file is encrypted
 

file is encrypted zeigt mir an bei meinen Dateien word und b Acrobat Reader wie bekomme ich das wieder weg?

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Ran by siggi (administrator) on 08-07-2013 21:23:18
Running from C:\Users\siggi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5M5DZEBD
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Somoto) C:\Users\siggi\AppData\Local\FilesFrog Update Checker\update_checker.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\PROGRA~2\UTILIT~2\bar\1.bin\AppIntegrator64.exe
(MindSpark) C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe
(VER_COMPANY_NAME) C:\PROGRA~2\UTILIT~2\bar\1.bin\49brmon.exe
(COMPANYVERS_NAME) C:\PROGRA~2\UTILIT~2\bar\1.bin\49barsvc.exe
(MindSpark) C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49HighIn.exe
(MindSpark) C:\PROGRA~2\UTILIT~2\bar\1.bin\49medint.exe
() C:\Program Files (x86)\UtilityChest_49\bar\1.bin\CrExtP49.exe
() C:\Program Files (x86)\UtilityChest_49\bar\1.bin\CrExtP49.exe
() C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe
(COMPANYVERS_NAME) C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe
(VER_COMPANY_NAME) C:\PROGRA~2\FROMDO~2\bar\1.bin\65brmon.exe
() C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CrExtP65.exe
() C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CrExtP65.exe
() C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CrExtP65.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Utility Chest Home Page Guard 64 bit] "C:\PROGRA~2\UTILIT~2\bar\1.bin\AppIntegrator64.exe" [548936 2013-07-08] ()
HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe" [548936 2013-07-08] ()
HKCU\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD" [241280 2013-04-11] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX635FWD" [241280 2013-04-11] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKCU\...\Run: [Facebook Update] "C:\Users\siggi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-05-23] (Facebook Inc.)
HKCU\...\Run: [SDP] C:\Users\siggi\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [201808 2013-01-31] (Somoto)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Utility Chest Search Scope Monitor] "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h [44784 2013-07-08] (MindSpark)
HKLM-x32\...\Run: [UtilityChest_49 Browser Plugin Loader] C:\PROGRA~2\UTILIT~2\bar\1.bin\49brmon.exe [30096 2013-07-08] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] "C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h [44784 2013-07-08] (MindSpark)
HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] C:\PROGRA~2\FROMDO~2\bar\1.bin\65brmon.exe [30096 2013-07-08] (VER_COMPANY_NAME)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=77DE8857&p2=^ZO^xdm071^YYA^de&ptb=5C076916-5490-4477-AF0C-503A4C131D01&si=EL_UT_GER_116
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={51684E6B-D80E-11E2-8A8C-001BB9FFFD11}
URLSearchHook: (No Name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - No File
URLSearchHook: (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No File
HKLM-x32 SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010000.10039&barid={51684E6B-D80E-11E2-8A8C-001BB9FFFD11}
SearchScopes: HKLM-x32 - {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm071^YYA^de&si=EL_UT_GER_116&ptb=5C076916-5490-4477-AF0C-503A4C131D01&ind=2013070813&n=77fd05dd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010000.10039&barid={51684E6B-D80E-11E2-8A8C-001BB9FFFD11}
HKCU SearchScopes: DefaultScope {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm071^YYA^de&si=EL_UT_GER_116&ptb=5C076916-5490-4477-AF0C-503A4C131D01&ind=2013070813&n=77fd05dd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm071^YYA^de&si=EL_UT_GER_116&ptb=5C076916-5490-4477-AF0C-503A4C131D01&ind=2013070813&n=77fd05dd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = ICQ.com Suche
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\PROGRA~2\UTILIT~2\bar\1.bin\49bar.dll (MindSpark)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~2\FROMDO~2\bar\1.bin\65bar.dll (MindSpark)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
Toolbar: HKCU - No Name - {CF67755F-9265-449C-87CF-B945519E073B} - No File
Toolbar: HKCU - No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\siggi\AppData\Roaming\Mozilla\Firefox\Profiles\8mgewscs.default
FF SelectedSearchEngine: ICQ Search
FF Homepage: hxxp://start.icq.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_43 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll (MindSpark)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\siggi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\siggi\AppData\Roaming\Mozilla\Firefox\Profiles\8mgewscs.default\searchplugins\icq.xml
FF SearchPlugin: C:\Users\siggi\AppData\Roaming\Mozilla\Firefox\Profiles\8mgewscs.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\siggi\AppData\Roaming\Mozilla\Firefox\Profiles\8mgewscs.default\searchplugins\SweetIM Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\siggi\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: Utility Chest - C:\Users\siggi\AppData\Roaming\Mozilla\Firefox\Profiles\8mgewscs.default\Extensions\49ffxtbr@UtilityChest_49.com
FF Extension: FromDocToPDF - C:\Users\siggi\AppData\Roaming\Mozilla\Firefox\Profiles\8mgewscs.default\Extensions\65ffxtbr@FromDocToPDF_65.com
FF Extension: Yahoo! Toolbar - C:\Users\siggi\AppData\Roaming\Mozilla\Firefox\Profiles\8mgewscs.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\siggi\AppData\Roaming\Mozilla\Firefox\Profiles\8mgewscs.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [49ffxtbr@UtilityChest_49.com] C:\Program Files (x86)\UtilityChest_49\bar\1.bin
FF Extension: Utility Chest - C:\Program Files (x86)\UtilityChest_49\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin

Chrome:
=======
CHR HomePage: hxxp://start.icq.com/
CHR RestoreOnStartup: "hxxp://start.icq.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR Extension: (Docs) - C:\Users\siggi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\siggi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\siggi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\siggi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\siggi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Gmail) - C:\Users\siggi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 FromDocToPDF_65Service; C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-07-08] (COMPANYVERS_NAME)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 UtilityChest_49Service; C:\PROGRA~2\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-07-08] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-07] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 20:53 - 2013-07-08 21:01 - 01463348 ____A (Farbar) C:\Users\siggi\Downloads\FRST64 (1).exe.4vxscm3.partial
2013-07-08 20:01 - 2013-07-08 20:01 - 00000000 ____D C:\Users\siggi\AppData\Local\FromDocToPDF_65
2013-07-08 20:00 - 2013-07-08 20:00 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI
2013-07-08 20:00 - 2013-07-08 20:00 - 00000000 ____D C:\Program Files (x86)\FromDocToPDF_65
2013-07-08 19:59 - 2013-07-08 20:00 - 00301552 ____A C:\Users\siggi\Downloads\FromDocToPDF.exe
2013-07-08 19:39 - 2013-07-08 19:39 - 00040307 ____A C:\Users\siggi\Downloads\FRST.txt
2013-07-08 19:39 - 2013-07-08 19:39 - 00027058 ____A C:\Users\siggi\Downloads\Addition.txt
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\FRST
2013-07-08 19:31 - 2013-07-08 19:32 - 01934636 ____A (Farbar) C:\Users\siggi\Downloads\FRST64.exe
2013-07-08 19:30 - 2013-07-08 19:30 - 00000000 ____D C:\Users\siggi\AppData\Local\UtilityChest_49
2013-07-08 19:30 - 2013-07-08 19:30 - 00000000 ____D C:\Users\siggi\AppData\Local\IAC
2013-07-08 19:28 - 2013-07-08 19:28 - 00000000 ____D C:\Program Files (x86)\UtilityChest_49
2013-07-08 19:27 - 2013-07-08 19:27 - 00000000 ___AD C:\Program Files (x86)\UtilityChest_49EI
2013-07-07 21:04 - 2013-07-07 21:04 - 00000000 ____A C:\autoexec.bat
2013-07-07 21:03 - 2013-07-07 21:04 - 00000000 ____D C:\sh4ldr
2013-07-07 21:03 - 2013-07-07 21:03 - 00002254 ____A C:\Users\siggi\Desktop\SpyHunter.lnk
2013-07-07 21:03 - 2013-07-07 21:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-07 21:02 - 2013-07-07 21:03 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-07 20:11 - 2013-07-07 20:58 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-07-07 20:11 - 2013-07-07 20:58 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-07-07 20:11 - 2013-07-07 20:11 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-07 20:11 - 2013-07-07 20:11 - 00000000 ____D C:\ProgramData\McAfee
2013-07-07 20:09 - 2013-07-07 20:09 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-07 20:09 - 2013-07-07 20:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-07 19:55 - 2013-07-07 21:33 - 00001074 ____A C:\Windows\PFRO.log
2013-07-07 19:50 - 2013-07-08 19:42 - 00000193 ____A C:\Windows\WORDPAD.INI
2013-07-07 19:43 - 2013-07-07 19:43 - 00000000 ____D C:\sfe_24
2013-07-07 19:43 - 2013-07-07 19:43 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-07-07 19:40 - 2013-07-07 19:41 - 02177312 ____A C:\Users\siggi\Downloads\sfe_24_sfx.exe
2013-07-07 19:21 - 2013-07-07 19:21 - 00388608 ____A (Trend Micro Inc.) C:\Users\siggi\Downloads\HiJackThis204.exe
2013-07-07 19:21 - 2013-07-07 19:21 - 00010969 ____A C:\Users\siggi\Downloads\hijackthis.log
2013-07-07 18:26 - 2013-07-07 18:26 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-07 18:15 - 2013-07-07 18:15 - 00000000 ____D C:\ProgramData\ATI
2013-07-07 18:15 - 2013-07-07 18:15 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-07 17:36 - 2013-07-07 17:36 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-07 17:36 - 2013-07-07 17:36 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-07 17:36 - 2013-07-07 17:36 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-20 05:22 - 2013-07-08 16:57 - 00001335 ____A C:\Windows\setupact.log
2013-06-20 05:22 - 2013-06-20 05:22 - 00000000 ____A C:\Windows\setuperr.log
2013-06-19 22:41 - 2013-06-19 22:41 - 00000000 ____A C:\Windows\EEventManager.INI
2013-06-19 20:54 - 2013-06-19 20:54 - 00000000 ____D C:\Windows\Sun
2013-06-19 20:54 - 2013-06-19 20:53 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 20:53 - 2013-06-19 20:53 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 20:53 - 2013-06-19 20:53 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 20:53 - 2013-06-19 20:53 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 20:47 - 2013-06-19 20:47 - 00903592 ____A (Oracle Corporation) C:\Users\siggi\Downloads\JavaSetup7u25.exe
2013-06-19 06:04 - 2013-06-19 06:04 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 14:35 - 2013-06-19 15:52 - 00000000 ____D C:\Users\siggi\AppData\Roaming\vlc
2013-06-18 14:28 - 2013-06-18 14:28 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-18 14:28 - 2013-06-18 14:28 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-18 13:56 - 2013-06-18 13:56 - 00000000 ____D C:\Users\siggi\AppData\Local\FilesFrog Update Checker
2013-06-18 13:55 - 2013-02-02 22:22 - 00163416 ____A () C:\Users\siggi\Desktop\VLCMediaPlayerSetup-19QXx8T.exe
2013-06-15 11:50 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 11:50 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 11:49 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 11:49 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 11:49 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 11:49 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 11:49 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 11:49 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 11:49 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 11:49 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 11:49 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 11:49 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 23:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 20:29 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:26 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:26 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:26 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:26 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:26 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:26 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:25 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:25 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:25 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:25 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:25 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:25 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:25 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:25 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:25 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:25 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:25 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:25 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-08 21:18 - 2013-04-13 04:32 - 00000000 ____D C:\Users\siggi\AppData\Roaming\Skype
2013-07-08 21:11 - 2013-04-10 05:19 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 21:01 - 2013-07-08 20:53 - 01463348 ____A (Farbar) C:\Users\siggi\Downloads\FRST64 (1).exe.4vxscm3.partial
2013-07-08 20:53 - 2013-04-09 20:55 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 20:01 - 2013-07-08 20:01 - 00000000 ____D C:\Users\siggi\AppData\Local\FromDocToPDF_65
2013-07-08 20:00 - 2013-07-08 20:00 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI
2013-07-08 20:00 - 2013-07-08 20:00 - 00000000 ____D C:\Program Files (x86)\FromDocToPDF_65
2013-07-08 20:00 - 2013-07-08 19:59 - 00301552 ____A C:\Users\siggi\Downloads\FromDocToPDF.exe
2013-07-08 19:42 - 2013-07-07 19:50 - 00000193 ____A C:\Windows\WORDPAD.INI
2013-07-08 19:39 - 2013-07-08 19:39 - 00040307 ____A C:\Users\siggi\Downloads\FRST.txt
2013-07-08 19:39 - 2013-07-08 19:39 - 00027058 ____A C:\Users\siggi\Downloads\Addition.txt
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\FRST
2013-07-08 19:32 - 2013-07-08 19:31 - 01934636 ____A (Farbar) C:\Users\siggi\Downloads\FRST64.exe
2013-07-08 19:30 - 2013-07-08 19:30 - 00000000 ____D C:\Users\siggi\AppData\Local\UtilityChest_49
2013-07-08 19:30 - 2013-07-08 19:30 - 00000000 ____D C:\Users\siggi\AppData\Local\IAC
2013-07-08 19:28 - 2013-07-08 19:28 - 00000000 ____D C:\Program Files (x86)\UtilityChest_49
2013-07-08 19:27 - 2013-07-08 19:27 - 00000000 ___AD C:\Program Files (x86)\UtilityChest_49EI
2013-07-08 19:01 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-08 18:52 - 2013-05-23 18:47 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-604082907-1194607683-2039732507-1000UA.job
2013-07-08 18:52 - 2013-05-23 18:47 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-604082907-1194607683-2039732507-1000Core.job
2013-07-08 18:14 - 2013-05-15 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-08 17:32 - 2013-04-17 22:49 - 01562632 ____A C:\Windows\WindowsUpdate.log
2013-07-08 17:05 - 2009-07-14 06:45 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 17:05 - 2009-07-14 06:45 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 16:58 - 2013-04-10 05:19 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 16:57 - 2013-06-20 05:22 - 00001335 ____A C:\Windows\setupact.log
2013-07-08 16:57 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 21:33 - 2013-07-07 19:55 - 00001074 ____A C:\Windows\PFRO.log
2013-07-07 21:04 - 2013-07-07 21:04 - 00000000 ____A C:\autoexec.bat
2013-07-07 21:04 - 2013-07-07 21:03 - 00000000 ____D C:\sh4ldr
2013-07-07 21:03 - 2013-07-07 21:03 - 00002254 ____A C:\Users\siggi\Desktop\SpyHunter.lnk
2013-07-07 21:03 - 2013-07-07 21:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-07 21:03 - 2013-07-07 21:02 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-07 20:58 - 2013-07-07 20:11 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-07-07 20:58 - 2013-07-07 20:11 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-07-07 20:12 - 2013-04-09 20:08 - 00000000 ____D C:\Users\siggi\AppData\Local\Adobe
2013-07-07 20:11 - 2013-07-07 20:11 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-07 20:11 - 2013-07-07 20:11 - 00000000 ____D C:\ProgramData\McAfee
2013-07-07 20:09 - 2013-07-07 20:09 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-07 20:09 - 2013-07-07 20:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-07 20:09 - 2013-04-09 20:00 - 00000000 ____D C:\ProgramData\Adobe
2013-07-07 19:43 - 2013-07-07 19:43 - 00000000 ____D C:\sfe_24
2013-07-07 19:43 - 2013-07-07 19:43 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-07-07 19:41 - 2013-07-07 19:40 - 02177312 ____A C:\Users\siggi\Downloads\sfe_24_sfx.exe
2013-07-07 19:21 - 2013-07-07 19:21 - 00388608 ____A (Trend Micro Inc.) C:\Users\siggi\Downloads\HiJackThis204.exe
2013-07-07 19:21 - 2013-07-07 19:21 - 00010969 ____A C:\Users\siggi\Downloads\hijackthis.log
2013-07-07 18:56 - 2011-04-12 09:43 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-07-07 18:56 - 2011-04-12 09:43 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-07-07 18:56 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 18:26 - 2013-07-07 18:26 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-07 18:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-07-07 18:15 - 2013-07-07 18:15 - 00000000 ____D C:\ProgramData\ATI
2013-07-07 18:15 - 2013-07-07 18:15 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-07 18:15 - 2013-04-09 18:23 - 00000000 ____D C:\ProgramData\AMD
2013-07-07 18:14 - 2013-04-09 18:19 - 00000000 ____D C:\Program Files\ATI Technologies
2013-07-07 18:06 - 2013-04-09 20:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-07 18:06 - 2013-04-09 20:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-07 17:36 - 2013-07-07 17:36 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-07 17:36 - 2013-07-07 17:36 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-07 17:36 - 2013-07-07 17:36 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-07-07 17:36 - 2013-04-17 23:10 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-07-07 17:36 - 2013-04-17 23:10 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-07-07 17:36 - 2013-04-17 23:10 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-07-07 17:29 - 2013-04-09 18:13 - 00000000 __SHD C:\Recovery
2013-07-07 17:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\Recovery
2013-07-07 17:28 - 2013-04-09 18:13 - 00000000 ____D C:\users\siggi
2013-06-21 05:56 - 2013-04-20 20:07 - 00000000 ____D C:\Users\siggi\AppData\Roaming\ICQ
2013-06-20 07:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-20 06:11 - 2013-04-10 05:25 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-20 05:22 - 2013-06-20 05:22 - 00000000 ____A C:\Windows\setuperr.log
2013-06-19 22:41 - 2013-06-19 22:41 - 00000000 ____A C:\Windows\EEventManager.INI
2013-06-19 22:30 - 2013-04-09 18:37 - 00000000 ____D C:\Windows\Panther
2013-06-19 20:54 - 2013-06-19 20:54 - 00000000 ____D C:\Windows\Sun
2013-06-19 20:53 - 2013-06-19 20:54 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 20:53 - 2013-06-19 20:53 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 20:53 - 2013-06-19 20:53 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 20:53 - 2013-06-19 20:53 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 20:53 - 2013-04-10 23:54 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-19 20:53 - 2013-04-10 23:54 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-19 20:47 - 2013-06-19 20:47 - 00903592 ____A (Oracle Corporation) C:\Users\siggi\Downloads\JavaSetup7u25.exe
2013-06-19 15:52 - 2013-06-18 14:35 - 00000000 ____D C:\Users\siggi\AppData\Roaming\vlc
2013-06-19 06:04 - 2013-06-19 06:04 - 00004254 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 06:04 - 2013-04-10 23:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-18 14:28 - 2013-06-18 14:28 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-18 14:28 - 2013-06-18 14:28 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-18 13:58 - 2013-04-10 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-18 13:56 - 2013-06-18 13:56 - 00000000 ____D C:\Users\siggi\AppData\Local\FilesFrog Update Checker
2013-06-17 19:32 - 2013-04-09 18:51 - 00000000 ____D C:\ProgramData\EPSON
2013-06-17 14:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 16:02 - 2013-04-13 04:32 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 16:01 - 2013-04-13 04:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-12 23:01 - 2013-04-11 01:13 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 16:08 - 2013-06-15 11:49 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 11:49 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 11:49 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 11:49 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 11:49 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 11:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 11:49 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 11:49 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 11:49 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 11:49 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 11:49 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 11:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-08 17:36

==================== End Of Log ============================

FRST Additions Logfile:
--- --- ---

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
starte den Rechner einfach neu. Dies sollte das Problem beheben.

omboFix 13-07-09.01 - siggi 09.07.2013 16:45:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.1251 [GMT 2:00]
ausgeführt von:: c:\users\siggi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
N:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-09 bis 2013-07-09 ))))))))))))))))))))))))))))))
.
.
2013-07-09 14:56 . 2013-07-09 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-09 13:47 . 2013-07-08 18:00 712264 ----a-w- c:\program files (x86)\65Uninstall FromDocToPDF.dll
2013-07-09 13:47 . 2013-07-08 18:00 194944 ----a-w- c:\program files (x86)\65res.dll
2013-07-09 13:46 . 2013-07-08 17:28 194952 ----a-w- c:\program files (x86)\49res.dll
2013-07-09 13:46 . 2013-07-08 17:28 712264 ----a-w- c:\program files (x86)\49Uninstall Utility Chest.dll
2013-07-09 13:15 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63CFE505-7CA9-4817-B69C-FC8C20FBC42A}\mpengine.dll
2013-07-09 05:30 . 2013-07-09 05:30 -------- d-----w- c:\users\siggi\AppData\Roaming\PiccShare
2013-07-09 05:30 . 2013-07-09 05:30 -------- d-----w- c:\users\siggi\AppData\Roaming\Common
2013-07-08 18:00 . 2013-07-08 18:00 -------- d---a-w- c:\program files (x86)\FromDocToPDF_65
2013-07-08 17:37 . 2013-07-08 17:37 -------- d-----w- C:\FRST
2013-07-08 17:30 . 2013-07-08 17:30 -------- d-----w- c:\users\siggi\AppData\Local\IAC
2013-07-08 17:28 . 2013-07-08 17:28 -------- d---a-w- c:\program files (x86)\UtilityChest_49
2013-07-08 16:14 . 2013-07-09 05:13 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-07-07 19:03 . 2013-07-07 19:03 -------- d-----w- c:\program files\Enigma Software Group
2013-07-07 19:02 . 2013-07-09 13:45 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-07 19:02 . 2013-07-07 19:02 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-07-07 18:11 . 2013-07-07 18:11 -------- d-----w- c:\programdata\McAfee
2013-07-07 18:09 . 2013-07-07 18:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-07 17:43 . 2013-07-07 17:43 -------- d-----w- C:\sfe_24
2013-07-07 16:26 . 2013-07-07 16:26 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-07-07 16:15 . 2013-07-07 16:15 -------- d-----w- c:\programdata\ATI
2013-07-07 16:15 . 2013-07-07 16:15 -------- d-----w- c:\program files (x86)\AMD AVT
2013-06-20 03:50 . 2013-06-20 03:50 -------- d-----w- c:\users\siggi\AppData\Local\ElevatedDiagnostics
2013-06-19 18:54 . 2013-06-19 18:54 -------- d-----w- c:\windows\Sun
2013-06-19 18:54 . 2013-06-19 18:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-19 18:53 . 2013-06-19 18:53 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-18 12:35 . 2013-06-19 13:52 -------- d-----w- c:\users\siggi\AppData\Roaming\vlc
2013-06-18 12:28 . 2013-06-18 12:28 -------- d-----w- c:\program files (x86)\VideoLAN
2013-06-15 09:50 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-15 09:50 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-15 09:50 . 2013-06-08 11:41 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-15 09:50 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-15 09:49 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-15 09:49 . 2013-06-08 14:06 2648064 ----a-w- c:\windows\system32\iertutil.dll
2013-06-15 09:49 . 2013-06-08 14:06 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-15 09:49 . 2013-06-08 14:06 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-15 09:49 . 2013-06-08 14:07 19233792 ----a-w- c:\windows\system32\mshtml.dll
2013-06-12 18:29 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 18:26 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 18:26 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 18:26 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 18:26 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 18:26 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 18:26 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 18:25 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 18:25 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 18:25 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 18:25 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 18:25 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 18:25 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 18:25 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 18:25 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 18:25 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 18:25 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 18:25 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 18:25 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-07 16:06 . 2013-04-09 18:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-07 16:06 . 2013-04-09 18:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-07 15:36 . 2013-04-17 21:10 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-07 15:36 . 2013-04-17 21:10 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-07 15:36 . 2013-04-17 21:10 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-19 18:53 . 2013-04-10 21:54 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-19 18:53 . 2013-04-10 21:54 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 21:01 . 2013-04-10 23:13 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-16 12:02 . 2011-01-07 13:02 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-16 12:02 . 2011-01-07 13:02 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-10 03:00 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-04-17 21:10 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-04-17 21:10 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-17 21:10 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-04-17 21:10 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-04-17 21:10 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-04-17 21:09 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-04-10 03:19 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 08:32 . 2013-05-02 08:32 2274480 ----a-w- c:\windows\system32\coin94.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 10:09 . 2013-04-28 20:53 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys
2013-04-18 10:09 . 2013-04-28 20:53 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2013-04-13 05:49 . 2013-05-16 06:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 06:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 06:58 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 06:58 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 06:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 06:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 18:38 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 12:49 . 2013-04-11 12:50 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-04-11 12:49 . 2013-04-11 12:50 83968 ----a-w- c:\windows\system32\E_YD4BHVE.DLL
2013-04-11 12:49 . 2013-04-11 12:50 120320 ----a-w- c:\windows\system32\E_YLMHVE.DLL
2013-04-10 22:43 . 2013-04-10 22:43 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-10 22:43 . 2013-04-10 22:43 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-10 22:43 . 2013-04-10 22:43 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-10 22:43 . 2013-04-10 22:43 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-10 22:43 . 2013-04-10 22:43 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-10 22:43 . 2013-04-10 22:43 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-10 22:43 . 2013-04-10 22:43 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-10 22:43 . 2013-04-10 22:43 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-10 22:43 . 2013-04-10 22:43 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-10 22:43 . 2013-04-10 22:43 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-10 22:43 . 2013-04-10 22:43 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-10 22:43 . 2013-04-10 22:43 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-10 22:43 . 2013-04-10 22:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-10 22:43 . 2013-04-10 22:43 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-10 22:43 . 2013-04-10 22:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-10 22:43 . 2013-04-10 22:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-10 22:43 . 2013-04-10 22:43 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-10 22:43 . 2013-04-10 22:43 441856 ----a-w- c:\windows\system32\html.iec
2013-04-10 22:43 . 2013-04-10 22:43 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-10 22:43 . 2013-04-10 22:43 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-10 22:43 . 2013-04-10 22:43 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-10 22:43 . 2013-04-10 22:43 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-10 22:43 . 2013-04-10 22:43 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-10 22:43 . 2013-04-10 22:43 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-10 22:43 . 2013-04-10 22:43 235008 ----a-w- c:\windows\system32\url.dll
2013-04-10 22:43 . 2013-04-10 22:43 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-10 22:43 . 2013-04-10 22:43 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-10 22:43 . 2013-04-10 22:43 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-10 22:43 . 2013-04-10 22:43 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-10 22:43 . 2013-04-10 22:43 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-10 22:43 . 2013-04-10 22:43 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-10 22:43 . 2013-04-10 22:43 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-10 22:43 . 2013-04-10 22:43 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-10 22:43 . 2013-04-10 22:43 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-10 22:43 . 2013-04-10 22:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-10 22:43 . 2013-04-10 22:43 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-10 22:43 . 2013-04-10 22:43 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-10 22:43 . 2013-04-10 22:43 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-10 22:43 . 2013-04-10 22:43 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-10 22:43 . 2013-04-10 22:43 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-10 22:43 . 2013-04-10 22:43 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-10 22:43 . 2013-04-10 22:43 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-10 22:43 . 2013-04-10 22:43 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-10 22:43 . 2013-04-10 22:43 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-10 22:43 . 2013-04-10 22:43 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-10 22:43 . 2013-04-10 22:43 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-10 22:43 . 2013-04-10 22:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-10 22:43 . 2013-04-10 22:43 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-10 22:43 . 2013-04-10 22:43 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-10 22:36 . 2013-04-10 22:36 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-10 22:36 . 2013-04-10 22:36 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-10 22:36 . 2013-04-10 22:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-10 22:36 . 2013-04-10 22:36 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-10 22:36 . 2013-04-10 22:36 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-10 22:36 . 2013-04-10 22:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-10 22:36 . 2013-04-10 22:36 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-10 22:36 . 2013-04-10 22:36 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-10 22:36 . 2013-04-10 22:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-10 22:36 . 2013-04-10 22:36 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE" [2013-04-11 241280]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE" [2013-04-11 241280]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Facebook Update"="c:\users\siggi\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-23 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-4-9 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 04:06 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-09 16:06]
.
2013-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-604082907-1194607683-2039732507-1000Core.job
- c:\users\siggi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-23 16:47]
.
2013-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-604082907-1194607683-2039732507-1000UA.job
- c:\users\siggi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-23 16:47]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 03:19]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 03:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ebay.de/
mStart Page = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={51684E6B-D80E-11E2-8A8C-001BB9FFFD11}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\siggi\AppData\Roaming\Mozilla\Firefox\Profiles\8mgewscs.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-09 17:08:32
ComboFix-quarantined-files.txt 2013-07-09 15:08
.
Vor Suchlauf: 9 Verzeichnis(se), 290.483.650.560 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 290.534.854.656 Bytes frei
.
- - End Of File - - E807266E735F9E201BD8C160B172D132
A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches frst log.

cAdwCleaner Logfile:
--- --- ---
AdwCleaner Logfile:
--- --- ---

und ein frisches FRST Log bitte :)

Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.2 (07.09.2013:1)
OS: Windows 7 Home Premium x64
Ran by siggi on 09.07.2013 at 18:54:01,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\siggi\appdata\local\iac"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.07.2013 at 18:59:53,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST fehlt noch :)

FRST Logfile:

FRST Logfile:
--- --- ---

--- --- ---


FRST Additions Logfile:
--- --- ---

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frischces FRST log bitte. noch Probleme?

FRST Logfile:
--- --- ---

FRST am Schluss, nach den beiden anderen.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=46309eac832ba94e93bb13541c0f18f3
# engine=14331
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-09 06:50:01
# local_time=2013-07-09 08:50:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 184407 150109273 0 0
# compatibility_mode=5893 16776573 100 94 20051 125025651 0 0
# scanned=121028
# found=63
# cleaned=0
# scan_time=4199
sh=36BAEB23E395CF349B8B6C2A286A98CDBFD9A420 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\siggi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5429b08f-2e14f537"
sh=AE2982E95911DEC9884C64B11F164D39B0EFF372 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OVK trojan" ac=I fn="C:\Users\siggi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\125c807f-37efdf78"
sh=A4DD3FEC7DD1E98ED434BE23E5AE2B44AE0C4B9F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Gehaeuse_handbuch.rar"
sh=46072916D4D12B7CA11C0E500DF83C61DB1140DD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.top-hitz.com...Der.letzte.Exorzismus.TS.LD.German.iNTERNAL.READ.NFO.XviD-CinePlexx.rar"
sh=A243829E5E7C75A6E6E58FA5C1431E49C8886B23 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\Ausnahmesituation-DVD-Rip\Ausnahmesituation.rar"
sh=DDDE602A3EE2580E4B4F978053C27BA1A0BC5CC7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\The.Crazies.Fuerchte.deinen.Naechsten.R5.MD.German.XviD-CinePlexx\cpl-thecrazies.rar"
sh=F7749B8B5B25E675297F3D462844889E0B80BD2E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\The.Crazies.Fuerchte.deinen.Naechsten.R5.MD.German.XviD-CinePlexx\Kostenloser_Usenetzugang.rar"
sh=1F51A2DE1D4D78FA0C484F793B9605AE6FBA657E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.bitreactor.to_A.Nightmare.on.Elm.Street.TS.MD.German.XviD-CinePlexx\cpl-nightmare.rar"
sh=56C96C5310DF10847307874B344EF9376A1EED50 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.byte.to...Iron.Man.2.German.2010.AC3.DVDRip.XviD-KiNOWELT\kinowelt-ironman2-xvid.rar"
sh=95DC9EF345DDB8A652A833DEB1005E92330A976E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.byte.to...Iron.Man.2.German.2010.AC3.DVDRip.XviD-KiNOWELT\Subs\kinowelt-ironman2-xvid-subs.rar"
sh=02EB1DB4772211853436275A5481C5C70D1F3403 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.top-hitz.com...Der.letzte.Exorzismus.TS.LD.German.iNTERNAL.READ.NFO.XviD-CinePlexx\cpl-dle.rar"
sh=96050E74BE56C427F7B0B0AA53CA8ECF55BE074C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.top-hitz.com...Der.letzte.Exorzismus.TS.LD.German.iNTERNAL.READ.NFO.XviD-CinePlexx\www.top-hitz.com...Der.letzte.Exorzismus.TS.LD.German.iNTERNAL.READ.NFO.XviD-CinePlexx\cpl-dle.rar"
sh=426AEC0C9745437C7FD12A30A4ED094E757C26E5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part01.rar"
sh=83E6B2FC8DE8268E8167D5F6826E1A07DC15ACAA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part02.rar"
sh=E5CE70A875622D5FFA98381CEA3A8CF586E75E32 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part03.rar"
sh=52A738FC383F1F194C836FCB4F7AFB0C7BD279F7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part04.rar"
sh=601663FACE08E73A26DC168303996646143FC910 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part05.rar"
sh=8CB35C70A1D66A9166A73D52B005D9DA563E5DFC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part06.rar"
sh=45D32191CC340256519610E729E73D865DFFE437 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part07.rar"
sh=61CE1B80FD7C52707C592FE4CA1F69F15C0192AF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part08.rar"
sh=B6984B50CEA0E629915225D3B4A657AA722B22D5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.top-hitz.com...Der.letzte.Exorzismus.TS.LD.German.iNTERNAL.READ.NFO.XviD-CinePlexx.rar"
sh=BB190AF88942CD537C62941CEA5AAFD14541B57E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\Ausnahmesituation-DVD-Rip\Ausnahmesituation.rar"
sh=A1EADAC6CB7ACF8757BF11A8D9CFCF8C88EF6D22 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\The.Crazies.Fuerchte.deinen.Naechsten.R5.MD.German.XviD-CinePlexx\cpl-thecrazies.rar"
sh=ABF695004400E1B3DFB4BC8A1380358DB5EAA0FE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\The.Crazies.Fuerchte.deinen.Naechsten.R5.MD.German.XviD-CinePlexx\Kostenloser_Usenetzugang.rar"
sh=C4AA08A140C9832FC2CE90112DD247C07148B3B8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.bitreactor.to_A.Nightmare.on.Elm.Street.TS.MD.German.XviD-CinePlexx\cpl-nightmare.rar"
sh=235575162CBB4F163F01A65E867B45AF9B1E7470 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.byte.to...Iron.Man.2.German.2010.AC3.DVDRip.XviD-KiNOWELT\kinowelt-ironman2-xvid.rar"
sh=B57B4C3F801B9E9EB4D83BF82F641C1D75AF8B2B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.byte.to...Iron.Man.2.German.2010.AC3.DVDRip.XviD-KiNOWELT\Subs\kinowelt-ironman2-xvid-subs.rar"
sh=EB00D49E6B43D993DEA54DA2D3A71AC8FAB63981 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.top-hitz.com...Der.letzte.Exorzismus.TS.LD.German.iNTERNAL.READ.NFO.XviD-CinePlexx\cpl-dle.rar"
sh=0B8D4582D021393455707F15B4FEBE6FD4633944 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.top-hitz.com...Der.letzte.Exorzismus.TS.LD.German.iNTERNAL.READ.NFO.XviD-CinePlexx\www.top-hitz.com...Der.letzte.Exorzismus.TS.LD.German.iNTERNAL.READ.NFO.XviD-CinePlexx\cpl-dle.rar"
sh=B7775D9D5259AEA4128F84D7F91C1043DC858CAB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part01.rar"
sh=C8BC7862A6C4B7EA0BD138486318EBCEDEF5F7C4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part02.rar"
sh=3B4E37AD5A97606D98ACF767AE051C60C2369F16 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part03.rar"
sh=99C7798B808DFC9FF8065B87911BE2C20BEEDB08 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part04.rar"
sh=819CAD99B048C693E1782C0D0ACF7B55FACA152D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part05.rar"
sh=A6964833AA4D534A0758305EF681F200C01A496F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part06.rar"
sh=2512360F80A33E88CDD3AE5EFDDACC38746FF46D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part07.rar"
sh=62A94255E83D18949D6DD4F459C2D9EBF0FE8F72 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Documents\Documents (5)\Documents\Vuze Downloads\www.torrent.to...Prince.of.Persia.Der.Sand.der.Zeit.German.AC3.DVDRip.XviD-LOGiCAL\logic-prince.part08.rar"
sh=CFF277E5DF02B8EE407039713C46290DBEC196A2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\Downloads\ccsetup328.zip"
sh=3F049EBFBD2758B2B5AF4394DFCAB0CE4A56212A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-13 153206\Backup files 1.zip"
sh=F99401005A33F9112CD4857E4335643B20F04C82 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-13 153206\Backup files 2.zip"
sh=1DFFB297A39B6018551D056FF183B44E9A956993 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-13 153206\Backup files 3.zip"
sh=46B2A2CB8458DC85B1AA55726ACC4ED07F2A1607 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-13 153206\Backup files 4.zip"
sh=B9531816FD0DFF2EFD1CFD5F64F9059C22A256EB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-17 190007\Backup files 1.zip"
sh=0700E7F71E7E257367743D4B9E0EA462E662C119 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-17 190007\Backup files 6.zip"
sh=1742272B47CED7B9BB4297E0905372D73B76B8CC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-24 190010\Backup files 1.zip"
sh=9A308A1BCC17EC041B5DA2E223F40C00C7021230 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-24 190010\Backup files 2.zip"
sh=5A9BA23D829139067600C3880D5591B1C4C29684 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-24 190010\Backup files 3.zip"
sh=6FA14D9A91E27C050EF8A6D2DC54C77777B3FFBA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-31 190007\Backup files 1.zip"
sh=F154577EDF2105EC62BEC302DE85F9404D709022 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-10-31 190007\Backup files 2.zip"
sh=CC8879FAD5561BAADE030FEF249E6C200AB9B812 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-11-08 063216\Backup files 1.zip"
sh=09D228711B77852E91F29812E01AE65C8F638B4A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-11-08 063216\Backup files 2.zip"
sh=6842CFFAEB7BEDE3B5E8687DB69BE90BA1D9CD58 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-10-13 153206\Backup Files 2010-11-21 190004\Backup files 2.zip"
sh=DDE08B25DEC2B8DD6393EF5EB62455321D0F26EE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-05 190000\Backup Files 2010-12-05 190000\Backup files 1.zip"
sh=7F184414B2AFB43A8D649AED169A0C9BEB9C79FF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-05 190000\Backup Files 2010-12-05 190000\Backup files 2.zip"
sh=518BBBCFF5777ECF7F77FF8A5837848D6E5CD123 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-05 190000\Backup Files 2010-12-05 190000\Backup files 3.zip"
sh=3DD569A950CC74625498291EF9A840F1BF6EA719 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-05 190000\Backup Files 2010-12-05 190000\Backup files 4.zip"
sh=408FF617C6CC4FD9CC7CD82B47FE4D63E38CDB01 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-05 190000\Backup Files 2010-12-05 190000\Backup files 5.zip"
sh=C1B0F9EEFE92768ECA4ACE7F698950B1F6D418E8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-05 190000\Backup Files 2010-12-05 190000\Backup files 6.zip"
sh=1DEFAE9072694A17A99D78FE350C8F6AFFFE878D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-12 190007\Backup Files 2010-12-12 190007\Backup files 1.zip"
sh=8285B5A9E1789F45F2076926CEB8B3761ACD7010 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-12 190007\Backup Files 2010-12-12 190007\Backup files 2.zip"
sh=FD9A6EB3028AA986BC50E69E6DDE2DED64AF389D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-12 190007\Backup Files 2010-12-12 190007\Backup files 3.zip"
sh=5215470BFF8BBE3D6892348DAC27E8E197648AA2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-12 190007\Backup Files 2010-12-12 190007\Backup files 4.zip"
sh=3071990AA3CDCF29A96C4D973416789CF59F28CB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="D:\SIGGI-PC\Backup Set 2010-12-12 190007\Backup Files 2010-12-12 190007\Backup files 5.zip"

Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox 17.0.1 Firefox out of Date!
Mozilla Thunderbird (17.0.7)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


FRST Logfile:

FRST Logfile:

FRST Logfile:
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
--- --- ---