Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7; Brief Telekom: Sicherheitswarnung Internetzugang; 3 Trojaner ; mehrer Emails "Mail Delivery System" auch nach Passwordänderung (https://www.trojaner-board.de/140887-windows-7-brief-telekom-sicherheitswarnung-internetzugang-3-trojaner-mehrer-emails-mail-delivery-system-passwordaenderung.html)

TanjaF 02.09.2013 15:28
Windows 7; Brief Telekom: Sicherheitswarnung Internetzugang; 3 Trojaner ; mehrer Emails "Mail Delivery System" auch nach Passwordänderung
 
Hallo,
ich bin neu hier und auch nicht wirklich sehr geschickt was Computer abgeht. Ich hoffe aber auf eure Hilfe. Ich versuch alles so gut wie möglich zu beschreiben und hoffe auf euer Verständnis und euere Hilfe.

Vor ein paar Wochen hatte ich etliche Emails mit dem Betreff Mail Delivery System.
Bei der ersten dachte ich mir nichts und hab sie übers iPhone geöffnet, da ich dann aber feststellte das ich ja keine email verschickt habe, habe ich diese gelöscht und alle weiteren auch.

Ende August bekam ich dann (keine Ahnung ob es im Zusammenhang mit dem Emails steht) einen Brief von der Telekom in dem mir mitgeteilt wird das über meinen Internetzugang unerwünschte Zugriffe auf andere Computer erfolgt ist.

Ich hab mir dann gleich AVG 2013 (die Testvision) herunter geladen und eine schädliche Datei wurde nach dem scan gelöscht.

Gestern hatten wir den PC (Acer Aspire One) dann mal wieder im gebrauch, nach dem hochfahren hatte ich dann kurz darauf eine Meldung von AVG das auf meinen Notebook 3 Trojaner (Trojaner Generic34) sind, diese konnte ich dann aber nicht löschen, da mir der Zugriff verweigert wird. Nach dem ich einwenig gegoggelt habe, habe ich mir Malwarebytes Anti-Malware heruntergeladen und noch einen onlinescanner. Danach zeigte mir AVg keine Gefährdung mehr an.

Heute musste ich auf meine emails über den PC zugreifen da ich eine Datei ausdrucken musste. Auf jedenfall bekam ich heute wieder 5 solcher emails. hab dann nochmal Malwarebytes Anti-Malware übern pc laufen lassen und hatte 0 infizierte Dateien. also habe ich gegoogelt und gelesen das ich mein Emailpassword ändern muss. das tat ich dann auch gleich, nur leider bekam ich jetzt wieder so eine email....

Kann mir bitte jemand helfen?

Danke und liebe Grüße

Tanja

aharonov 02.09.2013 15:36
Hallo Tanja,

kannst du bitte die Logfiles der Scans posten, die etwas gefunden haben? Siehe hier: http://www.trojaner-board.de/125889-...en-posten.html

Und ich brauch noch zusätzliche Informationen:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier.

TanjaF 02.09.2013 15:39
Hallo und schon mal vielen Dank für deine schnelle Antwort.

Kannst du mir noch sagen wie ich es posten kann?

aharonov 02.09.2013 15:41
Logfiles so posten: http://www.trojaner-board.de/137229-...code-tags.html

TanjaF 02.09.2013 15:48
Code:
Malwarebytes Anti-Malware
War das jetzt richtig?

Sorry, das ich mich so doof stelle...

aharonov 02.09.2013 15:52
Das mit den Code-Tags stimmt, aber der Inhalt noch nicht.. :)
Innerhalb der Code-Tags solltest du den Inhalt des Logfiles einfügen.

TanjaF 02.09.2013 16:03
Oweh... Ich bin da echt kein experte...

Ich ersuch es noch einmal....

Sorry

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.01.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Fetzla :: FETZLA-PC [Administrator]

Schutz: Aktiviert

01.09.2013 19:07:26
mbam-log-2013-09-01 (19-07-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217877
Laufzeit: 19 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files\WebConnect\updateWebConnect.exe (PUP.Optional.WebConnect.A) -> 2420 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\Program Files\WebConnect\WebConnect.Common.dll (PUP.Optional.WebConnect.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 18
HKLM\SYSTEM\CurrentControlSet\Services\Update WebConnect (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\WEBCONNECT (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=CEBE06659D236391&affID=119357&tt=280813_ctrl2&tsp=4992 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\WebConnect|iid (PUP.Optional.WebConnect.A) -> Daten: def_WebConnect -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\PROGRA~2\BROWSE~1\261562~1.220\{C16C1~1\BrowserDefender.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=CEBE06659D236391&affID=119357&tt=280813_ctrl2&tsp=4992) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 22
C:\Users\Fetzla\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\Delta (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebConnect (PUP.Optional.WebConnect.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Delta\delta\1.8.24.6\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Local\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Local\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 49
C:\Program Files\WebConnect\updateWebConnect.exe (PUP.Optional.WebConnect.A) -> Löschen bei Neustart.
C:\Program Files\WebConnect\WebConnect.Common.dll (PUP.Optional.WebConnect.A) -> Löschen bei Neustart.
C:\Users\Fetzla\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe (PUP.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\Downloads\avast! Free Antivirus.exe (PUP.Optional.Solimba.mr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\dclogs\2013-08-03-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\dclogs\2013-08-05-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\dclogs\2013-08-13-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\dclogs\2013-08-19-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\dclogs\2013-08-23-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebConnect\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebConnect\sqlite3.exe (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebConnect\updateWebConnect.InstallState (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebConnect\WebConnect.ico (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebConnect\WebConnectBHO.dll (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebConnect\WebConnectUninstall.exe (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fetzla\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Delta\delta\1.8.24.6\GUninstaller.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Delta\delta\1.8.24.6\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Des war der erst gestern abend
ich arbeite gerade die liste ab...

aharonov 02.09.2013 16:04
Genau so. :daumenhoc
Bitte auch noch die anderen Logs mit Funden posten (falls noch welche vorhanden sind) und danach die in meiner ersten Antwort verlinkte Anleitung abarbeiten und die Logs ebenfalls hier einfügen.

TanjaF 02.09.2013 16:07
Ich weiss nicht ob das jetzt richtig war....


Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:56 on 02/09/2013 (Fetzla)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-]

aharonov 02.09.2013 16:08
Passt. Weiter. :)

TanjaF 02.09.2013 18:22
Den hab ich dann noch:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.01.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Fetzla :: FETZLA-PC [Administrator]

Schutz: Aktiviert

02.09.2013 00:30:56
mbam-log-2013-09-02 (00-30-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217423
Laufzeit: 17 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
[CODE
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Fetzla (administrator) on FETZLA-PC on 02-09-2013 17:06:38
Running from C:\Users\Fetzla\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Insyde Software Corp.) C:\Program Files\Acer\Android Manager\iSync.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Insyde Software Corp.) C:\Program Files\Acer\Updater\iUpdate.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-08-03] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1692968 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\BtvStack.exe [470176 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\AthBtTray.exe [289952 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [iSyncData] - C:\Program Files\Acer\Android Manager\iSync.exe [407416 2010-01-08] (Insyde Software Corp.)
HKLM\...\Run: [AndroidManager] - C:\Program Files\Acer\Android Manager\AML.exe [508280 2010-01-08] ()
HKLM\...\Run: [iPatchData] - C:\Program Files\Acer\Updater\iUpdate.exe [489848 2010-11-30] (Insyde Software Corp.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup:                "urls_to_restore_on_startup": [

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532280 2012-08-23] (AVG)
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)

==================== Drivers (Whitelisted) ====================

S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-05-20] (Atheros)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [47144 2010-05-20] (Windows (R) Win 7 DDK provider)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [256360 2010-05-20] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [28200 2010-05-20] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [177704 2010-05-20] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [46952 2010-05-20] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143080 2010-05-20] (Atheros)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [230760 2010-05-25] (Atheros)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-17] (ENE Technology Inc.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-03] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-03] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-03] (Egis Technology Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-07-04] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Fetzla\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 17:06 - 2013-09-02 17:06 - 00000000 ____D C:\FRST
2013-09-02 17:05 - 2013-09-02 17:06 - 01085803 _____ (Farbar) C:\Users\Fetzla\Desktop\FRST.exe
2013-09-02 16:54 - 2013-09-02 16:56 - 00000474 _____ C:\Users\Fetzla\Desktop\defogger_disable.log
2013-09-02 16:54 - 2013-09-02 16:54 - 00000000 _____ C:\Users\Fetzla\defogger_reenable
2013-09-02 16:53 - 2013-09-02 16:53 - 00050477 _____ C:\Users\Fetzla\Desktop\Defogger.exe
2013-09-02 01:44 - 2013-09-02 01:42 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-02 01:44 - 2013-09-02 01:42 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-02 01:43 - 2013-09-02 01:42 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-02 01:43 - 2013-09-02 01:42 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-02 01:43 - 2013-09-02 01:42 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\WinPatrol
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-02 01:32 - 2013-09-02 17:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 01:32 - 2013-09-02 01:33 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-02 01:32 - 2013-09-02 01:32 - 00922152 _____ (BillP Studios) C:\Users\Fetzla\Downloads\wpsetup.exe
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Secunia PSI
2013-09-02 01:16 - 2013-09-02 01:17 - 03272136 _____ (Secunia) C:\Users\Fetzla\Desktop\PSISetup711.exe
2013-09-02 01:16 - 2013-09-02 01:16 - 00000000 ____D C:\Program Files\Secunia
2013-09-02 01:04 - 2013-09-02 01:05 - 00001151 _____ C:\DelFix.txt
2013-09-01 20:00 - 2013-09-02 01:04 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 19:42 - 2013-09-01 19:50 - 00000000 ____D C:\AdwCleaner
2013-09-01 19:01 - 2013-09-01 19:01 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-01 19:01 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-01 18:42 - 2013-09-02 01:47 - 00022260 _____ C:\Windows\PFRO.log
2013-09-01 17:50 - 2013-09-02 00:59 - 00000000 ____D C:\Windows\erdnt
2013-09-01 17:16 - 2013-09-02 12:15 - 00000448 _____ C:\Windows\setupact.log
2013-09-01 12:17 - 2013-09-01 12:17 - 00002171 _____ C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
2013-09-01 12:17 - 2013-09-01 12:17 - 00002129 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-09-01 12:17 - 2012-08-23 11:31 - 00032120 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2013-09-01 12:17 - 2012-08-23 11:31 - 00021880 _____ (AVG) C:\Windows\system32\authuitu.dll
2013-09-01 12:16 - 2013-09-01 12:16 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG
2013-09-01 12:14 - 2013-09-01 12:18 - 00000000 ____D C:\ProgramData\AVG
2013-09-01 12:14 - 2013-09-01 12:14 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-09-01 12:13 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-01 12:07 - 2013-09-01 12:13 - 58674136 _____ (AVG) C:\Users\Fetzla\Desktop\avg_tuh_stf_all_2013_2_24c43.exe
2013-09-01 12:07 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 22:17 - 2013-08-24 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 21:29 - 2013-08-23 21:29 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG2013
2013-08-23 21:27 - 2013-08-23 21:28 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-23 21:27 - 2013-08-23 21:27 - 00000955 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\TuneUp Software
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\$AVG
2013-08-23 21:25 - 2013-09-01 12:15 - 00000000 ____D C:\Program Files\AVG
2013-08-23 21:18 - 2013-09-02 13:56 - 00000000 ____D C:\ProgramData\MFAData
2013-08-23 21:18 - 2013-08-23 21:43 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Avg2013
2013-08-23 21:18 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Fetzla\AppData\Local\MFAData
2013-08-23 21:00 - 2013-08-23 21:00 - 00168800 _____ C:\Users\Fetzla\Documents\cc_20130823_210027.reg
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ____D C:\Users\Fetzla\AppData\Local\avgchrome
2013-08-23 20:46 - 2013-08-23 20:46 - 00000057 _____ C:\Users\Fetzla\AppData\Roaming\WB.CFG
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-23 18:56 - 2013-08-23 18:56 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 18:56 - 2013-08-23 18:56 - 00000000 ____D C:\Program Files\CCleaner
2013-08-23 18:22 - 2013-08-23 18:27 - 00000000 ____D C:\490658c479c0de7c0d39
2013-08-23 17:52 - 2013-08-23 18:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 17:09 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-05 19:39 - 2013-09-01 12:35 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\tor
2013-08-03 21:26 - 2013-09-01 18:37 - 00000000 ____D C:\ProgramData\CEC5BA903ECC35130000CEC4EBD13AFB
2013-08-03 21:13 - 2013-09-01 17:16 - 03233806 _____ C:\Users\Fetzla\AppData\Roaming\tor.bin
2013-08-03 21:13 - 2013-09-01 17:16 - 00000141 _____ C:\Users\Fetzla\AppData\Roaming\torrc

==================== One Month Modified Files and Folders =======

2013-09-02 17:07 - 2013-09-02 17:07 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-02 17:07 - 2013-09-02 01:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 17:06 - 2013-09-02 17:06 - 00000000 ____D C:\FRST
2013-09-02 17:06 - 2013-09-02 17:05 - 01085803 _____ (Farbar) C:\Users\Fetzla\Desktop\FRST.exe
2013-09-02 17:01 - 2011-03-22 13:46 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-09-02 16:56 - 2013-09-02 16:54 - 00000474 _____ C:\Users\Fetzla\Desktop\defogger_disable.log
2013-09-02 16:56 - 2010-12-04 15:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 16:54 - 2013-09-02 16:54 - 00000000 _____ C:\Users\Fetzla\defogger_reenable
2013-09-02 16:54 - 2010-12-04 14:32 - 00000000 ____D C:\Users\Fetzla
2013-09-02 16:53 - 2013-09-02 16:53 - 00050477 _____ C:\Users\Fetzla\Desktop\Defogger.exe
2013-09-02 16:36 - 2010-09-23 12:04 - 00000043 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-09-02 16:31 - 2010-09-23 11:20 - 01798813 _____ C:\Windows\WindowsUpdate.log
2013-09-02 13:56 - 2013-08-23 21:18 - 00000000 ____D C:\ProgramData\MFAData
2013-09-02 12:56 - 2010-12-04 15:05 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 12:27 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 12:27 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 12:19 - 2011-05-02 09:16 - 00000000 ____D C:\Users\Fetzla\AppData\Local\CrashDumps
2013-09-02 12:17 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 12:15 - 2013-09-01 17:16 - 00000448 _____ C:\Windows\setupact.log
2013-09-02 01:47 - 2013-09-01 18:42 - 00022260 _____ C:\Windows\PFRO.log
2013-09-02 01:42 - 2013-09-02 01:44 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-02 01:42 - 2013-09-02 01:44 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-02 01:42 - 2013-09-02 01:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-02 01:42 - 2013-09-02 01:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-02 01:42 - 2013-09-02 01:43 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-02 01:42 - 2011-05-05 21:11 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-02 01:42 - 2011-05-05 21:10 - 00000000 ____D C:\Program Files\Java
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\WinPatrol
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-02 01:33 - 2013-09-02 01:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-02 01:33 - 2011-07-04 09:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-02 01:32 - 2013-09-02 01:32 - 00922152 _____ (BillP Studios) C:\Users\Fetzla\Downloads\wpsetup.exe
2013-09-02 01:30 - 2011-10-19 21:35 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Secunia PSI
2013-09-02 01:17 - 2013-09-02 01:16 - 03272136 _____ (Secunia) C:\Users\Fetzla\Desktop\PSISetup711.exe
2013-09-02 01:16 - 2013-09-02 01:16 - 00000000 ____D C:\Program Files\Secunia
2013-09-02 01:05 - 2013-09-02 01:04 - 00001151 _____ C:\DelFix.txt
2013-09-02 01:04 - 2013-09-01 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 00:59 - 2013-09-01 17:50 - 00000000 ____D C:\Windows\erdnt
2013-09-01 19:50 - 2013-09-01 19:42 - 00000000 ____D C:\AdwCleaner
2013-09-01 19:50 - 2010-12-15 23:12 - 00000000 ____D C:\ProgramData\ICQ
2013-09-01 19:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-09-01 19:01 - 2013-09-01 19:01 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-01 18:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-01 18:53 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-01 18:43 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-01 18:40 - 2009-07-14 04:03 - 45088768 _____ C:\Windows\system32\config\software.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 17301504 _____ C:\Windows\system32\config\system.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 01048576 _____ C:\Windows\system32\config\default.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-09-01 18:37 - 2013-08-03 21:26 - 00000000 ____D C:\ProgramData\CEC5BA903ECC35130000CEC4EBD13AFB
2013-09-01 17:57 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 17:38 - 2011-06-28 22:11 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Windows Live
2013-09-01 17:16 - 2013-08-03 21:13 - 03233806 _____ C:\Users\Fetzla\AppData\Roaming\tor.bin
2013-09-01 17:16 - 2013-08-03 21:13 - 00000141 _____ C:\Users\Fetzla\AppData\Roaming\torrc
2013-09-01 12:35 - 2013-08-05 19:39 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\tor
2013-09-01 12:28 - 2011-06-17 18:02 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-01 12:18 - 2013-09-01 12:14 - 00000000 ____D C:\ProgramData\AVG
2013-09-01 12:17 - 2013-09-01 12:17 - 00002171 _____ C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
2013-09-01 12:17 - 2013-09-01 12:17 - 00002129 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-09-01 12:16 - 2013-09-01 12:16 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG
2013-09-01 12:15 - 2013-08-23 21:25 - 00000000 ____D C:\Program Files\AVG
2013-09-01 12:14 - 2013-09-01 12:14 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-09-01 12:13 - 2013-09-01 12:07 - 58674136 _____ (AVG) C:\Users\Fetzla\Desktop\avg_tuh_stf_all_2013_2_24c43.exe
2013-08-24 22:17 - 2013-08-24 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-08-24 22:17 - 2010-08-31 17:35 - 00000000 ____D C:\Program Files\Google
2013-08-23 21:43 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Avg2013
2013-08-23 21:36 - 2010-08-31 17:21 - 00000000 ____D C:\Program Files\Acer GameZone
2013-08-23 21:34 - 2012-05-30 13:19 - 00000000 ____D C:\Users\Fetzla\Desktop\Neuer Ordner
2013-08-23 21:31 - 2013-08-02 20:45 - 00000000 __SHD C:\Users\Fetzla\Documents\MSDCSC
2013-08-23 21:30 - 2010-08-31 17:33 - 00000000 ____D C:\Program Files\Acer
2013-08-23 21:29 - 2013-08-23 21:29 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG2013
2013-08-23 21:28 - 2013-08-23 21:27 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-23 21:27 - 2013-08-23 21:27 - 00000955 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\TuneUp Software
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\$AVG
2013-08-23 21:25 - 2010-12-04 14:35 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Google
2013-08-23 21:25 - 2010-08-31 17:35 - 00000000 ____D C:\ProgramData\Google
2013-08-23 21:18 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Fetzla\AppData\Local\MFAData
2013-08-23 21:06 - 2010-09-23 11:58 - 00000000 ____D C:\Program Files\Windows Live
2013-08-23 21:02 - 2011-10-20 08:23 - 00000000 ____D C:\ProgramData\Norton
2013-08-23 21:00 - 2013-08-23 21:00 - 00168800 _____ C:\Users\Fetzla\Documents\cc_20130823_210027.reg
2013-08-23 20:58 - 2011-06-17 17:55 - 00000000 ____D C:\ProgramData\Skype
2013-08-23 20:57 - 2011-06-17 17:56 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\Skype
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ____D C:\Users\Fetzla\AppData\Local\avgchrome
2013-08-23 20:46 - 2013-08-23 20:46 - 00000057 _____ C:\Users\Fetzla\AppData\Roaming\WB.CFG
2013-08-23 19:28 - 2010-08-31 17:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-23 19:09 - 2011-03-08 13:00 - 00000000 ____D C:\Windows\Minidump
2013-08-23 19:09 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-23 18:56 - 2013-08-23 18:56 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 18:56 - 2013-08-23 18:56 - 00000000 ____D C:\Program Files\CCleaner
2013-08-23 18:27 - 2013-08-23 18:22 - 00000000 ____D C:\490658c479c0de7c0d39
2013-08-23 18:07 - 2013-08-23 17:52 - 00000000 ____D C:\Windows\system32\MRT
2013-08-23 17:52 - 2010-12-05 14:16 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-11-03 22:03

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---
][/CODE]


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Fetzla (administrator) on FETZLA-PC on 02-09-2013 17:06:38
Running from C:\Users\Fetzla\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Insyde Software Corp.) C:\Program Files\Acer\Android Manager\iSync.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Insyde Software Corp.) C:\Program Files\Acer\Updater\iUpdate.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-08-03] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1692968 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\BtvStack.exe [470176 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\AthBtTray.exe [289952 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [iSyncData] - C:\Program Files\Acer\Android Manager\iSync.exe [407416 2010-01-08] (Insyde Software Corp.)
HKLM\...\Run: [AndroidManager] - C:\Program Files\Acer\Android Manager\AML.exe [508280 2010-01-08] ()
HKLM\...\Run: [iPatchData] - C:\Program Files\Acer\Updater\iUpdate.exe [489848 2010-11-30] (Insyde Software Corp.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup:                "urls_to_restore_on_startup": [

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532280 2012-08-23] (AVG)
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)

==================== Drivers (Whitelisted) ====================

S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-05-20] (Atheros)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [47144 2010-05-20] (Windows (R) Win 7 DDK provider)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [256360 2010-05-20] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [28200 2010-05-20] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [177704 2010-05-20] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [46952 2010-05-20] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143080 2010-05-20] (Atheros)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [230760 2010-05-25] (Atheros)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-17] (ENE Technology Inc.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-03] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-03] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-03] (Egis Technology Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-07-04] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Fetzla\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 17:06 - 2013-09-02 17:06 - 00000000 ____D C:\FRST
2013-09-02 17:05 - 2013-09-02 17:06 - 01085803 _____ (Farbar) C:\Users\Fetzla\Desktop\FRST.exe
2013-09-02 16:54 - 2013-09-02 16:56 - 00000474 _____ C:\Users\Fetzla\Desktop\defogger_disable.log
2013-09-02 16:54 - 2013-09-02 16:54 - 00000000 _____ C:\Users\Fetzla\defogger_reenable
2013-09-02 16:53 - 2013-09-02 16:53 - 00050477 _____ C:\Users\Fetzla\Desktop\Defogger.exe
2013-09-02 01:44 - 2013-09-02 01:42 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-02 01:44 - 2013-09-02 01:42 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-02 01:43 - 2013-09-02 01:42 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-02 01:43 - 2013-09-02 01:42 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-02 01:43 - 2013-09-02 01:42 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\WinPatrol
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-02 01:32 - 2013-09-02 17:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 01:32 - 2013-09-02 01:33 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-02 01:32 - 2013-09-02 01:32 - 00922152 _____ (BillP Studios) C:\Users\Fetzla\Downloads\wpsetup.exe
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Secunia PSI
2013-09-02 01:16 - 2013-09-02 01:17 - 03272136 _____ (Secunia) C:\Users\Fetzla\Desktop\PSISetup711.exe
2013-09-02 01:16 - 2013-09-02 01:16 - 00000000 ____D C:\Program Files\Secunia
2013-09-02 01:04 - 2013-09-02 01:05 - 00001151 _____ C:\DelFix.txt
2013-09-01 20:00 - 2013-09-02 01:04 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 19:42 - 2013-09-01 19:50 - 00000000 ____D C:\AdwCleaner
2013-09-01 19:01 - 2013-09-01 19:01 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-01 19:01 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-01 18:42 - 2013-09-02 01:47 - 00022260 _____ C:\Windows\PFRO.log
2013-09-01 17:50 - 2013-09-02 00:59 - 00000000 ____D C:\Windows\erdnt
2013-09-01 17:16 - 2013-09-02 12:15 - 00000448 _____ C:\Windows\setupact.log
2013-09-01 12:17 - 2013-09-01 12:17 - 00002171 _____ C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
2013-09-01 12:17 - 2013-09-01 12:17 - 00002129 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-09-01 12:17 - 2012-08-23 11:31 - 00032120 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2013-09-01 12:17 - 2012-08-23 11:31 - 00021880 _____ (AVG) C:\Windows\system32\authuitu.dll
2013-09-01 12:16 - 2013-09-01 12:16 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG
2013-09-01 12:14 - 2013-09-01 12:18 - 00000000 ____D C:\ProgramData\AVG
2013-09-01 12:14 - 2013-09-01 12:14 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-09-01 12:13 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-01 12:07 - 2013-09-01 12:13 - 58674136 _____ (AVG) C:\Users\Fetzla\Desktop\avg_tuh_stf_all_2013_2_24c43.exe
2013-09-01 12:07 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 22:17 - 2013-08-24 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 21:29 - 2013-08-23 21:29 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG2013
2013-08-23 21:27 - 2013-08-23 21:28 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-23 21:27 - 2013-08-23 21:27 - 00000955 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\TuneUp Software
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\$AVG
2013-08-23 21:25 - 2013-09-01 12:15 - 00000000 ____D C:\Program Files\AVG
2013-08-23 21:18 - 2013-09-02 13:56 - 00000000 ____D C:\ProgramData\MFAData
2013-08-23 21:18 - 2013-08-23 21:43 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Avg2013
2013-08-23 21:18 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Fetzla\AppData\Local\MFAData
2013-08-23 21:00 - 2013-08-23 21:00 - 00168800 _____ C:\Users\Fetzla\Documents\cc_20130823_210027.reg
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ____D C:\Users\Fetzla\AppData\Local\avgchrome
2013-08-23 20:46 - 2013-08-23 20:46 - 00000057 _____ C:\Users\Fetzla\AppData\Roaming\WB.CFG
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-23 18:56 - 2013-08-23 18:56 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 18:56 - 2013-08-23 18:56 - 00000000 ____D C:\Program Files\CCleaner
2013-08-23 18:22 - 2013-08-23 18:27 - 00000000 ____D C:\490658c479c0de7c0d39
2013-08-23 17:52 - 2013-08-23 18:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 17:09 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-05 19:39 - 2013-09-01 12:35 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\tor
2013-08-03 21:26 - 2013-09-01 18:37 - 00000000 ____D C:\ProgramData\CEC5BA903ECC35130000CEC4EBD13AFB
2013-08-03 21:13 - 2013-09-01 17:16 - 03233806 _____ C:\Users\Fetzla\AppData\Roaming\tor.bin
2013-08-03 21:13 - 2013-09-01 17:16 - 00000141 _____ C:\Users\Fetzla\AppData\Roaming\torrc

==================== One Month Modified Files and Folders =======

2013-09-02 17:07 - 2013-09-02 17:07 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-02 17:07 - 2013-09-02 01:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 17:06 - 2013-09-02 17:06 - 00000000 ____D C:\FRST
2013-09-02 17:06 - 2013-09-02 17:05 - 01085803 _____ (Farbar) C:\Users\Fetzla\Desktop\FRST.exe
2013-09-02 17:01 - 2011-03-22 13:46 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-09-02 16:56 - 2013-09-02 16:54 - 00000474 _____ C:\Users\Fetzla\Desktop\defogger_disable.log
2013-09-02 16:56 - 2010-12-04 15:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 16:54 - 2013-09-02 16:54 - 00000000 _____ C:\Users\Fetzla\defogger_reenable
2013-09-02 16:54 - 2010-12-04 14:32 - 00000000 ____D C:\Users\Fetzla
2013-09-02 16:53 - 2013-09-02 16:53 - 00050477 _____ C:\Users\Fetzla\Desktop\Defogger.exe
2013-09-02 16:36 - 2010-09-23 12:04 - 00000043 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-09-02 16:31 - 2010-09-23 11:20 - 01798813 _____ C:\Windows\WindowsUpdate.log
2013-09-02 13:56 - 2013-08-23 21:18 - 00000000 ____D C:\ProgramData\MFAData
2013-09-02 12:56 - 2010-12-04 15:05 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 12:27 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 12:27 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 12:19 - 2011-05-02 09:16 - 00000000 ____D C:\Users\Fetzla\AppData\Local\CrashDumps
2013-09-02 12:17 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 12:15 - 2013-09-01 17:16 - 00000448 _____ C:\Windows\setupact.log
2013-09-02 01:47 - 2013-09-01 18:42 - 00022260 _____ C:\Windows\PFRO.log
2013-09-02 01:42 - 2013-09-02 01:44 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-02 01:42 - 2013-09-02 01:44 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-02 01:42 - 2013-09-02 01:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-02 01:42 - 2013-09-02 01:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-02 01:42 - 2013-09-02 01:43 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-02 01:42 - 2011-05-05 21:11 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-02 01:42 - 2011-05-05 21:10 - 00000000 ____D C:\Program Files\Java
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\WinPatrol
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-02 01:33 - 2013-09-02 01:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-02 01:33 - 2011-07-04 09:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-02 01:32 - 2013-09-02 01:32 - 00922152 _____ (BillP Studios) C:\Users\Fetzla\Downloads\wpsetup.exe
2013-09-02 01:30 - 2011-10-19 21:35 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Secunia PSI
2013-09-02 01:17 - 2013-09-02 01:16 - 03272136 _____ (Secunia) C:\Users\Fetzla\Desktop\PSISetup711.exe
2013-09-02 01:16 - 2013-09-02 01:16 - 00000000 ____D C:\Program Files\Secunia
2013-09-02 01:05 - 2013-09-02 01:04 - 00001151 _____ C:\DelFix.txt
2013-09-02 01:04 - 2013-09-01 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 00:59 - 2013-09-01 17:50 - 00000000 ____D C:\Windows\erdnt
2013-09-01 19:50 - 2013-09-01 19:42 - 00000000 ____D C:\AdwCleaner
2013-09-01 19:50 - 2010-12-15 23:12 - 00000000 ____D C:\ProgramData\ICQ
2013-09-01 19:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-09-01 19:01 - 2013-09-01 19:01 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-01 18:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-01 18:53 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-01 18:43 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-01 18:40 - 2009-07-14 04:03 - 45088768 _____ C:\Windows\system32\config\software.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 17301504 _____ C:\Windows\system32\config\system.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 01048576 _____ C:\Windows\system32\config\default.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-09-01 18:37 - 2013-08-03 21:26 - 00000000 ____D C:\ProgramData\CEC5BA903ECC35130000CEC4EBD13AFB
2013-09-01 17:57 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 17:38 - 2011-06-28 22:11 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Windows Live
2013-09-01 17:16 - 2013-08-03 21:13 - 03233806 _____ C:\Users\Fetzla\AppData\Roaming\tor.bin
2013-09-01 17:16 - 2013-08-03 21:13 - 00000141 _____ C:\Users\Fetzla\AppData\Roaming\torrc
2013-09-01 12:35 - 2013-08-05 19:39 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\tor
2013-09-01 12:28 - 2011-06-17 18:02 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-01 12:18 - 2013-09-01 12:14 - 00000000 ____D C:\ProgramData\AVG
2013-09-01 12:17 - 2013-09-01 12:17 - 00002171 _____ C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
2013-09-01 12:17 - 2013-09-01 12:17 - 00002129 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-09-01 12:16 - 2013-09-01 12:16 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG
2013-09-01 12:15 - 2013-08-23 21:25 - 00000000 ____D C:\Program Files\AVG
2013-09-01 12:14 - 2013-09-01 12:14 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-09-01 12:13 - 2013-09-01 12:07 - 58674136 _____ (AVG) C:\Users\Fetzla\Desktop\avg_tuh_stf_all_2013_2_24c43.exe
2013-08-24 22:17 - 2013-08-24 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-08-24 22:17 - 2010-08-31 17:35 - 00000000 ____D C:\Program Files\Google
2013-08-23 21:43 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Avg2013
2013-08-23 21:36 - 2010-08-31 17:21 - 00000000 ____D C:\Program Files\Acer GameZone
2013-08-23 21:34 - 2012-05-30 13:19 - 00000000 ____D C:\Users\Fetzla\Desktop\Neuer Ordner
2013-08-23 21:31 - 2013-08-02 20:45 - 00000000 __SHD C:\Users\Fetzla\Documents\MSDCSC
2013-08-23 21:30 - 2010-08-31 17:33 - 00000000 ____D C:\Program Files\Acer
2013-08-23 21:29 - 2013-08-23 21:29 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG2013
2013-08-23 21:28 - 2013-08-23 21:27 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-23 21:27 - 2013-08-23 21:27 - 00000955 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\TuneUp Software
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\$AVG
2013-08-23 21:25 - 2010-12-04 14:35 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Google
2013-08-23 21:25 - 2010-08-31 17:35 - 00000000 ____D C:\ProgramData\Google
2013-08-23 21:18 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Fetzla\AppData\Local\MFAData
2013-08-23 21:06 - 2010-09-23 11:58 - 00000000 ____D C:\Program Files\Windows Live
2013-08-23 21:02 - 2011-10-20 08:23 - 00000000 ____D C:\ProgramData\Norton
2013-08-23 21:00 - 2013-08-23 21:00 - 00168800 _____ C:\Users\Fetzla\Documents\cc_20130823_210027.reg
2013-08-23 20:58 - 2011-06-17 17:55 - 00000000 ____D C:\ProgramData\Skype
2013-08-23 20:57 - 2011-06-17 17:56 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\Skype
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ____D C:\Users\Fetzla\AppData\Local\avgchrome
2013-08-23 20:46 - 2013-08-23 20:46 - 00000057 _____ C:\Users\Fetzla\AppData\Roaming\WB.CFG
2013-08-23 19:28 - 2010-08-31 17:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-23 19:09 - 2011-03-08 13:00 - 00000000 ____D C:\Windows\Minidump
2013-08-23 19:09 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-23 18:56 - 2013-08-23 18:56 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 18:56 - 2013-08-23 18:56 - 00000000 ____D C:\Program Files\CCleaner
2013-08-23 18:27 - 2013-08-23 18:22 - 00000000 ____D C:\490658c479c0de7c0d39
2013-08-23 18:07 - 2013-08-23 17:52 - 00000000 ____D C:\Windows\system32\MRT
2013-08-23 17:52 - 2010-12-05 14:16 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-11-03 22:03

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Fetzla (administrator) on FETZLA-PC on 02-09-2013 17:06:38
Running from C:\Users\Fetzla\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Insyde Software Corp.) C:\Program Files\Acer\Android Manager\iSync.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Insyde Software Corp.) C:\Program Files\Acer\Updater\iUpdate.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-08-03] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1692968 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\BtvStack.exe [470176 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\AthBtTray.exe [289952 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [iSyncData] - C:\Program Files\Acer\Android Manager\iSync.exe [407416 2010-01-08] (Insyde Software Corp.)
HKLM\...\Run: [AndroidManager] - C:\Program Files\Acer\Android Manager\AML.exe [508280 2010-01-08] ()
HKLM\...\Run: [iPatchData] - C:\Program Files\Acer\Updater\iUpdate.exe [489848 2010-11-30] (Insyde Software Corp.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup:                "urls_to_restore_on_startup": [

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532280 2012-08-23] (AVG)
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)

==================== Drivers (Whitelisted) ====================

S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-05-20] (Atheros)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [47144 2010-05-20] (Windows (R) Win 7 DDK provider)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [256360 2010-05-20] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [28200 2010-05-20] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [177704 2010-05-20] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [46952 2010-05-20] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143080 2010-05-20] (Atheros)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [230760 2010-05-25] (Atheros)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-17] (ENE Technology Inc.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-03] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-03] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-03] (Egis Technology Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-07-04] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Fetzla\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 17:06 - 2013-09-02 17:06 - 00000000 ____D C:\FRST
2013-09-02 17:05 - 2013-09-02 17:06 - 01085803 _____ (Farbar) C:\Users\Fetzla\Desktop\FRST.exe
2013-09-02 16:54 - 2013-09-02 16:56 - 00000474 _____ C:\Users\Fetzla\Desktop\defogger_disable.log
2013-09-02 16:54 - 2013-09-02 16:54 - 00000000 _____ C:\Users\Fetzla\defogger_reenable
2013-09-02 16:53 - 2013-09-02 16:53 - 00050477 _____ C:\Users\Fetzla\Desktop\Defogger.exe
2013-09-02 01:44 - 2013-09-02 01:42 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-02 01:44 - 2013-09-02 01:42 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-02 01:43 - 2013-09-02 01:42 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-02 01:43 - 2013-09-02 01:42 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-02 01:43 - 2013-09-02 01:42 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\WinPatrol
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-02 01:32 - 2013-09-02 17:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 01:32 - 2013-09-02 01:33 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-02 01:32 - 2013-09-02 01:32 - 00922152 _____ (BillP Studios) C:\Users\Fetzla\Downloads\wpsetup.exe
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Secunia PSI
2013-09-02 01:16 - 2013-09-02 01:17 - 03272136 _____ (Secunia) C:\Users\Fetzla\Desktop\PSISetup711.exe
2013-09-02 01:16 - 2013-09-02 01:16 - 00000000 ____D C:\Program Files\Secunia
2013-09-02 01:04 - 2013-09-02 01:05 - 00001151 _____ C:\DelFix.txt
2013-09-01 20:00 - 2013-09-02 01:04 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 19:42 - 2013-09-01 19:50 - 00000000 ____D C:\AdwCleaner
2013-09-01 19:01 - 2013-09-01 19:01 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-01 19:01 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-01 18:42 - 2013-09-02 01:47 - 00022260 _____ C:\Windows\PFRO.log
2013-09-01 17:50 - 2013-09-02 00:59 - 00000000 ____D C:\Windows\erdnt
2013-09-01 17:16 - 2013-09-02 12:15 - 00000448 _____ C:\Windows\setupact.log
2013-09-01 12:17 - 2013-09-01 12:17 - 00002171 _____ C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
2013-09-01 12:17 - 2013-09-01 12:17 - 00002129 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-09-01 12:17 - 2012-08-23 11:31 - 00032120 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2013-09-01 12:17 - 2012-08-23 11:31 - 00021880 _____ (AVG) C:\Windows\system32\authuitu.dll
2013-09-01 12:16 - 2013-09-01 12:16 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG
2013-09-01 12:14 - 2013-09-01 12:18 - 00000000 ____D C:\ProgramData\AVG
2013-09-01 12:14 - 2013-09-01 12:14 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-09-01 12:13 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-01 12:07 - 2013-09-01 12:13 - 58674136 _____ (AVG) C:\Users\Fetzla\Desktop\avg_tuh_stf_all_2013_2_24c43.exe
2013-09-01 12:07 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 22:17 - 2013-08-24 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 21:29 - 2013-08-23 21:29 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG2013
2013-08-23 21:27 - 2013-08-23 21:28 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-23 21:27 - 2013-08-23 21:27 - 00000955 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\TuneUp Software
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\$AVG
2013-08-23 21:25 - 2013-09-01 12:15 - 00000000 ____D C:\Program Files\AVG
2013-08-23 21:18 - 2013-09-02 13:56 - 00000000 ____D C:\ProgramData\MFAData
2013-08-23 21:18 - 2013-08-23 21:43 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Avg2013
2013-08-23 21:18 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Fetzla\AppData\Local\MFAData
2013-08-23 21:00 - 2013-08-23 21:00 - 00168800 _____ C:\Users\Fetzla\Documents\cc_20130823_210027.reg
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ____D C:\Users\Fetzla\AppData\Local\avgchrome
2013-08-23 20:46 - 2013-08-23 20:46 - 00000057 _____ C:\Users\Fetzla\AppData\Roaming\WB.CFG
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-23 18:56 - 2013-08-23 18:56 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 18:56 - 2013-08-23 18:56 - 00000000 ____D C:\Program Files\CCleaner
2013-08-23 18:22 - 2013-08-23 18:27 - 00000000 ____D C:\490658c479c0de7c0d39
2013-08-23 17:52 - 2013-08-23 18:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 17:09 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-05 19:39 - 2013-09-01 12:35 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\tor
2013-08-03 21:26 - 2013-09-01 18:37 - 00000000 ____D C:\ProgramData\CEC5BA903ECC35130000CEC4EBD13AFB
2013-08-03 21:13 - 2013-09-01 17:16 - 03233806 _____ C:\Users\Fetzla\AppData\Roaming\tor.bin
2013-08-03 21:13 - 2013-09-01 17:16 - 00000141 _____ C:\Users\Fetzla\AppData\Roaming\torrc

==================== One Month Modified Files and Folders =======

2013-09-02 17:07 - 2013-09-02 17:07 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-02 17:07 - 2013-09-02 01:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 17:06 - 2013-09-02 17:06 - 00000000 ____D C:\FRST
2013-09-02 17:06 - 2013-09-02 17:05 - 01085803 _____ (Farbar) C:\Users\Fetzla\Desktop\FRST.exe
2013-09-02 17:01 - 2011-03-22 13:46 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-09-02 16:56 - 2013-09-02 16:54 - 00000474 _____ C:\Users\Fetzla\Desktop\defogger_disable.log
2013-09-02 16:56 - 2010-12-04 15:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 16:54 - 2013-09-02 16:54 - 00000000 _____ C:\Users\Fetzla\defogger_reenable
2013-09-02 16:54 - 2010-12-04 14:32 - 00000000 ____D C:\Users\Fetzla
2013-09-02 16:53 - 2013-09-02 16:53 - 00050477 _____ C:\Users\Fetzla\Desktop\Defogger.exe
2013-09-02 16:36 - 2010-09-23 12:04 - 00000043 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-09-02 16:31 - 2010-09-23 11:20 - 01798813 _____ C:\Windows\WindowsUpdate.log
2013-09-02 13:56 - 2013-08-23 21:18 - 00000000 ____D C:\ProgramData\MFAData
2013-09-02 12:56 - 2010-12-04 15:05 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 12:27 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 12:27 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 12:19 - 2011-05-02 09:16 - 00000000 ____D C:\Users\Fetzla\AppData\Local\CrashDumps
2013-09-02 12:17 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 12:15 - 2013-09-01 17:16 - 00000448 _____ C:\Windows\setupact.log
2013-09-02 01:47 - 2013-09-01 18:42 - 00022260 _____ C:\Windows\PFRO.log
2013-09-02 01:42 - 2013-09-02 01:44 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-02 01:42 - 2013-09-02 01:44 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-02 01:42 - 2013-09-02 01:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-02 01:42 - 2013-09-02 01:43 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-02 01:42 - 2013-09-02 01:43 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-02 01:42 - 2011-05-05 21:11 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-02 01:42 - 2011-05-05 21:10 - 00000000 ____D C:\Program Files\Java
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\WinPatrol
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-02 01:34 - 2013-09-02 01:34 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-02 01:33 - 2013-09-02 01:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-02 01:33 - 2011-07-04 09:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-02 01:32 - 2013-09-02 01:32 - 00922152 _____ (BillP Studios) C:\Users\Fetzla\Downloads\wpsetup.exe
2013-09-02 01:30 - 2011-10-19 21:35 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Secunia PSI
2013-09-02 01:17 - 2013-09-02 01:16 - 03272136 _____ (Secunia) C:\Users\Fetzla\Desktop\PSISetup711.exe
2013-09-02 01:16 - 2013-09-02 01:16 - 00000000 ____D C:\Program Files\Secunia
2013-09-02 01:05 - 2013-09-02 01:04 - 00001151 _____ C:\DelFix.txt
2013-09-02 01:04 - 2013-09-01 20:00 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 00:59 - 2013-09-01 17:50 - 00000000 ____D C:\Windows\erdnt
2013-09-01 19:50 - 2013-09-01 19:42 - 00000000 ____D C:\AdwCleaner
2013-09-01 19:50 - 2010-12-15 23:12 - 00000000 ____D C:\ProgramData\ICQ
2013-09-01 19:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-09-01 19:01 - 2013-09-01 19:01 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 19:01 - 2013-09-01 19:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-01 18:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-01 18:53 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-01 18:43 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-01 18:40 - 2009-07-14 04:03 - 45088768 _____ C:\Windows\system32\config\software.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 17301504 _____ C:\Windows\system32\config\system.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 01048576 _____ C:\Windows\system32\config\default.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-09-01 18:40 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-09-01 18:37 - 2013-08-03 21:26 - 00000000 ____D C:\ProgramData\CEC5BA903ECC35130000CEC4EBD13AFB
2013-09-01 17:57 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 17:38 - 2011-06-28 22:11 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Windows Live
2013-09-01 17:16 - 2013-08-03 21:13 - 03233806 _____ C:\Users\Fetzla\AppData\Roaming\tor.bin
2013-09-01 17:16 - 2013-08-03 21:13 - 00000141 _____ C:\Users\Fetzla\AppData\Roaming\torrc
2013-09-01 12:35 - 2013-08-05 19:39 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\tor
2013-09-01 12:28 - 2011-06-17 18:02 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-01 12:18 - 2013-09-01 12:14 - 00000000 ____D C:\ProgramData\AVG
2013-09-01 12:17 - 2013-09-01 12:17 - 00002171 _____ C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
2013-09-01 12:17 - 2013-09-01 12:17 - 00002129 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-09-01 12:16 - 2013-09-01 12:16 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG
2013-09-01 12:15 - 2013-08-23 21:25 - 00000000 ____D C:\Program Files\AVG
2013-09-01 12:14 - 2013-09-01 12:14 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-09-01 12:13 - 2013-09-01 12:07 - 58674136 _____ (AVG) C:\Users\Fetzla\Desktop\avg_tuh_stf_all_2013_2_24c43.exe
2013-08-24 22:17 - 2013-08-24 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-08-24 22:17 - 2010-08-31 17:35 - 00000000 ____D C:\Program Files\Google
2013-08-23 21:43 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Avg2013
2013-08-23 21:36 - 2010-08-31 17:21 - 00000000 ____D C:\Program Files\Acer GameZone
2013-08-23 21:34 - 2012-05-30 13:19 - 00000000 ____D C:\Users\Fetzla\Desktop\Neuer Ordner
2013-08-23 21:31 - 2013-08-02 20:45 - 00000000 __SHD C:\Users\Fetzla\Documents\MSDCSC
2013-08-23 21:30 - 2010-08-31 17:33 - 00000000 ____D C:\Program Files\Acer
2013-08-23 21:29 - 2013-08-23 21:29 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\AVG2013
2013-08-23 21:28 - 2013-08-23 21:27 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-23 21:27 - 2013-08-23 21:27 - 00000955 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\TuneUp Software
2013-08-23 21:27 - 2013-08-23 21:27 - 00000000 ____D C:\$AVG
2013-08-23 21:25 - 2010-12-04 14:35 - 00000000 ____D C:\Users\Fetzla\AppData\Local\Google
2013-08-23 21:25 - 2010-08-31 17:35 - 00000000 ____D C:\ProgramData\Google
2013-08-23 21:18 - 2013-08-23 21:18 - 00000000 ____D C:\Users\Fetzla\AppData\Local\MFAData
2013-08-23 21:06 - 2010-09-23 11:58 - 00000000 ____D C:\Program Files\Windows Live
2013-08-23 21:02 - 2011-10-20 08:23 - 00000000 ____D C:\ProgramData\Norton
2013-08-23 21:00 - 2013-08-23 21:00 - 00168800 _____ C:\Users\Fetzla\Documents\cc_20130823_210027.reg
2013-08-23 20:58 - 2011-06-17 17:55 - 00000000 ____D C:\ProgramData\Skype
2013-08-23 20:57 - 2011-06-17 17:56 - 00000000 ____D C:\Users\Fetzla\AppData\Roaming\Skype
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ____D C:\Users\Fetzla\AppData\Local\avgchrome
2013-08-23 20:46 - 2013-08-23 20:46 - 00000057 _____ C:\Users\Fetzla\AppData\Roaming\WB.CFG
2013-08-23 19:28 - 2010-08-31 17:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-23 19:09 - 2011-03-08 13:00 - 00000000 ____D C:\Windows\Minidump
2013-08-23 19:09 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-23 19:04 - 2013-08-23 19:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-23 18:56 - 2013-08-23 18:56 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 18:56 - 2013-08-23 18:56 - 00000000 ____D C:\Program Files\CCleaner
2013-08-23 18:27 - 2013-08-23 18:22 - 00000000 ____D C:\490658c479c0de7c0d39
2013-08-23 18:07 - 2013-08-23 17:52 - 00000000 ____D C:\Windows\system32\MRT
2013-08-23 17:52 - 2010-12-05 14:16 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-11-03 22:03

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Ich glaub das war jetzt alles auf Liste, oder?
Sorry, das es ein bisschen gedauert hat.

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-02 19:10:46
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PB2O 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Fetzla\AppData\Local\Temp\uwdiipow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                    ZwNotifyChangeKey [0x8A8625D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                    ZwNotifyChangeMultipleKeys [0x8A862700]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                    ZwOpenProcess [0x8A862010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                    ZwSuspendProcess [0x8A862300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                    ZwSuspendThread [0x8A8623E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                    ZwTerminateProcess [0x8A862120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                    ZwTerminateThread [0x8A862210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                    ZwWriteVirtualMemory [0x8A8624D0]

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                        81C409F5 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          81C7A1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1357                                                              81C8169C 8 Bytes  [D0, 25, 86, 8A, 00, 27, 86, ...]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 139F                                                              81C816E4 4 Bytes  [10, 20, 86, 8A]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 165F                                                              81C819A4 8 Bytes  [00, 23, 86, 8A, E0, 23, 86, ...] {ADD [EBX], AH; XCHG [EDX-0x7579dc20], CL}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                              81C819B4 8 Bytes  [20, 21, 86, 8A, 10, 22, 86, ...] {AND [ECX], AH; XCHG [EDX-0x7579ddf0], CL}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 16E3                                                              81C81A28 4 Bytes  [D0, 24, 86, 8A]

---- Devices - GMER 2.1 ----

Device                                                                                                          Ntfs.sys
Device                                                                                                          fastfat.SYS
Device                                                                                                          Sftfslh.sys

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                          avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                          avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                        avgtdix.sys
AttachedDevice                                                                                                  fltmgr.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c0f6e7b5908                     
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c0f6e7b5908 (not active ControlSet) 

---- EOF - GMER 2.1 ----

aharonov 03.09.2013 08:36
Hallo,

kannst du bitte auch noch den Inhalt der Addition.txt von FRST hier einfügen? (Bisher seh ich nur 3 mal die FRST.txt. :))

Zusätzlich:


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

TanjaF 03.09.2013 10:38
Sorry.... :(

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-09-2013 04
Ran by Fetzla at 2013-09-02 17:08:41
Running from C:\Users\Fetzla\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acer ScreenSaver (Version: 1.1.0830.2010)
Acer Updater (Version: 1.02.3001)
Acer VCM (Version: 4.05.3002)
Acrobat.com (Version: 1.6.65)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.7.700.232)
Adobe Reader 9.4.5 MUI (Version: 9.4.5)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
AndroidInstaller (Version: 1.00.022)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.35)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
AVG PC TuneUp (Version: 12.0.4000.108)
AVG PC TuneUp Language Pack (de-DE) (Version: 12.0.4000.108)
Bluetooth Win7 Suite (Version: 7.01.000.18)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.04)
D3DX10 (Version: 15.4.2368.0902)
Dear user
ENE USB Card Reader Driver (Version: 5.89.0.70)
EPSON BX305 Series Printer Uninstall
EPSON Scan
eSobi v2 (Version: 2.0.4.000274)
Google Chrome (Version: 29.0.1547.62)
Google Update Helper (Version: 1.3.21.153)
iCloud (Version: 2.0.2.187)
Identity Card (Version: 1.00.3003)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117)
Intel(R) Rapid Storage Technology (Version: 9.6.4.1002)
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (Version: 7.0.250)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MyWinLocker (Version: 3.1.212.0)
MyWinLocker Suite (Version: 3.1.212.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.6171)
Safari (Version: 5.34.57.2)
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Shredder (Version: 2.0.8.3)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.0.7.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VTech Download Agent Library (Version: 1.00.0000)
VTech Download Manager
Welcome Center (Version: 1.02.3004)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinPatrol (Version: 28.6.2013.0)
 

==================== Restore Points  =========================

01-09-2013 23:04:23 Ende der Bereinigung
01-09-2013 23:57:06 Windows-Sicherung
02-09-2013 08:47:05 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-09-01 18:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {20D2EA8A-40E5-4886-94FE-AA8CC18C2206} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {34ED3F40-2853-425D-BFE1-5227619BDC65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {460FC3DB-F63E-4C1A-B543-E58A8E7C2B89} - System32\Tasks\{D758DB2D-02FC-4B1E-AC34-450282F31509} => C:\Program Files\Skype\\Phone\Skype.exe No File
Task: {4A6016D2-02DB-42F2-B13B-AB98CBCEFD18} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {5229A2EC-AA38-4527-99AC-15F0AEDFF296} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {57E7F431-96ED-48D5-A259-8CAB058B6066} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {5C3B828B-64F5-4D73-A04E-28DD76F76CA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02] (Adobe Systems Incorporated)
Task: {64B52FB6-76C6-423B-B669-F8BB9B25A401} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe [2012-08-23] (AVG)
Task: {66D060F2-2097-42E8-A404-3565D0ABBE24} - System32\Tasks\{CE418087-0A78-4D1E-AAA7-17C0CAB294DC} => C:\Users\Fetzla\Desktop\SecurityCheck.exe No File
Task: {6E2FDBA0-42B0-436A-BA51-F802DB48F75B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {7EB429EA-F0C3-4FDE-B14C-0305E8C9699A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {B70C7AC7-3627-4F5B-8E42-EC13F0BE5709} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {C54C24E3-A613-4648-8267-25D4D3AA6E6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {DE4414A0-4F94-41B8-8850-B6A88CA34BF0} - System32\Tasks\{7DC6EFC9-FD81-4178-AA97-93E67CED4CD3} => C:\Users\Fetzla\Desktop\SecurityCheck.exe No File
Task: {EECBDFB7-1880-425E-A353-E1A30229EE2D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-02 01:34 - 2013-08-13 03:34 - 00065080 ____N (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL
2013-09-01 19:01 - 2013-04-04 14:50 - 00527944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
2013-09-01 19:01 - 2013-04-04 14:50 - 02191944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
2010-05-27 04:40 - 2010-05-27 04:40 - 00120176 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll
2010-05-27 04:40 - 2010-05-27 04:40 - 00267632 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\sysenv.dll
2008-11-12 03:16 - 2008-11-12 03:16 - 00133680 _____ (Microsoft Corporation) C:\Program Files\EgisTec MyWinLocker\x86\XmlLite.dll
2009-07-14 01:18 - 2009-07-14 03:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll
2010-05-25 17:45 - 2010-05-25 17:45 - 00064672 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthCopyHook.dll
2009-07-14 02:19 - 2009-07-14 03:16 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2009-07-14 02:19 - 2009-07-14 03:16 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2011-07-03 20:48 - 2010-11-20 14:20 - 00932352 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2011-07-03 20:47 - 2010-11-20 14:20 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2010-04-02 23:06 - 2010-04-02 23:06 - 00052592 _____ (Egis Technology Inc.) C:\Program Files\EgisTec Shredder\x86\ShredderContextMenu.dll
2010-04-02 23:06 - 2010-04-02 23:06 - 00237424 _____ (Egis Technology Inc.) C:\Program Files\EgisTec Shredder\x86\FrameUtility.dll
2010-04-02 23:06 - 2010-04-02 23:06 - 01038192 _____ (Egis Technology Inc.) C:\Program Files\EgisTec Shredder\x86\LibFrame.dll
2011-06-16 12:43 - 2011-06-16 12:43 - 00159048 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
2010-05-25 17:46 - 2010-05-25 17:46 - 00222368 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\ShellContextExt.dll
2012-09-10 17:58 - 2012-09-10 17:58 - 00653200 _____ (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll
2010-05-27 04:40 - 2010-05-27 04:40 - 00096112 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\mwlshellext.dll
2012-08-23 11:31 - 2012-08-23 11:31 - 00030072 _____ (AVG) C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll
2013-03-28 02:48 - 2013-03-28 02:48 - 00229424 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgse.dll
2011-06-11 01:58 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-06-11 01:58 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2013-06-27 01:54 - 2013-06-27 01:54 - 00848432 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgsysx.dll
2010-05-25 18:04 - 2010-05-25 18:04 - 00162976 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvAppExt.dll
2010-05-25 17:46 - 2010-05-25 17:46 - 00834720 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\OutLookLib.dll
2010-09-23 11:45 - 2010-09-23 11:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80DEU.DLL
2010-05-25 17:46 - 2010-05-25 17:46 - 00020128 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\langs\BtvAppExtGER.dll
2010-08-31 17:39 - 2010-04-19 02:52 - 00199680 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2010-08-31 17:39 - 2010-04-19 02:52 - 00094208 _____ (Intel Corporation) C:\Windows\system32\hccutils.DLL
2010-08-31 17:39 - 2010-04-19 02:52 - 00051712 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2010-08-31 17:39 - 2010-04-19 02:55 - 00303616 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2013-07-15 20:56 - 2013-04-24 00:57 - 05932696 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
2013-07-20 10:09 - 2013-07-20 10:09 - 11499520 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
2013-05-28 09:53 - 2012-10-05 12:53 - 00364656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
2013-07-20 10:10 - 2013-07-20 10:10 - 07989760 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
2013-07-21 11:56 - 2013-07-21 11:56 - 00452608 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f6bbb915918ecffdc81bc72ea498cd9b\IAStorUtil.ni.dll
2013-07-20 10:12 - 2013-07-20 10:12 - 01593344 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
2013-07-20 10:12 - 2013-07-20 10:12 - 12436480 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
2013-07-20 10:10 - 2013-07-20 10:10 - 00978432 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
2013-07-20 10:10 - 2013-07-20 10:10 - 05464064 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
2013-05-28 09:51 - 2010-11-13 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
2010-08-31 17:09 - 2010-06-08 19:45 - 00032768 _____ (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\de-DE\IAStorIcon.resources.dll
2010-08-31 17:09 - 2010-06-08 19:44 - 01046528 _____ (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2010-08-31 17:09 - 2010-06-08 19:45 - 00004608 _____ (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\de-DE\IntelVisualDesign.resources.dll
2013-07-20 10:15 - 2013-07-20 10:15 - 00771584 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
2010-09-23 21:05 - 2010-09-23 21:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
2011-07-03 20:47 - 2010-11-05 03:57 - 00572760 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
2013-07-20 10:11 - 2013-07-20 10:11 - 03348480 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
2013-07-20 10:16 - 2013-07-20 10:16 - 11833344 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\dcc781ebbddf98a9cf6dd4f3b17f1063\System.Web.ni.dll
2010-08-31 17:09 - 2010-06-08 19:44 - 00162816 _____ (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2011-06-16 12:43 - 2011-06-16 12:43 - 03766600 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90.dll
2011-06-16 12:43 - 2011-06-16 12:43 - 00063312 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL
2010-05-27 04:39 - 2010-05-27 04:39 - 00254320 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\ADMIN_CLASS_LIB.dll
2008-11-12 03:16 - 2008-11-12 03:16 - 00268848 _____ (EgisTec Inc.) C:\Program Files\EgisTec MyWinLocker\x86\keyManager.dll
2010-05-27 04:39 - 2010-05-27 04:39 - 00529776 _____ (EgisTec Inc.) C:\Program Files\EgisTec MyWinLocker\x86\CryptoAPI.dll
2010-05-27 04:40 - 2010-05-27 04:40 - 00177008 _____ (Egis Technology Inc.  ) C:\Program Files\EgisTec MyWinLocker\x86\PSDUtil.dll
2010-05-27 04:40 - 2010-05-27 04:40 - 00091504 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\mwlOP.dll
2010-05-27 04:40 - 2010-05-27 04:40 - 00120176 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\ShowErrMsg.dll
2010-05-27 04:40 - 2010-05-27 04:40 - 00034160 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\mwlRecordUI.dll
2010-05-27 04:40 - 2010-05-27 04:40 - 00144752 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\mwlUI.DLL
2010-05-27 04:40 - 2010-05-27 04:40 - 00529776 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\GDIExtendCtrl.dll
2010-05-27 04:40 - 2010-05-27 04:40 - 00029040 _____ (Egis Technology Inc.) C:\Program Files\EgisTec MyWinLocker\x86\SYSTrayUI.dll
2010-08-31 17:39 - 2010-04-19 02:52 - 00094208 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL
2010-08-31 17:39 - 2010-04-19 02:52 - 05702656 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll
2010-08-31 17:39 - 2010-02-05 10:46 - 00173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2010-08-31 17:39 - 2010-02-05 10:46 - 00161064 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2010-08-31 17:39 - 2010-04-19 02:52 - 00218112 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2010-05-25 17:45 - 2010-05-25 17:45 - 00076960 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\Handsfree.dll
2010-05-25 17:46 - 2010-05-25 17:46 - 00072864 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\RfcommLib.dll
2010-05-25 17:45 - 2010-05-25 17:45 - 00037024 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\BTBIP.DLL
2010-05-25 17:46 - 2010-05-25 17:46 - 00064672 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\Sync.dll
2010-05-25 17:45 - 2010-05-25 17:45 - 00068768 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\GOEP_SINGLE.DLL
2010-05-25 17:45 - 2010-05-25 17:45 - 00033440 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\BPP.DLL
2010-05-25 17:45 - 2010-05-25 17:45 - 00076960 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\GOEP_bpp.DLL
2010-05-25 17:45 - 2010-05-25 17:45 - 00097440 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\L2capLib.dll
2010-05-25 17:46 - 2010-05-25 17:46 - 00085152 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\langs\BtvStackGER.dll
2010-05-25 17:45 - 2010-05-25 17:45 - 00138400 _____ (Atheros Commnucations) C:\Program Files\Bluetooth Suite\langs\BtCommonGER.dll
2010-03-11 07:11 - 2010-03-11 07:11 - 00068976 _____ (Egis Technology Inc.) C:\Program Files\EgisTec IPS\KernelController.dll
2010-03-11 07:11 - 2010-03-11 07:11 - 00788848 _____ (Egis Technology Inc.) C:\Program Files\EgisTec IPS\LiveUpdateUI.dll
2010-03-11 07:11 - 2010-03-11 07:11 - 00068976 _____ (Egis Technology Inc.) C:\Program Files\EgisTec IPS\LicenseCenter.dll
2010-03-11 07:12 - 2010-03-11 07:12 - 00072560 _____ (Egis Technology Inc.) C:\Program Files\EgisTec IPS\UpdateModel.dll
2010-07-20 14:54 - 2010-07-20 14:54 - 00411136 _____ () C:\Program Files\Acer\Android Manager\DEU.dll
2012-11-05 11:37 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
2012-11-05 11:37 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
2012-11-05 11:37 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
2012-11-05 11:37 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
2012-11-05 11:37 - 2012-08-06 11:54 - 09843640 _____ () C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
2012-11-05 11:37 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files\VTech\DownloadManager\System\phonon4.dll
2012-11-05 11:37 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-11-05 11:37 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-11-05 11:37 - 2012-09-25 11:00 - 00206808 _____ (VTech) C:\Program Files\VTech\DownloadManager\System\DAVTMassStorageLib.dll
2012-11-05 11:37 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
2012-11-05 11:37 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2009-07-14 01:53 - 2009-07-14 03:15 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2012-11-05 11:37 - 2010-05-20 10:45 - 00235008 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Program Files\VTech\DownloadManager\System\ssleay32.DLL
2012-11-05 11:37 - 2010-05-20 10:45 - 01141248 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Program Files\VTech\DownloadManager\System\LIBEAY32.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00121704 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
2013-02-19 04:01 - 2013-02-19 04:01 - 00890928 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgntopensslx.dll
2011-06-11 01:58 - 2011-06-11 01:58 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2011-06-11 01:58 - 2011-06-11 01:58 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2013-02-19 04:01 - 2013-02-19 04:01 - 00309808 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avglogx.dll
2013-07-23 01:31 - 2013-07-23 01:31 - 02853936 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgkrnlapix.dll
2013-03-21 03:09 - 2013-03-21 03:09 - 01028144 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcfgx.dll
2013-07-26 01:33 - 2013-07-26 01:33 - 00455216 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcommx.dll
2013-02-19 04:01 - 2013-02-19 04:01 - 00273968 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidpmx.dll
2013-02-19 04:01 - 2013-02-19 04:01 - 00174640 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avglngx.dll
2013-03-29 02:54 - 2013-03-29 02:54 - 01799216 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avguires.dll
2013-02-19 04:00 - 2013-02-19 04:00 - 00279088 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgclitx.dll
2013-02-19 04:01 - 2013-02-19 04:01 - 00025648 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgapps.dll
2013-06-10 11:08 - 2013-06-10 11:08 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2011-06-16 08:01 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\INETCOMM.DLL
2009-07-14 01:42 - 2009-07-14 03:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\MSOERT2.dll
2009-07-14 01:42 - 2009-07-14 03:06 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\inetres.dll
2013-07-15 21:16 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-14 03:16 - 2013-03-14 03:16 - 00409648 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgdecider.dll
2013-07-15 21:16 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2009-07-14 01:27 - 2009-07-14 03:16 - 00561664 _____ (Microsoft Corporation) C:\Windows\system32\uiautomationcore.dll
2011-07-03 20:48 - 2010-11-20 14:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\T2EMBED.DLL
2013-09-02 01:34 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2013-07-15 21:16 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\IEUI.dll
2013-07-15 21:16 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2010-09-23 00:21 - 2010-09-23 00:21 - 00122728 _____ (Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsapi.dll
2013-06-10 11:10 - 2013-06-10 11:10 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-09-02 01:42 - 2013-09-02 01:42 - 00463272 _____ (Oracle Corporation) C:\Program Files\Java\jre7\bin\ssv.dll
2013-09-02 01:33 - 2013-09-02 01:33 - 16230792 ____R (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\Flash32_11_8_800_94.ocx
2013-06-10 11:10 - 2013-06-10 11:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\MSRATING.dll
2013-06-10 11:10 - 2013-06-10 11:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\Dxtrans.dll
2009-07-14 01:28 - 2009-07-14 03:15 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\ddrawex.dll
2009-07-14 01:25 - 2009-07-14 03:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll
2013-09-02 01:33 - 2013-09-02 01:33 - 00479112 _____ (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.dll
2011-07-03 20:48 - 2010-11-20 14:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2011-12-29 23:43 - 2009-11-17 07:00 - 01468416 _____ (SEIKO EPSON CORP.) C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FUICGJE.DLL
2011-07-03 20:47 - 2010-11-20 14:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2011-12-29 23:43 - 2009-10-23 06:00 - 00170496 _____ (SEIKO EPSON Corporation) C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FMAIGJE.DLL

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:1A60DE96
AlternateDataStreams: C:\ProgramData\TEMP:93EB7685
AlternateDataStreams: C:\ProgramData\TEMP:CDFF58FE
AlternateDataStreams: C:\ProgramData\TEMP:E3C56885

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2013 04:36:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 290661

Error: (09/02/2013 04:36:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 290661

Error: (09/02/2013 04:36:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/02/2013 04:32:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15740

Error: (09/02/2013 04:32:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15740

Error: (09/02/2013 04:32:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/02/2013 00:19:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesApp32.exe, Version: 12.0.4000.108, Zeitstempel: 0x5035f6ab
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x017eea38
ID des fehlerhaften Prozesses: 0xdf0
Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesApp32.exe0
Pfad der fehlerhaften Anwendung: TuneUpUtilitiesApp32.exe1
Pfad des fehlerhaften Moduls: TuneUpUtilitiesApp32.exe2
Berichtskennung: TuneUpUtilitiesApp32.exe3

Error: (09/02/2013 10:46:35 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1394

Startzeit: 01cea7b88cdccf6f

Endzeit: 127

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (09/02/2013 01:49:00 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesApp32.exe, Version: 12.0.4000.108, Zeitstempel: 0x5035f6ab
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005e9850
ID des fehlerhaften Prozesses: 0xebc
Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesApp32.exe0
Pfad der fehlerhaften Anwendung: TuneUpUtilitiesApp32.exe1
Pfad des fehlerhaften Moduls: TuneUpUtilitiesApp32.exe2
Berichtskennung: TuneUpUtilitiesApp32.exe3

Error: (09/01/2013 10:29:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15959


System errors:
=============
Error: (09/02/2013 00:18:22 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (09/02/2013 00:17:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (09/02/2013 00:17:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Audio" wurde nicht richtig gestartet.

Error: (09/02/2013 00:14:03 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (09/02/2013 11:21:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242fff fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2862966)

Error: (09/02/2013 11:21:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2859537)

Error: (09/02/2013 11:21:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2840628)

Error: (09/02/2013 11:21:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242fff fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2803821)

Error: (09/02/2013 11:21:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242fff fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 SP1 x86 (KB2844286)

Error: (09/02/2013 11:21:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242fff fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 10 unter Windows 7 Service Pack 1 (KB2862772)


Microsoft Office Sessions:
=========================
Error: (09/02/2013 04:36:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 290661

Error: (09/02/2013 04:36:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 290661

Error: (09/02/2013 04:36:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/02/2013 04:32:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15740

Error: (09/02/2013 04:32:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15740

Error: (09/02/2013 04:32:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/02/2013 00:19:06 PM) (Source: Application Error)(User: )
Description: TuneUpUtilitiesApp32.exe12.0.4000.1085035f6abunknown0.0.0.000000000c0000005017eea38df001cea7c5ce8e3055C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exeunknown18beb766-13b9-11e3-accf-88ae1da1e220

Error: (09/02/2013 10:46:35 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16635139401cea7b88cdccf6f127C:\Program Files\Internet Explorer\iexplore.exe

Error: (09/02/2013 01:49:00 AM) (Source: Application Error)(User: )
Description: TuneUpUtilitiesApp32.exe12.0.4000.1085035f6abunknown0.0.0.000000000c0000005005e9850ebc01cea76dc5cbd845C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exeunknown129a5377-1361-11e3-af04-88ae1da1e220

Error: (09/01/2013 10:29:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15959


==================== Memory info ===========================

Percentage of memory in use: 91%
Total physical RAM: 1013.09 MB
Available physical RAM: 85.87 MB
Total Pagefile: 2037.09 MB
Available Pagefile: 537.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.94 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:215.79 GB) (Free:178.84 GB) NTFS
Drive d: () (Fixed) (Total:4 GB) (Free:1.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 17925772)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=0C)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=216 GB) - (Type=OF Extended)

==================== End Of Log ============================
Hat jetzt etwas gedauert.
Ich hab eig meine AVG-Antivirus deaktiviert. Trotzdem hat er des motzen angefangen und meinte das Combofix infiziert wäre....

Code:
ComboFix 13-09-02.02 - Fetzla 03.09.2013  11:06:19.2.4 - x86
Microsoft Windows 7 Starter  6.1.7601.1.1252.49.1031.18.1013.176 [GMT 2:00]
ausgeführt von:: c:\users\Fetzla\Desktop\ComboFix.exe
AV: AVG AntiVirus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-08-03 bis 2013-09-03  ))))))))))))))))))))))))))))))
.
.
2013-09-03 09:29 . 2013-09-03 09:29        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-09-02 15:06 . 2013-09-02 15:06        --------        d-----w-        C:\FRST
2013-09-02 09:23 . 2013-07-09 05:03        3968960        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-09-02 09:23 . 2013-07-09 05:03        3913664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-09-02 09:23 . 2013-07-09 04:53        1289096        ----a-w-        c:\windows\system32\ntdll.dll
2013-09-02 09:23 . 2013-07-25 08:57        1620992        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-09-02 09:18 . 2013-07-19 01:41        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-09-01 23:44 . 2013-09-01 23:42        867240        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-09-01 23:43 . 2013-09-01 23:42        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-09-01 23:34 . 2013-09-01 23:34        --------        d-----w-        c:\users\Fetzla\AppData\Roaming\WinPatrol
2013-09-01 23:34 . 2013-09-01 23:34        --------        d-----w-        c:\programdata\InstallMate
2013-09-01 23:34 . 2013-09-01 23:34        --------        d-----w-        c:\program files\BillP Studios
2013-09-01 23:32 . 2013-09-01 23:33        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-09-01 23:17 . 2013-09-01 23:17        --------        d-----w-        c:\users\Fetzla\AppData\Local\Secunia PSI
2013-09-01 23:16 . 2013-09-01 23:16        --------        d-----w-        c:\program files\Secunia
2013-09-01 18:00 . 2013-09-01 23:04        --------        d-----w-        c:\windows\ERUNT
2013-09-01 17:42 . 2013-09-01 17:50        --------        d-----w-        C:\AdwCleaner
2013-09-01 17:01 . 2013-09-01 17:01        --------        d-----w-        c:\users\Fetzla\AppData\Roaming\Malwarebytes
2013-09-01 17:01 . 2013-09-01 17:01        --------        d-----w-        c:\programdata\Malwarebytes
2013-09-01 17:01 . 2013-09-01 17:01        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-09-01 17:01 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-09-01 17:01 . 2013-09-01 17:01        --------        d-----w-        c:\users\Fetzla\AppData\Local\Programs
2013-09-01 16:39 . 2013-09-03 09:29        --------        d-----w-        c:\users\Fetzla\AppData\Local\temp
2013-09-01 10:17 . 2012-08-23 09:31        32120        ----a-w-        c:\windows\system32\TURegOpt.exe
2013-09-01 10:17 . 2012-08-23 09:31        21880        ----a-w-        c:\windows\system32\authuitu.dll
2013-09-01 10:16 . 2013-09-01 10:16        --------        d-----w-        c:\users\Fetzla\AppData\Roaming\AVG
2013-09-01 10:14 . 2013-09-01 10:18        --------        d-----w-        c:\programdata\AVG
2013-09-01 10:14 . 2013-09-01 10:14        --------        d-sh--w-        c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-09-01 10:13 . 2013-07-06 05:05        1293760        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-09-01 10:07 . 2013-07-09 04:50        652800        ----a-w-        c:\windows\system32\rpcrt4.dll
2013-08-23 19:27 . 2013-08-23 19:27        --------        d-----w-        c:\users\Fetzla\AppData\Roaming\TuneUp Software
2013-08-23 19:27 . 2013-08-23 19:27        --------        d-----w-        C:\$AVG
2013-08-23 19:25 . 2013-09-01 10:15        --------        d-----w-        c:\program files\AVG
2013-08-23 19:18 . 2013-09-03 08:30        --------        d-----w-        c:\programdata\MFAData
2013-08-23 19:18 . 2013-08-23 19:43        --------        d-----w-        c:\users\Fetzla\AppData\Local\Avg2013
2013-08-23 19:18 . 2013-08-23 19:18        --------        d--h--w-        c:\programdata\Common Files
2013-08-23 19:18 . 2013-08-23 19:18        --------        d-----w-        c:\users\Fetzla\AppData\Local\MFAData
2013-08-23 18:56 . 2013-08-23 18:56        --------        d-----w-        c:\users\Fetzla\AppData\Local\avgchrome
2013-08-23 17:29 . 2013-08-23 17:29        --------        d-----w-        c:\windows\OEMTemp
2013-08-23 17:04 . 2013-08-23 17:04        --------        d-----w-        c:\windows\system32\Extensions
2013-08-23 17:04 . 2013-08-23 17:04        --------        d-----w-        c:\windows\system32\searchplugins
2013-08-23 16:56 . 2013-08-23 16:56        --------        d-----w-        c:\program files\CCleaner
2013-08-23 16:22 . 2013-08-23 16:27        --------        d-----w-        C:\490658c479c0de7c0d39
2013-08-23 15:52 . 2013-08-23 16:07        --------        d-----w-        c:\windows\system32\MRT
2013-08-19 15:10 . 2013-07-02 06:54        7143960        ------w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C3E5A88-FFED-4171-890B-46943C924BF9}\mpengine.dll
2013-08-19 15:09 . 2013-06-15 03:38        31232        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2013-08-05 17:39 . 2013-09-01 10:35        --------        d-----w-        c:\users\Fetzla\AppData\Roaming\tor
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-01 23:42 . 2011-05-05 19:11        789416        ----a-w-        c:\windows\system32\deployJava1.dll
2013-09-01 23:33 . 2011-07-04 07:19        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-01 15:16 . 2013-08-03 19:13        3233806        ----a-w-        c:\users\Fetzla\AppData\Roaming\tor.bin
2013-07-19 23:51 . 2013-07-19 23:51        246072        ----a-w-        c:\windows\system32\drivers\avglogx.sys
2013-07-19 23:50 . 2013-07-19 23:50        60216        ----a-w-        c:\windows\system32\drivers\avgidshx.sys
2013-07-19 23:50 . 2013-07-19 23:50        208184        ----a-w-        c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 23:50 . 2013-07-19 23:50        171320        ----a-w-        c:\windows\system32\drivers\avgldx86.sys
2013-07-09 23:32 . 2013-07-09 23:32        39224        ----a-w-        c:\windows\system32\drivers\avgrkx86.sys
2013-07-03 08:32 . 2013-07-03 08:32        16024        ----a-w-        c:\windows\system32\drivers\psi_mf_x86.sys
2013-06-30 23:45 . 2013-06-30 23:45        96568        ----a-w-        c:\windows\system32\drivers\avgmfx86.sys
2013-06-10 09:10 . 2013-06-10 09:10        745472        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-10 09:10 . 2013-06-10 09:10        185344        ----a-w-        c:\windows\system32\elshyph.dll
2013-06-10 09:10 . 2013-06-10 09:10        158720        ----a-w-        c:\windows\system32\msls31.dll
2013-06-10 09:10 . 2013-06-10 09:10        138752        ----a-w-        c:\windows\system32\wextract.exe
2013-06-10 09:10 . 2013-06-10 09:10        150528        ----a-w-        c:\windows\system32\iexpress.exe
2013-06-10 09:10 . 2013-06-10 09:10        73728        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-06-10 09:10 . 2013-06-10 09:10        719360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-06-10 09:10 . 2013-06-10 09:10        61952        ----a-w-        c:\windows\system32\tdc.ocx
2013-06-10 09:10 . 2013-06-10 09:10        523264        ----a-w-        c:\windows\system32\vbscript.dll
2013-06-10 09:10 . 2013-06-10 09:10        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-06-10 09:10 . 2013-06-10 09:10        38400        ----a-w-        c:\windows\system32\imgutil.dll
2013-06-10 09:10 . 2013-06-10 09:10        361984        ----a-w-        c:\windows\system32\html.iec
2013-06-10 09:10 . 2013-06-10 09:10        23040        ----a-w-        c:\windows\system32\licmgr10.dll
2013-06-10 09:10 . 2013-06-10 09:10        1441280        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-06-10 09:10 . 2013-06-10 09:10        137216        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-06-10 09:10 . 2013-06-10 09:10        12800        ----a-w-        c:\windows\system32\mshta.exe
2013-06-10 09:10 . 2013-06-10 09:10        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-06-10 09:08 . 2013-06-10 09:08        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-10 09:08 . 2013-06-10 09:08        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-10 09:08 . 2013-06-10 09:08        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-10 09:08 . 2013-06-10 09:08        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-10 09:08 . 2013-06-10 09:08        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-10 09:08 . 2013-06-10 09:08        364544        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-06-10 09:08 . 2013-06-10 09:08        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-10 09:08 . 2013-06-10 09:08        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-10 09:08 . 2013-06-10 09:08        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-10 09:08 . 2013-06-10 09:08        1158144        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-06-10 09:08 . 2013-06-10 09:08        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-10 09:08 . 2013-06-10 09:08        2284544        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-06-10 09:08 . 2013-06-10 09:08        906240        ----a-w-        c:\windows\system32\FntCache.dll
2013-06-10 09:08 . 2013-06-10 09:08        417792        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-06-10 09:08 . 2013-06-10 09:08        220160        ----a-w-        c:\windows\system32\d3d10core.dll
2013-06-10 09:08 . 2013-06-10 09:08        207872        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-06-10 09:08 . 2013-06-10 09:08        1080832        ----a-w-        c:\windows\system32\d3d10.dll
2013-06-10 09:08 . 2013-06-10 09:08        249856        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-06-10 09:08 . 2013-06-10 09:08        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2013-06-10 09:08 . 2013-06-10 09:08        604160        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-06-10 09:08 . 2013-06-10 09:08        3419136        ----a-w-        c:\windows\system32\d2d1.dll
2013-06-10 09:08 . 2013-06-10 09:08        1988096        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-06-10 09:08 . 2013-06-10 09:08        293376        ----a-w-        c:\windows\system32\dxgi.dll
2013-06-10 09:08 . 2013-06-10 09:08        187392        ----a-w-        c:\windows\system32\UIAnimation.dll
2013-05-18 09:33 . 2013-05-18 09:33        4167680        ----a-w-        c:\program files\GUT78D8.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40        120176        ----a-w-        c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-08-13 439360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-03 9398888]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2010-05-25 470176]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2010-05-25 289952]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-05 377800]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-21 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-31 704032]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-05-20 37224]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-05-20 47144]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-05-20 256360]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-05-20 177704]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-05-20 46952]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-05-20 143080]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-05-25 230760]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-19 60216]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-19 246072]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-07-09 39224]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-19 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-19 171320]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60976]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2010-05-25 38560]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-07-03 1228504]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-07-03 660184]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2012-08-23 1532280]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-05-20 28200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-07-03 16024]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2012-07-04 10088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-01 10:16        1177552        ----a-w-        c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 23:33]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 13:05]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 13:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.178.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-702140608-1337506499-63503523-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-702140608-1337506499-63503523-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-702140608-1337506499-63503523-1000)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1832)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
.
Zeit der Fertigstellung: 2013-09-03  11:34:27
ComboFix-quarantined-files.txt  2013-09-03 09:34
.
Vor Suchlauf: 15 Verzeichnis(se), 190.589.124.608 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 190.706.872.320 Bytes frei
.
- - End Of File - - FDEECF2E028166B752053AEBABD29B4B
A36C5E4F47E84449FF07ED3517B43A31

aharonov 03.09.2013 10:59
Hallo,

findest du noch die Logs von AVG, was der jeweils genau gelöscht und gefunden hat?
Wird dieser Internetzugang noch von anderen Rechner benutzt als diesem?

TanjaF 03.09.2013 11:12
Wo genau finde ich die?:confused:

Der Internetzugang wird noch von 2 Iphone´s genutzt.
Wir haben bei uns recht schlechtes Netz, deshalb sind unsere iPhones übers wlan erbunden.
Wir haben auch keinen festen Pc, sondern nur dieses Notebook.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:58 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131