24 19:14 - 00001508 ____A C:\Windows\System32\ServiceFilter.ini
2013-06-26 20:47 - 2012-10-04 07:32 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-26 20:47 - 2012-09-03 19:56 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-26 20:47 - 2012-06-05 14:40 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-26 20:46 - 2012-09-11 20:27 - 00000000 ____D C:\Program Files (x86)\PicBadges
2013-06-26 20:46 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 20:46 - 2009-07-14 06:51 - 00136341 ____A C:\Windows\setupact.log
2013-06-25 21:15 - 2011-04-13 03:39 - 00142368 ____A C:\Windows\PFRO.log
2013-06-23 23:20 - 2012-08-24 20:56 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Skype
2013-06-23 20:51 - 2013-06-23 20:51 - 00019902 ____A C:\ComboFix.txt
2013-06-23 20:51 - 2013-06-23 20:40 - 00000000 ____D C:\Qoobox
2013-06-23 20:51 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-23 20:50 - 2013-06-23 20:39 - 00000000 ____D C:\Windows\erdnt
2013-06-23 20:48 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-23 20:33 - 2013-06-23 20:33 - 05082201 ____R (Swearware) C:\Users\Barbara\Downloads\ComboFix.exe
2013-06-23 10:30 - 2013-06-23 10:29 - 00024074 ____A C:\Users\Barbara\Downloads\Addition.txt
2013-06-23 10:27 - 2013-06-23 10:27 - 01931364 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64.exe
2013-06-23 10:27 - 2013-06-23 10:27 - 00000000 ____D C:\FRST
2013-06-23 08:06 - 2011-11-16 12:51 - 00001076 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core.job
2013-06-19 17:23 - 2011-11-16 12:53 - 00002384 ____A C:\Users\Barbara\Desktop\Google Chrome.lnk
2013-06-17 22:20 - 2013-06-17 22:20 - 00000000 ____D C:\Users\Barbara\Documents\Bauen und Basteln
2013-06-16 22:55 - 2011-08-24 19:18 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\SoftGrid Client
2013-06-16 22:27 - 2011-08-28 21:08 - 00000000 ____D C:\Users\Barbara\Documents\Barbara 1
2013-06-15 15:37 - 2011-02-19 06:24 - 00666256 ____A C:\Windows\System32\perfh007.dat
2013-06-15 15:37 - 2011-02-19 06:24 - 00134178 ____A C:\Windows\System32\perfc007.dat
2013-06-15 15:37 - 2009-07-14 07:13 - 01531014 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-11 22:17 - 2012-10-04 07:32 - 00000943 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-08 22:25 - 2012-12-18 19:54 - 00905216 __ASH C:\Users\Barbara\Downloads\Thumbs.db
2013-05-31 20:46 - 2012-08-24 20:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-31 20:46 - 2012-08-24 20:56 - 00000000 ____D C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 20:36

==================== End Of Log ============================
--- --- ---

schrauber 27.06.2013 08:00

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme? :)

Trakki2013 28.06.2013 21:30
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bb222570b36af546ad2dac20b4b6f93d
# engine=14176
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-28 05:27:10
# local_time=2013-06-28 07:27:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 40126 59531214 0 0
# compatibility_mode=5893 16776574 100 94 58050277 124027080 0 0
# scanned=177729
# found=0
# cleaned=0
# scan_time=39639


Code:
Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.6.602.171 
 Mozilla Firefox (8.0.1)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 02
Ran by Barbara (administrator) on 28-06-2013 22:28:49
Running from C:\Users\Barbara\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() Q:\140066.deu\Office14\WINWORDC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() Q:\140066.deu\Office14\OffSpon.EXE
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Barbara\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Barbara\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3  [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] "C:\Users\Barbara\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-24] (Facebook Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] ()
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-05-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKCU SearchScopes: DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zsyftf4q.default
FF SelectedSearchEngine: AVG Secure Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

Chrome:
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=15.3.0.11&pid=avg&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={66ABD332-1403-498C-88B9-54C32A0E5E94}&mid=c14f2ac2c12d47d19d6ea5662e8d666d-85b7d25ed7f356b04191f8382c9bd889bef57bbd&lang=de&ds=AVG&pr=fr&d=2012-10-04 07:32:25&v=15.3.0.11&pid=avg&sg=0&sap=hp"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Barbara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (PicBadges) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kioiabaigfcehjmemdmnnmjegnjjckai\1.23.34_0
CHR Extension: (Skype Click to Call) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0
CHR Extension: (Gmail) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2007-08-09] (Huawei Tech. Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-28 22:22 - 2013-06-28 22:22 - 00890988 ____A C:\Users\Barbara\Downloads\SecurityCheck.exe
2013-06-27 20:24 - 2013-06-27 20:24 - 02347384 ____A (ESET) C:\Users\Barbara\Downloads\esetsmartinstaller_enu.exe
2013-06-26 21:59 - 2013-06-26 21:59 - 01931844 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64 (1).exe
2013-06-26 21:53 - 2013-06-26 21:53 - 00026058 ____A C:\Users\Barbara\Desktop\JRT.txt
2013-06-26 21:50 - 2013-06-26 21:50 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 21:49 - 2013-06-26 21:49 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Barbara\Downloads\JRT.exe
2013-06-26 21:49 - 2013-06-26 21:49 - 00000000 ____D C:\JRT
2013-06-26 21:46 - 2013-06-26 21:46 - 00027587 ____A C:\AdwCleaner[R1].txt
2013-06-26 21:42 - 2013-06-26 21:42 - 00648201 ____A C:\Users\Barbara\Downloads\adwcleaner.exe
2013-06-23 20:51 - 2013-06-23 20:51 - 00019902 ____A C:\ComboFix.txt
2013-06-23 20:40 - 2013-06-23 20:51 - 00000000 ____D C:\Qoobox
2013-06-23 20:40 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-23 20:40 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-23 20:40 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-23 20:40 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-23 20:39 - 2013-06-23 20:50 - 00000000 ____D C:\Windows\erdnt
2013-06-23 20:33 - 2013-06-23 20:33 - 05082201 ____R (Swearware) C:\Users\Barbara\Downloads\ComboFix.exe
2013-06-23 10:29 - 2013-06-23 10:30 - 00024074 ____A C:\Users\Barbara\Downloads\Addition.txt
2013-06-23 10:27 - 2013-06-23 10:27 - 01931364 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64.exe
2013-06-23 10:27 - 2013-06-23 10:27 - 00000000 ____D C:\FRST
2013-06-17 22:20 - 2013-06-17 22:20 - 00000000 ____D C:\Users\Barbara\Documents\Bauen und Basteln

==================== One Month Modified Files and Folders =======

2013-06-28 22:22 - 2013-06-28 22:22 - 00890988 ____A C:\Users\Barbara\Downloads\SecurityCheck.exe
2013-06-28 22:21 - 2011-08-24 18:50 - 01415067 ____A C:\Windows\WindowsUpdate.log
2013-06-28 21:45 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 21:45 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 21:40 - 2011-11-16 12:51 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA.job
2013-06-28 21:38 - 2013-03-15 21:28 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-28 21:35 - 2011-08-25 14:33 - 00000000 ____D C:\ProgramData\MFAData
2013-06-28 21:30 - 2013-03-15 21:28 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-28 21:30 - 2012-08-24 20:45 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001UA.job
2013-06-28 21:30 - 2012-08-24 20:45 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core.job
2013-06-28 21:30 - 2011-11-16 12:51 - 00001076 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397864116-3237469828-2232435618-1001Core.job
2013-06-28 21:30 - 2011-02-19 06:24 - 00666256 ____A C:\Windows\System32\perfh007.dat
2013-06-28 21:30 - 2011-02-19 06:24 - 00134178 ____A C:\Windows\System32\perfc007.dat
2013-06-28 21:30 - 2009-07-14 07:13 - 01531014 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 07:27 - 2012-08-24 20:56 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Skype
2013-06-27 20:24 - 2013-06-27 20:24 - 02347384 ____A (ESET) C:\Users\Barbara\Downloads\esetsmartinstaller_enu.exe
2013-06-27 20:14 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 20:14 - 2009-07-14 06:51 - 00136397 ____A C:\Windows\setupact.log
2013-06-26 23:04 - 2011-08-24 19:18 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\SoftGrid Client
2013-06-26 21:59 - 2013-06-26 21:59 - 01931844 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64 (1).exe
2013-06-26 21:53 - 2013-06-26 21:53 - 00026058 ____A C:\Users\Barbara\Desktop\JRT.txt
2013-06-26 21:50 - 2013-06-26 21:50 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 21:49 - 2013-06-26 21:49 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Barbara\Downloads\JRT.exe
2013-06-26 21:49 - 2013-06-26 21:49 - 00000000 ____D C:\JRT
2013-06-26 21:46 - 2013-06-26 21:46 - 00027587 ____A C:\AdwCleaner[R1].txt
2013-06-26 21:42 - 2013-06-26 21:42 - 00648201 ____A C:\Users\Barbara\Downloads\adwcleaner.exe
2013-06-26 20:51 - 2012-06-05 14:40 - 00000000 ____D C:\Users\Barbara\AppData\Local\AVG Secure Search
2013-06-26 20:49 - 2011-08-24 19:14 - 00001508 ____A C:\Windows\System32\ServiceFilter.ini
2013-06-26 20:47 - 2012-10-04 07:32 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-26 20:47 - 2012-09-03 19:56 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-26 20:47 - 2012-06-05 14:40 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-26 20:46 - 2012-09-11 20:27 - 00000000 ____D C:\Program Files (x86)\PicBadges
2013-06-25 21:15 - 2011-04-13 03:39 - 00142368 ____A C:\Windows\PFRO.log
2013-06-23 20:51 - 2013-06-23 20:51 - 00019902 ____A C:\ComboFix.txt
2013-06-23 20:51 - 2013-06-23 20:40 - 00000000 ____D C:\Qoobox
2013-06-23 20:51 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-23 20:50 - 2013-06-23 20:39 - 00000000 ____D C:\Windows\erdnt
2013-06-23 20:48 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-23 20:33 - 2013-06-23 20:33 - 05082201 ____R (Swearware) C:\Users\Barbara\Downloads\ComboFix.exe
2013-06-23 10:30 - 2013-06-23 10:29 - 00024074 ____A C:\Users\Barbara\Downloads\Addition.txt
2013-06-23 10:27 - 2013-06-23 10:27 - 01931364 ____A (Farbar) C:\Users\Barbara\Downloads\FRST64.exe
2013-06-23 10:27 - 2013-06-23 10:27 - 00000000 ____D C:\FRST
2013-06-19 17:23 - 2011-11-16 12:53 - 00002384 ____A C:\Users\Barbara\Desktop\Google Chrome.lnk
2013-06-17 22:20 - 2013-06-17 22:20 - 00000000 ____D C:\Users\Barbara\Documents\Bauen und Basteln
2013-06-16 22:27 - 2011-08-28 21:08 - 00000000 ____D C:\Users\Barbara\Documents\Barbara 1
2013-06-11 22:17 - 2012-10-04 07:32 - 00000943 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-08 22:25 - 2012-12-18 19:54 - 00905216 __ASH C:\Users\Barbara\Downloads\Thumbs.db
2013-05-31 20:46 - 2012-08-24 20:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-31 20:46 - 2012-08-24 20:56 - 00000000 ____D C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 20:36

==================== End Of Log ============================
--- --- ---

schrauber 29.06.2013 08:31
Flash Player bitte updaten :)

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Trakki2013 30.06.2013 11:45
Hallo,

habe jetzt soweit alles fertig.
Nur das mit dem flashplayer funktioniert nicht so richtig.
Wenn ich updaten will, dann sagt Chome, daß es die neueste Version verwendet.

Aber kann ich jetzt wieder meine Bankgeschäfte erledigen von diesem Laptop aus?

Herzlichen Dank schon mal für alles.

War für mich etwas kompliziert... ;-) Bin zwar nicht ganz doof, aber mache so was ja nicht täglich.

VG

Barbara

schrauber 30.06.2013 14:12
Ja kannst Du. Ändere die Passwörter, Standard nach so einer Prozedur. Wenn noch nicht geschehen, steig beim Onlinebanking um auf ChipTan oder höher :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131