Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   immer wieder neue Setup.exe in Temp-Ordner (https://www.trojaner-board.de/146552-immer-neue-setup-exe-temp-ordner.html)

fundiko 22.12.2013 23:22
immer wieder neue Setup.exe in Temp-Ordner
 
Hallo zusammen,

Ich habe seit ein paar Tagen immer wieder eine merkwürdige Setup.exe in meinem Temp-Ordner.
Aus dem Nichts heraus kommt dann jedesmal die Abfrage, ob ich die Installation zulassen will oder nicht.
Natürlich klick ich dann immer auf Nein.

CCleaner und Spybot hab ich schon etliche Male gestartet. Bringt aber nichts. Das letzte mal hat sich die Setup.exe auf meinem Laptop gemeldet, unmittelbar, nachdem ich CCleaner und Spybot laufen lassen hab.

Wie in der Anleitung beschrieben, hab ich alle Scans ausgeführt und poste sie hier wie folgt:

defogger_disable.log :

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:34 on 22/12/2013 (max)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

---------------------------------

Addition.txt :FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2013 01
Ran by max at 2013-12-22 22:37:23
Running from C:\Users\max\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Amazon Kindle (HKCU)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Ashampoo Burning Studio Elements 10.0.9 (x32 Version: 3.1.1)
Ask Toolbar (x32 Version: 12.9.1.17) <==== ATTENTION
avast! Free Antivirus (x32 Version: 9.0.2008)
Brother MFL-Pro Suite DCP-195C (x32 Version: 1.0.1.0)
calibre (x32 Version: 0.8.28)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.9.0.4)
Canon Utilities Digital Photo Professional (x32 Version: 3.12.20.0)
Canon Utilities ImageBrowser EX (x32 Version: 1.2.1.13)
Canon Utilities PhotoStitch (x32 Version: 3.1.23.47)
CCleaner (Version: 4.08)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
Celestia 1.6.0 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Exif-Viewer 2.50  (x32 Version: 2.50)
Explorer Suite III
FileParade Bundle (x32 Version: 1.0.0.0)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1.1)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
K-Lite Codec Pack 7.6.0 (Full) (x32 Version: 7.6.0)
MainConcept MJPEG Codec Demo (x32 Version: 3.02.0004.0000)
MainConcept MJPG software codec (Remove Only) (x32)
McAfee Security Scan Plus (Version: 3.8.130.10)
MediaInfo 0.7.61 (Version: 0.7.61)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
Motorola Driver Installation 3.9.0 (Version: 3.9.0)
Movie Studio Platinum 12.0 (64-bit) (Version: 12.0.756)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0)
MSVCRT Redists (Version: 1.0)
MSVCRT Redists (x32 Version: 1.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NTRIP (x32)
NVIDIA Drivers (Version: 1.4)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
Paint.NET v3.5.10 (Version: 3.60.0)
PaperPort Image Printer 64-bit (Version: 1.00.0000)
PhotoScape (x32)
PL-2303 USB-to-Serial (x32 Version: 1.4.17)
Quick Media Converter Ask Toolbar Updater (HKCU Version: 1.2.0.20007) <==== ATTENTION
QuickTime (x32 Version: 7.74.80.86)
ScanSoft PaperPort 11 (x32 Version: 11.2.0000)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (x32)
Spybot - Search & Destroy (x32 Version: 2.0.12)
Synaptics Pointing Device Driver (Version: 14.0.10.0)
TomTom HOME (x32 Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (x32)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update miniHomer 2.8 Version 2.8 (x32 Version: 2.8)
Update miniHomer Version 2.6 (x32 Version: 2.6)
Updater (x32 Version: 2.6.49)
VIS (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
VSO Image Resizer 4.0.2.5 (x32 Version: 4.0.2.5)
Websteroids (x32 Version: 2.6.49)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Internet Explorer 10 (x32 Version: 10.0)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
XMedia Recode 3.0.6.0 (x32 Version: 3.0.6.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ___AC C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {253AA94C-B81C-4ABE-957C-FAD1ACB9967E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {30A8F779-13BB-4F05-9A52-0787653C4CDA} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)
Task: {34B2FBD7-7971-44BB-8127-8664E93256E0} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-12-13] (AVAST Software)
Task: {5A8D4D33-F9F7-49FA-90F6-3A0D6EDFCE6F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {5BDCE4B0-9980-4211-828F-D2D7C61775AD} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {5C466351-1661-4AC2-A8CC-C5B327D34C8C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {5DEA853F-7A4D-43E8-9449-FE0E57B034BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {76044278-48D0-41B5-B1A8-93832FCCDF2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.)
Task: {7DF9C0E6-37F4-43E2-A928-39BDAA0648AB} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {83558952-CA50-4A20-A13A-3EC5D8E21A8D} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {9887809C-EA83-4BF8-8BB3-701D5D708A8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.)
Task: {9E2BC02C-B839-49C0-82AA-FE85FB334095} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {9F05B2AF-D111-4F97-88E5-0B2E112469F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B17A6072-0100-4950-A768-0A6F8177F7C2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B5AA7C9B-E68D-4359-AA63-B2ED2557B0FE} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {C135D8E8-FC1A-4546-B2C0-59F4F79A83E2} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {CA283BEE-3EC0-466E-A81A-EB392CBC959D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {CEC26ED2-C2FA-4BA9-8C61-07CCAA3AE285} - System32\Tasks\APSchedulerC => C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-22 22:09 - 2013-12-22 17:58 - 02154496 _____ () C:\Program Files\Alwil Software\Avast5\defs\13122201\algo.dll
2010-02-09 07:08 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2013-04-09 15:13 - 2012-11-13 13:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-04-09 15:13 - 2012-11-13 13:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-09 15:13 - 2012-11-13 13:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-04-09 15:13 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-04-09 15:13 - 2012-11-13 13:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-05-01 11:48 - 2013-01-29 18:45 - 00112128 ____C () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2009-06-03 12:59 - 2009-06-03 12:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 12:59 - 2009-06-03 12:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-04-13 11:04 - 2012-04-13 11:04 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-04-13 11:00 - 2012-04-13 11:00 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2010-11-20 13:15 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-04-09 15:13 - 2012-11-13 13:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-12-13 21:11 - 2013-12-13 21:11 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2002-07-27 23:53 - 2002-07-27 23:53 - 00040960 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2002-08-20 20:01 - 2002-08-20 20:01 - 00134656 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2002-08-02 00:26 - 2002-08-02 00:26 - 00035328 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2001-12-30 16:08 - 2001-12-30 16:08 - 00015360 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2002-08-20 21:56 - 2002-08-20 21:56 - 00041984 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2002-07-23 19:38 - 2002-07-23 19:38 - 00013824 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2013-12-20 14:17 - 2013-12-20 14:18 - 03559024 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:AD022376

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2013 07:00:00 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/22/2013 10:05:28 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/22/2013 10:04:53 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/21/2013 03:46:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/21/2013 03:45:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/21/2013 09:21:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/21/2013 09:20:21 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/21/2013 09:20:20 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/21/2013 09:20:20 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/21/2013 09:20:20 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (12/22/2013 06:27:01 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/21/2013 04:05:02 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.

Error: (12/21/2013 03:58:22 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (12/21/2013 03:58:20 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (12/21/2013 03:58:19 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (12/21/2013 03:58:17 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (12/21/2013 03:58:15 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (12/21/2013 03:58:13 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (12/21/2013 03:58:12 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (12/21/2013 03:58:10 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (06/16/2012 08:29:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 3949.63 MB
Available physical RAM: 1374.9 MB
Total Pagefile: 7897.43 MB
Available Pagefile: 5263.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Lokal) (Fixed) (Total:79.62 GB) (Free:37.04 GB) NTFS
Drive d: (Volume) (Fixed) (Total:331.98 GB) (Free:165.92 GB) NTFS
Drive g: (Volume) (Fixed) (Total:39.06 GB) (Free:38.92 GB) NTFS
Drive i: () (Removable) (Total:15.12 GB) (Free:2.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2C06486A)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Not Active) - (Size=15 GB) - (Type=27)
Partition 3: (Active) - (Size=100 MB) - (Type=42)
Partition 4: (Not Active) - (Size=80 GB) - (Type=42)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
--- --- ---
FRST.txt :
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01
Ran by max (administrator) on MAX-PC on 22-12-2013 22:36:40
Running from C:\Users\max\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Windows\SysWOW64\Rezip.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Nullsoft) C:\Program Files (x86)\Winamp\winamp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\max\Downloads\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [481656 2013-11-20] (Updater)
MountPoints2: {b31c6295-adf7-11e0-9982-b482fe37fbac} - G:\iStudio.exe
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] - C:\Program Files (x86)\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] - C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [344 2011-07-23] ()
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1804240 2013-12-10] (APN)
HKLM-x32\...\Run: [20131121] - C:\Program Files\Alwil Software\Avast5\Setup\emupdate\4c881f8e-9c6b-4fc0-a442-f3667a52b239.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [481656 2013-11-20] (Updater)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-13] (AVAST Software)
Startup: C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=601EF67BCB2384C6&affID=119357&tt=040713_rdrctful&tsp=4937
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/?ie=10
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://dsl-start.computerbild.de/?ie=10
hxxp://mixidj.delta-search.com/?affID=121136&tt=190313_gr1&babsrc=HP_ss&mntrId=601EF67BCB2384C6
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://dsl-start.computerbild.de/?ie=10
hxxp://mixidj.delta-search.com/?affID=121136&tt=190313_gr1&babsrc=HP_ss&mntrId=601EF67BCB2384C6
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
URLSearchHook: HKCU - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File
SearchScopes: HKLM-x32 - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yd.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=601EF67BCB2384C6&affID=119357&tt=040713_rdrctful&tsp=4937
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=CCS&o=15773&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=HN&apn_dtid=YYYYYYYYDE&apn_uid=162CDC29-8D1D-48C7-9F3D-B25C4FB776F5&apn_sauid=0BDC4AAB-D63A-4BF4-AB04-C7384DF02DB4
SearchScopes: HKCU - {4301F923-6526-4B7B-9074-BFFC22CC5836} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {965CD262-60AA-4711-BCE6-2C3AC22DDA48} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730
FF NewTab: www.google.de
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: vis - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: Live Gold - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\livegold@dotcreation
FF Extension: Websteroids - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\support@websteroidsapp.com
FF Extension: DownloadHelper - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Exif Viewer - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: Ask Toolbar - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi
FF Extension: NoScript - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: DownThemAll! - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Menu Editor - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKCU\...\Firefox\Extensions: [lwoofer@lyricswoofer.co] - C:\Program Files (x86)\LyricsWoofer\122.xpi
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (VIS) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
CHR Extension: () - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0
CHR Extension: (Speed Test Analysis) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.5_0
CHR Extension: (Google Wallet) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jnikkfemnfogahcandhlchoengjbeaij] - C:\Program Files (x86)\LyricsWoofer\122.crx
CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\max\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-10] (APN LLC.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-13] (AVAST Software)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-12-13] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-12-13] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-12-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-12-13] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-13] ()
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [116264 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [159784 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [138792 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [137768 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [153128 2008-05-27] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-22 22:36 - 2013-12-22 22:37 - 00022702 ____C C:\Users\max\Downloads\FRST.txt
2013-12-22 22:36 - 2013-12-22 22:36 - 00000000 ___DC C:\FRST
2013-12-22 22:35 - 2013-12-22 22:35 - 01928280 ____C (Farbar) C:\Users\max\Downloads\FRST64.exe
2013-12-22 22:34 - 2013-12-22 22:34 - 00000468 ____C C:\Users\max\Downloads\defogger_disable.log
2013-12-22 22:34 - 2013-12-22 22:34 - 00000000 ____C C:\Users\max\defogger_reenable
2013-12-22 22:33 - 2013-12-22 22:33 - 00050477 ____C C:\Users\max\Downloads\Defogger.exe
2013-12-22 16:16 - 2013-12-22 16:16 - 04379048 ____C (Piriform Ltd) C:\Users\max\Downloads\ccsetup407.exe
2013-12-22 10:05 - 2013-12-22 10:05 - 00000000 __RDC C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-20 14:17 - 2013-12-20 14:18 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-12-18 21:22 - 2013-12-18 21:22 - 00000664 ____C C:\Users\max\Desktop\Filme_Michael_Caine.txt
2013-12-15 13:03 - 2013-12-15 13:03 - 00368343 ____C C:\Users\max\AppData\Local\recently-used.xbel
2013-12-14 08:53 - 2013-12-14 08:53 - 00000000 ___DC C:\Users\max\AppData\Roaming\AVAST Software
2013-12-13 21:10 - 2013-12-13 21:10 - 00000000 ___DC C:\ProgramData\AVAST Software
2013-12-11 20:11 - 2013-12-11 20:11 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 20:11 - 2013-12-11 20:11 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 18:51 - 2013-12-12 08:12 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 08:21 - 2013-12-11 08:21 - 00000000 ___DC C:\Users\max\Documents\PC Speed Maximizer
2013-12-11 08:16 - 2013-12-11 08:16 - 00002768 ____C C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-11 08:16 - 2013-12-11 08:16 - 00000827 ____C C:\Users\Public\Desktop\CCleaner.lnk
2013-12-11 08:16 - 2013-12-11 08:16 - 00000000 ___DC C:\Program Files\CCleaner
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\Websteroids
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\Updater
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\RHelpers
2013-12-11 08:13 - 2013-12-11 08:13 - 01080504 ____C (Conduit) C:\Users\max\Downloads\CCleaner_TSV426SC.exe
2013-12-11 08:04 - 2013-12-11 20:10 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 08:04 - 2013-12-11 20:10 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 08:04 - 2013-12-11 20:08 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 08:04 - 2013-10-04 03:16 - 00116736 ____C (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 08:04 - 2013-10-04 02:36 - 00230400 ____C (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 21:33 - 2013-12-10 21:33 - 09272200 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2013-12-22 22:37 - 2013-12-22 22:36 - 00022702 ____C C:\Users\max\Downloads\FRST.txt
2013-12-22 22:36 - 2013-12-22 22:36 - 00000000 ___DC C:\FRST
2013-12-22 22:35 - 2013-12-22 22:35 - 01928280 ____C (Farbar) C:\Users\max\Downloads\FRST64.exe
2013-12-22 22:34 - 2013-12-22 22:34 - 00000468 ____C C:\Users\max\Downloads\defogger_disable.log
2013-12-22 22:34 - 2013-12-22 22:34 - 00000000 ____C C:\Users\max\defogger_reenable
2013-12-22 22:34 - 2010-04-06 09:07 - 00000000 ___DC C:\Users\max
2013-12-22 22:33 - 2013-12-22 22:33 - 00050477 ____C C:\Users\max\Downloads\Defogger.exe
2013-12-22 22:33 - 2012-04-15 06:51 - 00000884 ____C C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-22 22:16 - 2010-02-10 00:33 - 00654400 ____C C:\windows\system32\perfh007.dat
2013-12-22 22:16 - 2010-02-10 00:33 - 00130240 ____C C:\windows\system32\perfc007.dat
2013-12-22 22:16 - 2009-07-14 06:13 - 01498742 ____C C:\windows\system32\PerfStringBackup.INI
2013-12-22 21:57 - 2011-07-23 15:05 - 00001104 ____C C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 21:30 - 2010-02-09 06:58 - 01709460 ____C C:\windows\WindowsUpdate.log
2013-12-22 20:57 - 2011-07-23 15:05 - 00001100 ____C C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 18:21 - 2013-09-28 09:15 - 00000000 ___DC C:\Users\max\AppData\Roaming\vlc
2013-12-22 16:16 - 2013-12-22 16:16 - 04379048 ____C (Piriform Ltd) C:\Users\max\Downloads\ccsetup407.exe
2013-12-22 10:13 - 2009-07-14 05:45 - 00013936 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 10:13 - 2009-07-14 05:45 - 00013936 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 10:06 - 2012-07-10 13:58 - 00004184 ____C C:\windows\System32\Tasks\avast! Emergency Update
2013-12-22 10:05 - 2013-12-22 10:05 - 00000000 __RDC C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-22 10:03 - 2009-07-14 06:08 - 00000006 ___HC C:\windows\Tasks\SA.DAT
2013-12-21 09:19 - 2012-04-26 06:39 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 14:18 - 2013-12-20 14:17 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-12-19 22:08 - 2013-09-23 08:34 - 00000700 ____C C:\Users\max\Desktop\Film-Tips.txt
2013-12-18 21:22 - 2013-12-18 21:22 - 00000664 ____C C:\Users\max\Desktop\Filme_Michael_Caine.txt
2013-12-15 19:23 - 2013-08-01 21:03 - 00000000 ___DC C:\windows\system32\MRT
2013-12-15 19:22 - 2010-04-10 07:27 - 90708896 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-15 16:52 - 2013-06-19 12:32 - 00000000 ___DC C:\Users\max\.gimp-2.8
2013-12-15 13:03 - 2013-12-15 13:03 - 00368343 ____C C:\Users\max\AppData\Local\recently-used.xbel
2013-12-14 08:53 - 2013-12-14 08:53 - 00000000 ___DC C:\Users\max\AppData\Roaming\AVAST Software
2013-12-13 21:11 - 2013-03-19 16:22 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-12-13 21:11 - 2013-03-19 16:22 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-12-13 21:11 - 2012-02-26 13:20 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-12-13 21:11 - 2011-05-27 09:09 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-12-13 21:11 - 2011-01-21 12:45 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-12-13 21:11 - 2011-01-21 12:45 - 00043152 ____C (AVAST Software) C:\windows\avastSS.scr
2013-12-13 21:11 - 2010-04-22 05:41 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00001982 ____C C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-13 21:10 - 2013-12-13 21:10 - 00000000 ___DC C:\ProgramData\AVAST Software
2013-12-13 21:10 - 2010-04-22 05:41 - 00000000 ____C C:\windows\SysWOW64\config.nt
2013-12-12 08:12 - 2013-12-11 18:51 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 08:01 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-12 07:59 - 2009-07-14 05:45 - 00486968 ____C C:\windows\system32\FNTCACHE.DAT
2013-12-11 20:11 - 2013-12-11 20:11 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 20:11 - 2013-12-11 20:11 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 20:10 - 2013-12-11 08:04 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 20:10 - 2010-04-06 09:15 - 00000000 ___DC C:\ProgramData\Microsoft Help
2013-12-11 20:09 - 2013-12-11 20:09 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 20:08 - 2013-12-11 08:04 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 10:00 - 2013-10-25 05:43 - 00001716 ____C C:\Users\max\Desktop\Oberstdorf-Reisetips.txt
2013-12-11 08:21 - 2013-12-11 08:21 - 00000000 ___DC C:\Users\max\Documents\PC Speed Maximizer
2013-12-11 08:16 - 2013-12-11 08:16 - 00002768 ____C C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-11 08:16 - 2013-12-11 08:16 - 00000827 ____C C:\Users\Public\Desktop\CCleaner.lnk
2013-12-11 08:16 - 2013-12-11 08:16 - 00000000 ___DC C:\Program Files\CCleaner
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\Websteroids
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\Updater
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\RHelpers
2013-12-11 08:13 - 2013-12-11 08:13 - 01080504 ____C (Conduit) C:\Users\max\Downloads\CCleaner_TSV426SC.exe
2013-12-10 21:33 - 2013-12-10 21:33 - 09272200 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 21:33 - 2012-04-15 06:51 - 00692616 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 21:33 - 2012-04-15 06:51 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 21:33 - 2011-10-07 17:41 - 00071048 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 20:02 - 2013-10-22 08:13 - 00002831 ____C C:\Users\max\Desktop\Fahrplan-Romantische_Schiene_EM_Noerdlingen.txt
2013-12-02 20:52 - 2011-07-23 15:05 - 00004100 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-02 20:52 - 2011-07-23 15:05 - 00003848 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-23 18:28 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-11-23 09:13 - 2013-03-16 19:51 - 00000000 ___DC C:\Users\max\Documents\Movie Studio Platinum 12.0 Projekte
2013-11-22 07:58 - 2010-04-14 07:51 - 00000000 ___DC C:\windows\Minidump
2013-11-22 07:58 - 2009-08-02 03:27 - 00000000 ___DC C:\windows\Panther

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 21:49

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

fundiko 22.12.2013 23:23
gmer.log :

GMER Logfile:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-22 23:02:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\max\AppData\Local\Temp\kftdypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                      fffff80003beb000 63 bytes [00, 00, 7F, 00, 4E, 62, 31, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592                                                                      fffff80003beb040 12 bytes [10, F0, 66, 08, 80, FA, FF, ...]

---- User code sections - GMER 2.1 ----

.text    C:\windows\system32\wininit.exe[616] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007736eecd 1 byte [62]
.text    C:\windows\system32\services.exe[688] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\windows\system32\lsass.exe[696] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007736eecd 1 byte [62]
.text    C:\windows\system32\svchost.exe[828] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007736eecd 1 byte [62]
.text    C:\windows\system32\winlogon.exe[872] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\windows\system32\nvvsvc.exe[940] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007736eecd 1 byte [62]
.text    C:\windows\System32\svchost.exe[316] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007736eecd 1 byte [62]
.text    C:\windows\System32\svchost.exe[500] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007736eecd 1 byte [62]
.text    C:\windows\system32\svchost.exe[540] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007736eecd 1 byte [62]
.text    C:\windows\system32\svchost.exe[572] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007736eecd 1 byte [62]
.text    C:\windows\system32\svchost.exe[1164] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\windows\system32\nvvsvc.exe[1284] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              000000007736eecd 1 byte [62]
.text    C:\windows\Explorer.EXE[1568] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                    000000007736eecd 1 byte [62]
.text    C:\windows\System32\spoolsv.exe[1652] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\windows\system32\svchost.exe[1680] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\windows\system32\taskhost.exe[1800] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1136] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1436] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                00000000754fa2ba 1 byte [62]
.text    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1616] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                    000000007736eecd 1 byte [62]
.text    C:\windows\SysWOW64\Rezip.exe[1996] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                              00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2064] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112              00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2064] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69            0000000075da1465 2 bytes [DA, 75]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2064] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155          0000000075da14bb 2 bytes [DA, 75]
.text    ...                                                                                                                                    * 2
.text    C:\windows\system32\svchost.exe[2328] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe[2352] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                  00000000754fa2ba 1 byte [62]
.text    C:\windows\System32\svchost.exe[2408] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189    000000007736eecd 1 byte [62]
.text    C:\windows\system32\wbem\wmiprvse.exe[2924] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                      000000007736eecd 1 byte [62]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2812] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112            00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1120] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112            00000000754fa2ba 1 byte [62]
.text    C:\windows\system32\SearchIndexer.exe[1896] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                      000000007736eecd 1 byte [62]
.text    C:\windows\system32\svchost.exe[3256] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[3832] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                          000000007736eecd 1 byte [62]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3892] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                            000000007736eecd 1 byte [62]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3808] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                              000000007736eecd 1 byte [62]
.text    C:\ProgramData\Updater\updater.exe[3740] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          00000000754fa2ba 1 byte [62]
.text    C:\ProgramData\Updater\updater.exe[3740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000075da1465 2 bytes [DA, 75]
.text    C:\ProgramData\Updater\updater.exe[3740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000075da14bb 2 bytes [DA, 75]
.text    ...                                                                                                                                    * 2
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2568] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                      000000007736eecd 1 byte [62]
.text    C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe[3944] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                  00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2232] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                      00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe[2596] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                    00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1228] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4108] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                      00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4280] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4280] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000075da1465 2 bytes [DA, 75]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4280] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000075da14bb 2 bytes [DA, 75]
.text    ...                                                                                                                                    * 2
.text    C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe[4292] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                      00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4336] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                        00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4408] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112              00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4408] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69            0000000075da1465 2 bytes [DA, 75]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4408] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155            0000000075da14bb 2 bytes [DA, 75]
.text    ...                                                                                                                                    * 2
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4420] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                  00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4544] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                        00000000754fa2ba 1 byte [62]
.text    C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe[4564] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                    00000000754fa2ba 1 byte [62]
.text    C:\ProgramData\RHelpers\IEHelper\IeHelper.exe[4596] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4692] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112            00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5040] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112    00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075da1465 2 bytes [DA, 75]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075da14bb 2 bytes [DA, 75]
.text    ...                                                                                                                                    * 2
.text    C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5100] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                          00000000754fa2ba 1 byte [62]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe[5060] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112            00000000754fa2ba 1 byte [62]
.text    C:\windows\system32\notepad.exe[21888] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007736eecd 1 byte [62]
.text    C:\Users\max\Downloads\gmer_2.1.19163.exe[23208] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                  00000000754fa2ba 1 byte [62]

---- Services - GMER 2.1 ----

Service  C:\windows\system32\drivers\aswFsBlk.sys (*** hidden *** )                                                                              [AUTO] aswFsBlk                                                                                                                                                                                                                                                                                                        <-- ROOTKIT !!!
Service  C:\windows\system32\drivers\aswMonFlt.sys (*** hidden *** )                                                                            [AUTO] aswMonFlt                                                                                                                                                                                                                                                                                                      <-- ROOTKIT !!!
Service  C:\windows\system32\drivers\aswRdr2.sys (*** hidden *** )                                                                              [SYSTEM] aswRdr                                                                                                                                                                                                                                                                                                        <-- ROOTKIT !!!
Service  C:\windows\system32\drivers\aswRvrt.sys (*** hidden *** )                                                                              [BOOT] aswRvrt                                                                                                                                                                                                                                                                                                        <-- ROOTKIT !!!
Service  C:\windows\system32\drivers\aswSnx.sys (*** hidden *** )                                                                                [SYSTEM] aswSnx                                                                                                                                                                                                                                                                                                        <-- ROOTKIT !!!
Service  C:\windows\system32\drivers\aswSP.sys (*** hidden *** )                                                                                [SYSTEM] aswSP                                                                                                                                                                                                                                                                                                        <-- ROOTKIT !!!
Service  C:\windows\system32\drivers\aswTdi.sys (*** hidden *** )                                                                                [SYSTEM] aswTdi                                                                                                                                                                                                                                                                                                        <-- ROOTKIT !!!
Service  C:\windows\system32\drivers\aswVmm.sys (*** hidden *** )                                                                                [BOOT] aswVmm                                                                                                                                                                                                                                                                                                          <-- ROOTKIT !!!
Service  C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (*** hidden *** )                                                                  [AUTO] avast! Antivirus                                                                                                                                                                                                                                                                                                <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                    2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                  2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                            aswFsBlk
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                  FSFilter Activity Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                        FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                            Avast! Mini-filter Driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                    2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath                                                                              \??\C:\windows\system32\drivers\aswFsBlk.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                              aswFsBlk Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                    388400
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                  2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                  2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                              \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                            aswMonFlt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                  FSFilter Anti-Virus
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                        FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                            avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                              aswMonFlt Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                  320700
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                              aswRdr
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                    PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                          tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                              avast! WFP Redirect driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                \??\C:\windows\system32\drivers\aswRdr2.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                              avast! Revert
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                              avast! Revert
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                  16
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                  280684
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                    \Device\Harddisk0\Partition4\windows
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@                                                                  Commited
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@BootTimeout                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@TickTimeout                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@CreationTime                                                      0xEA 0x10 0xDE 0x05 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@SetupOperations                                                    MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.1387292117","\??\c:\program files\alwil software\avast5\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.sum.1387292117","\??\c:\program files\alwil software\avast5\setup\instup.dll.sum",TRUE)?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@StartBootCounter                                                  10
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@StartTickCounter                                                  128575
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@LastPackageError                                                  -1073741766
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                      2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                              aswSnx
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                    FSFilter Virtualization
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                          FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                              avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                      2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath                                                                                \??\C:\windows\system32\drivers\aswSnx.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                aswSnx Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                        137600
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                  \??\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                    \??\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                aswSP
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                avast! Self Protection
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath                                                                                  \??\C:\windows\system32\drivers\aswSP.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                  \??\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                      \??\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                              \??\C:\Program Files
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                    \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                              aswTdi
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                    PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                          tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                              aswTdi
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                      11
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath                                                                                \??\C:\windows\system32\drivers\aswTdi.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                              avast! VM Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                              avast! VM Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                            288
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                          2
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                      "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                    avast! Antivirus
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                          ShellSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                      LocalSystem
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                    Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe37fbac                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                        2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                      2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                aswFsBlk
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                      FSFilter Activity Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                            FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                Avast! Mini-filter Driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                        2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath                                                                                  \??\C:\windows\system32\drivers\aswFsBlk.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                  aswFsBlk Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                        388400
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                          0
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                      2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                      2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                              1
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                  \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                aswMonFlt
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                      FSFilter Anti-Virus
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                            FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                  aswMonFlt Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                     
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                      320700
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                        0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                        1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                  aswRdr
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                        PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                              tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                  avast! WFP Redirect driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                    \??\C:\windows\system32\drivers\aswRdr2.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                        1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                        0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                  avast! Revert
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                  avast! Revert
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                      16
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                      280684
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                        \Device\Harddisk0\Partition4\windows
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117 (not active ControlSet)                                               
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@                                                                      Commited
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@BootTimeout                                                            0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@TickTimeout                                                            0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@CreationTime                                                          0xEA 0x10 0xDE 0x05 ...
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@SetupOperations                                                        MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.1387292117","\??\c:\program files\alwil software\avast5\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.sum.1387292117","\??\c:\program files\alwil software\avast5\setup\instup.dll.sum",TRUE)?
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@StartBootCounter                                                      10
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@StartTickCounter                                                      128575
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@LastPackageError                                                      -1073741766
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                          2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                        1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                  aswSnx
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                        FSFilter Virtualization
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                              FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                  avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                          2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath                                                                                    \??\C:\windows\system32\drivers\aswSnx.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                    aswSnx Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                            137600
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                              0
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                      \??\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                        \??\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                    aswSP
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                    avast! Self Protection
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath                                                                                      \??\C:\windows\system32\drivers\aswSP.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                      \??\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                          \??\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                        0
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                  \??\C:\Program Files
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                        \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                        1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                  aswTdi
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                        PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                              tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                  aswTdi
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                          11
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath                                                                                    \??\C:\windows\system32\drivers\aswTdi.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                        0
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                  avast! VM Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                  avast! VM Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                288
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                              2
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                        1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                          "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                        avast! Antivirus
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                              ShellSvcGroup
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                    aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                              1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                          LocalSystem
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                        Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                      1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe37fbac (not active ControlSet)                                       

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---

schrauber 24.12.2013 12:01
hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

fundiko 25.12.2013 17:45
Danke für deine Antwort, Schrauber!

Habe Combofix ausgeführt, hier ist das Logfile:

Combofix Logfile:
Code:
ComboFix 13-12-24.02 - max 25.12.2013  17:23:58.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3950.2328 [GMT 1:00]
ausgeführt von:: c:\users\max\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\max\AppData\Local\lame_enc.dll
c:\users\max\AppData\Local\no23xwrapper.dll
c:\users\max\AppData\Local\ogg.dll
c:\users\max\AppData\Local\vorbisenc.dll
c:\users\max\AppData\Local\vorbisfile.dll
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-11-25 bis 2013-12-25  ))))))))))))))))))))))))))))))
.
.
2013-12-25 16:30 . 2013-12-25 16:30        --------        dc----w-        c:\users\Default\AppData\Local\temp
2013-12-25 15:51 . 2013-12-25 15:51        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F6D0A34-EE6B-41F1-8ECE-25F3D2C00417}\offreg.dll
2013-12-24 09:29 . 2013-12-04 03:28        10315576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F6D0A34-EE6B-41F1-8ECE-25F3D2C00417}\mpengine.dll
2013-12-22 21:36 . 2013-12-22 21:36        --------        dc----w-        C:\FRST
2013-12-14 07:53 . 2013-12-14 07:53        --------        dc----w-        c:\users\max\AppData\Roaming\AVAST Software
2013-12-13 20:10 . 2013-12-13 20:10        --------        dc----w-        c:\programdata\AVAST Software
2013-12-11 19:11 . 2013-12-11 19:11        167424        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 19:11 . 2013-12-11 19:11        164864        ----a-w-        c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 19:11 . 2013-12-11 19:11        12625920        ----a-w-        c:\windows\system32\wmploc.DLL
2013-12-11 19:11 . 2013-12-11 19:11        12625408        ----a-w-        c:\windows\SysWow64\wmploc.DLL
2013-12-11 19:11 . 2013-12-11 19:11        14631424        ----a-w-        c:\windows\system32\wmp.dll
2013-12-11 17:51 . 2013-12-12 07:12        --------        dc----w-        c:\program files (x86)\Mozilla Thunderbird
2013-12-11 07:16 . 2013-12-11 07:16        --------        dc----w-        c:\program files\CCleaner
2013-12-11 07:15 . 2013-12-11 07:15        --------        dc----w-        c:\programdata\Updater
2013-12-11 07:15 . 2013-12-11 07:15        --------        dc----w-        c:\programdata\RHelpers
2013-12-11 07:15 . 2013-12-11 07:15        --------        dc----w-        c:\programdata\Websteroids
2013-12-10 20:33 . 2013-12-10 20:33        9272200        -c--a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 18:22 . 2010-04-10 06:27        90708896        -c--a-w-        c:\windows\system32\MRT.exe
2013-12-13 20:11 . 2013-03-19 15:22        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-12-13 20:11 . 2013-03-19 15:22        205320        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-12-13 20:11 . 2012-02-26 12:20        92544        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-12-13 20:11 . 2011-05-27 08:09        1032416        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-12-13 20:11 . 2011-01-21 11:45        334648        ----a-w-        c:\windows\system32\aswBoot.exe
2013-12-13 20:11 . 2010-04-22 04:41        84328        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-12-13 20:11 . 2010-04-22 04:41        65264        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-12-13 20:11 . 2010-04-22 04:41        409832        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-12-13 20:11 . 2010-04-22 04:41        38984        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-12-13 20:11 . 2011-01-21 11:45        43152        -c--a-w-        c:\windows\avastSS.scr
2013-12-10 20:33 . 2012-04-15 05:51        692616        -c--a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 20:33 . 2011-10-07 16:41        71048        -c--a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-20 20:58 . 2013-11-20 20:58        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 20:58 . 2013-11-20 20:58        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-11-20 20:58 . 2013-11-20 20:58        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-20 20:58 . 2013-11-20 20:58        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2013-11-20 20:58 . 2013-11-20 20:58        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-11-20 20:58 . 2013-11-20 20:58        34816        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-20 20:58 . 2013-11-20 20:58        337408        ----a-w-        c:\windows\SysWow64\html.iec
2013-11-20 20:58 . 2013-11-20 20:58        235008        ----a-w-        c:\windows\system32\elshyph.dll
2013-11-20 20:58 . 2013-11-20 20:58        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-11-20 20:58 . 2013-11-20 20:58        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2013-11-20 20:58 . 2013-11-20 20:58        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-11-20 20:58 . 2013-11-20 20:58        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-11-20 20:58 . 2013-11-20 20:58        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 20:58 . 2013-11-20 20:58        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2013-11-20 20:58 . 2013-11-20 20:58        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2013-11-20 20:58 . 2013-11-20 20:58        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-11-20 20:58 . 2013-11-20 20:58        774144        ----a-w-        c:\windows\system32\jscript.dll
2013-11-20 20:58 . 2013-11-20 20:58        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-11-20 20:58 . 2013-11-20 20:58        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-20 20:58 . 2013-11-20 20:58        626176        ----a-w-        c:\windows\system32\msfeeds.dll
2013-11-20 20:58 . 2013-11-20 20:58        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2013-11-20 20:58 . 2013-11-20 20:58        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2013-11-20 20:58 . 2013-11-20 20:58        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-11-20 20:58 . 2013-11-20 20:58        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-11-20 20:58 . 2013-11-20 20:58        548352        ----a-w-        c:\windows\system32\vbscript.dll
2013-11-20 20:58 . 2013-11-20 20:58        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-11-20 20:58 . 2013-11-20 20:58        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2013-11-20 20:58 . 2013-11-20 20:58        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-11-20 20:58 . 2013-11-20 20:58        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-11-20 20:58 . 2013-11-20 20:58        48128        ----a-w-        c:\windows\system32\imgutil.dll
2013-11-20 20:58 . 2013-11-20 20:58        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-11-20 20:58 . 2013-11-20 20:58        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-11-20 20:58 . 2013-11-20 20:58        413696        ----a-w-        c:\windows\system32\html.iec
2013-11-20 20:58 . 2013-11-20 20:58        40448        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 20:58 . 2013-11-20 20:58        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-11-20 20:58 . 2013-11-20 20:58        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2013-11-20 20:58 . 2013-11-20 20:58        296960        ----a-w-        c:\windows\system32\dxtrans.dll
2013-11-20 20:58 . 2013-11-20 20:58        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-11-20 20:58 . 2013-11-20 20:58        247808        ----a-w-        c:\windows\system32\msls31.dll
2013-11-20 20:58 . 2013-11-20 20:58        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-11-20 20:58 . 2013-11-20 20:58        243200        ----a-w-        c:\windows\system32\webcheck.dll
2013-11-20 20:58 . 2013-11-20 20:58        235520        ----a-w-        c:\windows\system32\url.dll
2013-11-20 20:58 . 2013-11-20 20:58        195584        ----a-w-        c:\windows\system32\msrating.dll
2013-11-20 20:58 . 2013-11-20 20:58        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-11-20 20:58 . 2013-11-20 20:58        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-11-20 20:58 . 2013-11-20 20:58        147968        ----a-w-        c:\windows\system32\occache.dll
2013-11-20 20:58 . 2013-11-20 20:58        143872        ----a-w-        c:\windows\system32\wextract.exe
2013-11-20 20:58 . 2013-11-20 20:58        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-11-20 20:58 . 2013-11-20 20:58        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-11-20 20:58 . 2013-11-20 20:58        135680        ----a-w-        c:\windows\system32\iepeers.dll
2013-11-20 20:58 . 2013-11-20 20:58        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-11-20 20:58 . 2013-11-20 20:58        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-11-20 20:58 . 2013-11-20 20:58        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-11-20 20:58 . 2013-11-20 20:58        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-11-20 20:58 . 2013-11-20 20:58        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-11-20 20:58 . 2013-11-20 20:58        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-11-20 20:58 . 2013-11-20 20:58        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2013-11-20 20:58 . 2013-11-20 20:58        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-11-20 20:58 . 2013-11-20 20:58        101376        ----a-w-        c:\windows\system32\inseng.dll
2013-11-19 02:33 . 2010-04-23 09:09        267936        -c----w-        c:\windows\system32\MpSigStub.exe
2013-11-13 08:46 . 2013-11-13 07:29        1474048        ----a-w-        c:\windows\system32\crypt32.dll
2013-11-13 08:46 . 2013-11-13 07:29        1168384        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-11-13 08:45 . 2013-11-13 07:29        497152        ----a-w-        c:\windows\system32\drivers\afd.sys
2013-11-13 08:45 . 2013-11-13 07:29        197120        ----a-w-        c:\windows\system32\credui.dll
2013-11-13 08:45 . 2013-11-13 07:29        1930752        ----a-w-        c:\windows\system32\authui.dll
2013-11-13 08:45 . 2013-11-13 07:29        190464        ----a-w-        c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 08:45 . 2013-11-13 07:29        1796096        ----a-w-        c:\windows\SysWow64\authui.dll
2013-11-13 08:45 . 2013-11-13 07:29        168960        ----a-w-        c:\windows\SysWow64\credui.dll
2013-11-13 08:45 . 2013-11-13 07:29        152576        ----a-w-        c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 08:45 . 2013-11-13 07:28        340992        ----a-w-        c:\windows\system32\schannel.dll
2013-11-13 08:45 . 2013-11-13 07:28        95680        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2013-11-13 08:45 . 2013-11-13 07:28        458712        ----a-w-        c:\windows\system32\drivers\cng.sys
2013-11-13 08:45 . 2013-11-13 07:28        247808        ----a-w-        c:\windows\SysWow64\schannel.dll
2013-11-13 08:45 . 2013-11-13 07:28        154560        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2013-11-13 08:45 . 2013-11-13 07:28        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2013-11-13 08:45 . 2013-11-13 07:28        1447936        ----a-w-        c:\windows\system32\lsasrv.dll
2013-11-13 08:45 . 2013-11-13 07:28        135680        ----a-w-        c:\windows\system32\sspicli.dll
2013-11-13 08:45 . 2013-11-13 07:28        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2013-11-13 08:45 . 2013-11-13 07:28        30720        ----a-w-        c:\windows\system32\lsass.exe
2013-11-13 08:45 . 2013-11-13 07:28        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2013-11-13 08:45 . 2013-11-13 07:28        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2013-11-13 08:45 . 2013-11-13 07:28        28672        ----a-w-        c:\windows\system32\sspisrv.dll
2013-11-13 08:45 . 2013-11-13 07:28        28160        ----a-w-        c:\windows\system32\secur32.dll
2013-11-13 08:44 . 2013-11-13 07:28        404480        ----a-w-        c:\windows\system32\gdi32.dll
2013-11-13 08:44 . 2013-11-13 07:28        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2013-11-13 08:43 . 2013-11-13 07:28        859648        ----a-w-        c:\windows\system32\IKEEXT.DLL
2013-11-13 08:43 . 2013-11-13 07:28        830464        ----a-w-        c:\windows\system32\nshwfp.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}]
2013-11-20 03:47        409464        -c--a-w-        c:\programdata\Websteroids\IE\common.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"Updater"="c:\programdata\Updater\updater.exe" [2013-11-20 481656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files (x86)\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-10 1804240]
"20131121"="c:\program files\Alwil Software\Avast5\setup\emupdate\4c881f8e-9c6b-4fc0-a442-f3667a52b239.exe" [2013-11-23 180184]
"Updater"="c:\programdata\Updater\Updater.exe" [2013-11-20 481656]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-12-13 3568312]
.
c:\users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-5-1 69120]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0017unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 15:44        1210320        -c--a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 20:33]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 14:05]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 14:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-13 20:11        326944        ----a-w-        c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-07 16413288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=601EF67BCB2384C6&affID=119357&tt=040713_rdrctful&tsp=4937
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\
FF - prefs.js: browser.search.selectedEngine - Ask Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-11-13 09:08; {EDA7B1D7-F793-4e03-B074-E6F303317FB0}; c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
FF - ExtSQL: 2013-11-14 08:30; EFGLQA@78ETGYN-0W7FN789T87.COM; c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FileParade Bundle - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-25  17:32:48
ComboFix-quarantined-files.txt  2013-12-25 16:32
.
Vor Suchlauf: 14 Verzeichnis(se), 39.184.080.896 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 38.961.197.056 Bytes frei
.
- - End Of File - - 63BE6F781C22A44EAF0E27329B233B26
--- --- ---

Hab grad einen Neustart vorgenommen. Fehlermeldungen gab es keine.
Aber promt nach dem Hochfahren war die besagte Setup.exe schon wieder da.

schrauber 26.12.2013 14:35
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

fundiko 26.12.2013 18:19
Danke für deine Anleitungen, schrauber!

Hier sind die einzelnen Logfiles:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
max :: MAX-PC [Administrator]

26.12.2013 17:34:19
mbam-log-2013-12-26 (17-34-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229384
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 18
HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\PricePeep.DLL (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0Z1N1J -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Daten: 6447 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=601EF67BCB2384C6&affID=119357&tt=040713_rdrctful&tsp=4937) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\max\Downloads\CCleaner_TSV426SC.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\max\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\max\AppData\Roaming\speedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

------AdwCleaner Logfile:
Code:
# AdwCleaner v3.016 - Bericht erstellt am 26/12/2013 um 17:50:28
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : max - MAX-PC
# Gestartet von : C:\Users\max\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\softonic-de3
Ordner Gelöscht : C:\Users\max\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\max\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\max\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\max\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\max\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\max\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\max\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\searchplugins\ask-search.xml
Datei Gelöscht : C:\windows\System32\Tasks\NCH Software

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKCU\Software\5d6df8ce53deb48
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader28007_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader28007_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_animation-shop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_animation-shop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_k-lite-codec-pack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_k-lite-codec-pack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_norton-removal-tool_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_norton-removal-tool_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tor_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tor_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\NCH Software
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsWoofer
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\NCH Software
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16956 octets] - [26/12/2013 17:48:43]
AdwCleaner[S0].txt - [15956 octets] - [26/12/2013 17:50:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16017 octets] ##########
--- --- ---

------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by max on 26.12.2013 at 17:58:37,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1573390494-1178986999-3046489549-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\lwoofer@lyricswoofer.co
Emptied folder: C:\Users\max\AppData\Roaming\mozilla\firefox\profiles\fo45zvps.default-1378284021730\minidumps [28 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.12.2013 at 18:05:37,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by max (administrator) on MAX-PC on 26-12-2013 18:10:16
Running from C:\Users\max\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
() C:\Windows\SysWOW64\Rezip.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] - C:\Program Files (x86)\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] - C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [344 2011-07-23] ()
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [20131121] - C:\Program Files\Alwil Software\Avast5\Setup\emupdate\4c881f8e-9c6b-4fc0-a442-f3667a52b239.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-13] (AVAST Software)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
Startup: C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - {4301F923-6526-4B7B-9074-BFFC22CC5836} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {965CD262-60AA-4711-BCE6-2C3AC22DDA48} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730
FF NewTab: www.google.de
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Live Gold - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\livegold@dotcreation
FF Extension: DownloadHelper - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Exif Viewer - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: NoScript - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: DownThemAll! - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Menu Editor - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Speed Test Analysis) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.5_0
CHR Extension: (Google Wallet) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jnikkfemnfogahcandhlchoengjbeaij] - C:\Program Files (x86)\LyricsWoofer\122.crx
CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\max\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-13] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-12-13] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-12-13] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-12-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-12-13] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-13] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [116264 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [159784 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [138792 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [137768 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [153128 2008-05-27] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-26 18:10 - 2013-12-26 18:10 - 00019066 ____C C:\Users\max\Downloads\FRST.txt
2013-12-26 18:10 - 2013-12-26 18:10 - 00000000 ___DC C:\Users\max\Downloads\FRST-OlderVersion
2013-12-26 18:05 - 2013-12-26 18:05 - 00001699 ____C C:\Users\max\Desktop\JRT.txt
2013-12-26 17:58 - 2013-12-26 17:58 - 00000000 ___DC C:\windows\ERUNT
2013-12-26 17:56 - 2013-12-26 17:56 - 01034531 ____C (Thisisu) C:\Users\max\Downloads\JRT.exe
2013-12-26 17:54 - 2013-12-26 17:54 - 00016286 ____C C:\Users\max\Desktop\AdwCleaner[S0].txt
2013-12-26 17:53 - 2013-12-26 17:53 - 00000000 __RDC C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-26 17:48 - 2013-12-26 17:50 - 00000000 ___DC C:\AdwCleaner
2013-12-26 17:47 - 2013-12-26 17:47 - 01233962 ____C C:\Users\max\Downloads\adwcleaner.exe
2013-12-26 17:42 - 2013-12-26 17:52 - 00000112 ____C C:\windows\setupact.log
2013-12-26 17:42 - 2013-12-26 17:42 - 00001504 ____C C:\windows\PFRO.log
2013-12-26 17:42 - 2013-12-26 17:42 - 00000000 ____C C:\windows\setuperr.log
2013-12-26 17:30 - 2013-12-26 17:30 - 00001118 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 17:30 - 2013-12-26 17:30 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 17:30 - 2013-04-04 14:50 - 00025928 ____C (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-26 17:28 - 2013-12-26 17:28 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\max\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-26 17:26 - 2013-12-26 17:26 - 00021994 ____C C:\Users\max\Desktop\Anleitung-Scans.odt
2013-12-25 18:01 - 2013-09-04 13:12 - 00343040 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00325120 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00099840 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00052736 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00030720 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00025600 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00007808 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-12-25 17:32 - 2013-12-25 17:32 - 00030096 ____C C:\ComboFix.txt
2013-12-25 17:22 - 2013-12-25 17:32 - 00000000 ___DC C:\Qoobox
2013-12-25 17:22 - 2013-12-25 17:31 - 00000000 ___DC C:\windows\erdnt
2013-12-25 17:22 - 2011-06-26 07:45 - 00256000 ____C C:\windows\PEV.exe
2013-12-25 17:22 - 2010-11-07 18:20 - 00208896 ____C C:\windows\MBR.exe
2013-12-25 17:22 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\windows\NIRCMD.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\windows\SWREG.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\windows\SWSC.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00098816 ____C C:\windows\sed.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00080412 ____C C:\windows\grep.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00068096 ____C C:\windows\zip.exe
2013-12-25 17:18 - 2013-12-25 17:18 - 05158070 ___RC (Swearware) C:\Users\max\Downloads\ComboFix.exe
2013-12-25 17:12 - 2013-12-25 17:12 - 00368256 ____C (RegNow.com) C:\Users\max\Downloads\Download_MaxSDDMnew.exe
2013-12-25 16:57 - 2013-12-25 17:11 - 00030919 ____C C:\Users\max\Desktop\combofix-anleitung.odt
2013-12-22 22:41 - 2013-12-22 22:41 - 00377856 ____C C:\Users\max\Downloads\gmer_2.1.19163.exe
2013-12-22 22:36 - 2013-12-26 18:10 - 00000000 ___DC C:\FRST
2013-12-22 22:35 - 2013-12-26 18:10 - 01928716 ____C (Farbar) C:\Users\max\Downloads\FRST64.exe
2013-12-22 22:34 - 2013-12-22 22:34 - 00000000 ____C C:\Users\max\defogger_reenable
2013-12-22 22:33 - 2013-12-22 22:33 - 00050477 ____C C:\Users\max\Downloads\Defogger.exe
2013-12-22 16:16 - 2013-12-22 16:16 - 04379048 ____C (Piriform Ltd) C:\Users\max\Downloads\ccsetup407.exe
2013-12-20 14:17 - 2013-12-20 14:18 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-12-18 21:22 - 2013-12-18 21:22 - 00000664 ____C C:\Users\max\Desktop\Filme_Michael_Caine.txt
2013-12-15 13:03 - 2013-12-15 13:03 - 00368343 ____C C:\Users\max\AppData\Local\recently-used.xbel
2013-12-14 08:53 - 2013-12-14 08:53 - 00000000 ___DC C:\Users\max\AppData\Roaming\AVAST Software
2013-12-13 21:10 - 2013-12-13 21:10 - 00000000 ___DC C:\ProgramData\AVAST Software
2013-12-11 20:11 - 2013-12-11 20:11 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 20:11 - 2013-12-11 20:11 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 18:51 - 2013-12-12 08:12 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 08:16 - 2013-12-11 08:16 - 00002768 ____C C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-11 08:16 - 2013-12-11 08:16 - 00000827 ____C C:\Users\Public\Desktop\CCleaner.lnk
2013-12-11 08:16 - 2013-12-11 08:16 - 00000000 ___DC C:\Program Files\CCleaner
2013-12-11 08:04 - 2013-12-11 20:10 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 08:04 - 2013-12-11 20:10 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 08:04 - 2013-12-11 20:08 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 08:04 - 2013-10-04 03:16 - 00116736 ____C (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 08:04 - 2013-10-04 02:36 - 00230400 ____C (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 21:33 - 2013-12-10 21:33 - 09272200 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2013-12-26 18:10 - 2013-12-26 18:10 - 00019066 ____C C:\Users\max\Downloads\FRST.txt
2013-12-26 18:10 - 2013-12-26 18:10 - 00000000 ___DC C:\Users\max\Downloads\FRST-OlderVersion
2013-12-26 18:10 - 2013-12-22 22:36 - 00000000 ___DC C:\FRST
2013-12-26 18:10 - 2013-12-22 22:35 - 01928716 ____C (Farbar) C:\Users\max\Downloads\FRST64.exe
2013-12-26 18:05 - 2013-12-26 18:05 - 00001699 ____C C:\Users\max\Desktop\JRT.txt
2013-12-26 18:01 - 2010-02-10 00:33 - 00654400 ____C C:\windows\system32\perfh007.dat
2013-12-26 18:01 - 2010-02-10 00:33 - 00130240 ____C C:\windows\system32\perfc007.dat
2013-12-26 18:01 - 2009-07-14 06:13 - 01498742 ____C C:\windows\system32\PerfStringBackup.INI
2013-12-26 18:01 - 2009-07-14 05:45 - 00013936 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 18:01 - 2009-07-14 05:45 - 00013936 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 17:58 - 2013-12-26 17:58 - 00000000 ___DC C:\windows\ERUNT
2013-12-26 17:57 - 2011-07-23 15:05 - 00001104 ____C C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-26 17:56 - 2013-12-26 17:56 - 01034531 ____C (Thisisu) C:\Users\max\Downloads\JRT.exe
2013-12-26 17:54 - 2013-12-26 17:54 - 00016286 ____C C:\Users\max\Desktop\AdwCleaner[S0].txt
2013-12-26 17:53 - 2013-12-26 17:53 - 00000000 __RDC C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-26 17:52 - 2013-12-26 17:42 - 00000112 ____C C:\windows\setupact.log
2013-12-26 17:52 - 2011-07-23 15:05 - 00001100 ____C C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-26 17:52 - 2009-07-14 06:08 - 00000006 ___HC C:\windows\Tasks\SA.DAT
2013-12-26 17:51 - 2010-02-09 06:58 - 01931742 ____C C:\windows\WindowsUpdate.log
2013-12-26 17:50 - 2013-12-26 17:48 - 00000000 ___DC C:\AdwCleaner
2013-12-26 17:47 - 2013-12-26 17:47 - 01233962 ____C C:\Users\max\Downloads\adwcleaner.exe
2013-12-26 17:45 - 2012-07-10 13:58 - 00004184 ____C C:\windows\System32\Tasks\avast! Emergency Update
2013-12-26 17:42 - 2013-12-26 17:42 - 00001504 ____C C:\windows\PFRO.log
2013-12-26 17:42 - 2013-12-26 17:42 - 00000000 ____C C:\windows\setuperr.log
2013-12-26 17:33 - 2012-04-15 06:51 - 00000884 ____C C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-26 17:30 - 2013-12-26 17:30 - 00001118 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 17:30 - 2013-12-26 17:30 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 17:28 - 2013-12-26 17:28 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\max\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-26 17:26 - 2013-12-26 17:26 - 00021994 ____C C:\Users\max\Desktop\Anleitung-Scans.odt
2013-12-26 13:58 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-12-26 12:43 - 2010-02-09 07:26 - 00000000 ___DC C:\Program Files (x86)\Google
2013-12-25 20:29 - 2013-09-28 09:15 - 00000000 ___DC C:\Users\max\AppData\Roaming\vlc
2013-12-25 20:22 - 2010-04-26 13:11 - 00000000 ___DC C:\Users\max\AppData\Roaming\dvdcss
2013-12-25 17:32 - 2013-12-25 17:32 - 00030096 ____C C:\ComboFix.txt
2013-12-25 17:32 - 2013-12-25 17:22 - 00000000 ___DC C:\Qoobox
2013-12-25 17:31 - 2013-12-25 17:22 - 00000000 ___DC C:\windows\erdnt
2013-12-25 17:30 - 2009-07-14 03:34 - 00000215 ____C C:\windows\system.ini
2013-12-25 17:18 - 2013-12-25 17:18 - 05158070 ___RC (Swearware) C:\Users\max\Downloads\ComboFix.exe
2013-12-25 17:16 - 2010-11-17 17:46 - 00000000 ___DC C:\Users\max\AppData\Roaming\GetRightToGo
2013-12-25 17:12 - 2013-12-25 17:12 - 00368256 ____C (RegNow.com) C:\Users\max\Downloads\Download_MaxSDDMnew.exe
2013-12-25 17:11 - 2013-12-25 16:57 - 00030919 ____C C:\Users\max\Desktop\combofix-anleitung.odt
2013-12-25 15:05 - 2010-04-14 07:51 - 00000000 ___DC C:\windows\Minidump
2013-12-23 09:13 - 2009-07-14 06:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-12-22 22:41 - 2013-12-22 22:41 - 00377856 ____C C:\Users\max\Downloads\gmer_2.1.19163.exe
2013-12-22 22:34 - 2013-12-22 22:34 - 00000000 ____C C:\Users\max\defogger_reenable
2013-12-22 22:34 - 2010-04-06 09:07 - 00000000 ___DC C:\Users\max
2013-12-22 22:33 - 2013-12-22 22:33 - 00050477 ____C C:\Users\max\Downloads\Defogger.exe
2013-12-22 16:16 - 2013-12-22 16:16 - 04379048 ____C (Piriform Ltd) C:\Users\max\Downloads\ccsetup407.exe
2013-12-21 09:19 - 2012-04-26 06:39 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 14:18 - 2013-12-20 14:17 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-12-19 22:08 - 2013-09-23 08:34 - 00000700 ____C C:\Users\max\Desktop\Film-Tips.txt
2013-12-18 21:22 - 2013-12-18 21:22 - 00000664 ____C C:\Users\max\Desktop\Filme_Michael_Caine.txt
2013-12-15 19:23 - 2013-08-01 21:03 - 00000000 ___DC C:\windows\system32\MRT
2013-12-15 19:22 - 2010-04-10 07:27 - 90708896 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-15 16:52 - 2013-06-19 12:32 - 00000000 ___DC C:\Users\max\.gimp-2.8
2013-12-15 13:03 - 2013-12-15 13:03 - 00368343 ____C C:\Users\max\AppData\Local\recently-used.xbel
2013-12-14 08:53 - 2013-12-14 08:53 - 00000000 ___DC C:\Users\max\AppData\Roaming\AVAST Software
2013-12-13 21:11 - 2013-03-19 16:22 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-12-13 21:11 - 2013-03-19 16:22 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-12-13 21:11 - 2012-02-26 13:20 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-12-13 21:11 - 2011-05-27 09:09 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-12-13 21:11 - 2011-01-21 12:45 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-12-13 21:11 - 2011-01-21 12:45 - 00043152 ____C (AVAST Software) C:\windows\avastSS.scr
2013-12-13 21:11 - 2010-04-22 05:41 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00001982 ____C C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-13 21:10 - 2013-12-13 21:10 - 00000000 ___DC C:\ProgramData\AVAST Software
2013-12-13 21:10 - 2010-04-22 05:41 - 00000000 ____C C:\windows\SysWOW64\config.nt
2013-12-12 08:12 - 2013-12-11 18:51 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 08:01 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-12 07:59 - 2009-07-14 05:45 - 00486968 ____C C:\windows\system32\FNTCACHE.DAT
2013-12-11 20:11 - 2013-12-11 20:11 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 20:11 - 2013-12-11 20:11 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 20:10 - 2013-12-11 08:04 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 20:10 - 2010-04-06 09:15 - 00000000 ___DC C:\ProgramData\Microsoft Help
2013-12-11 20:09 - 2013-12-11 20:09 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 20:08 - 2013-12-11 08:04 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 10:00 - 2013-10-25 05:43 - 00001716 ____C C:\Users\max\Desktop\Oberstdorf-Reisetips.txt
2013-12-11 08:16 - 2013-12-11 08:16 - 00002768 ____C C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-11 08:16 - 2013-12-11 08:16 - 00000827 ____C C:\Users\Public\Desktop\CCleaner.lnk
2013-12-11 08:16 - 2013-12-11 08:16 - 00000000 ___DC C:\Program Files\CCleaner
2013-12-10 21:33 - 2013-12-10 21:33 - 09272200 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 21:33 - 2012-04-15 06:51 - 00692616 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 21:33 - 2012-04-15 06:51 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 21:33 - 2011-10-07 17:41 - 00071048 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 20:02 - 2013-10-22 08:13 - 00002831 ____C C:\Users\max\Desktop\Fahrplan-Romantische_Schiene_EM_Noerdlingen.txt
2013-12-02 20:52 - 2011-07-23 15:05 - 00004100 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-02 20:52 - 2011-07-23 15:05 - 00003848 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\max\AppData\Local\Temp\Quarantine.exe
C:\Users\max\AppData\Local\Temp\setup{D161B9EA-95DE-44A6-BAC5-4B0B62053A68}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-26 13:50

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 27.12.2013 16:39
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

fundiko 27.12.2013 21:41
Danke für die Anleitung, schrauber.

Hab erst TFC ausgeführt. Ein Neustart wurde nicht verlangt.
Dann das 1. mal die mbar.exe. 1 Malware Fund. Anschließend Neustart.

Nach dem Neustart bekam ich beim Hochfahren gemeldet, daß das c:\Dateisystem gescannt werden werden muß aufgrund eines Fehlers.
Und die Auflösung des Monitors ist fehlerhaft, die Ikons sind zu groß und in die Breite gezogen.
Und die Schrift ist zu groß.

Wäre froh, wenn du mir einen Tip geben könntest, wie ich das wieder in Ordnung bringen kann.

Der 2. Scan mit mbar.exe hat nichts mehr gefunden.

Hier die Logfiles:

Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
max :: MAX-PC [administrator]

27.12.2013 19:47:11
mbar-log-2013-12-27 (19-47-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 252449
Time elapsed: 12 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys (Unknown.Rootkit.Driver) -> Replace on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
max :: MAX-PC [administrator]

27.12.2013 20:08:45
mbar-log-2013-12-27 (20-08-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 253331
Time elapsed: 13 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Hab einen weiteren Neustart vorgenommen und wieder wurde beim Hochfahren gemeldet, daß das C: Dateisystem fehlerhaft ist.

Die Monitorauflösung blieb ebenfalls fehlerhaft, läßt sich auch nicht anders einstellen.

Hab dann versucht, eine Systemwiederherstellung zu starten. Das ist aber nicht möglich:
Meldung:
'Der Datenträger "Local (c: )" enthält Fehler.
Es wurde festgestellt, daß das Dateisystem auf Local (C: ) beschädigt ist.
Sie müssen den Datenträger auf Fehler überprüfen, bevor die Wiederherstellung ausgeführt werden kann.'

Und als ich auf den Button 'Datenträger auf Fehler überprüfen' geklickt hatte, erhielt ich die Meldung:
'Datenträger kann nicht überprüft werden, während er in Verwendung ist.'

So sieht es momentan bei mir aus. Würde mich freuen, wenn es da noch eine Rettung gibt.

------ ---------------
---------- -------------

Hab hier mal ein Foto von der Fehlermeldung beim Hochfahren gemacht.
Autochk kann angeblich nicht gefunden werden. Was immer das heißen mag.

http://img5.fotos-hochladen.net/uplo...nysg9f47c0.jpg

schrauber 28.12.2013 18:09
Beim Booten F8 drücken, als wenn Du in den Abgesicherten Modus willst. Dann bitte Computer reparieren wählen, dann Eingabeaufforderung.

Schreibe dann

chkdsk c: /f /r

und drücke enter.

fundiko 28.12.2013 20:26
Danke Schrauber.
Das Drücken von F8 hat nichts bewirkt. Hab dann von der Windows DVD gebootet und dann dort chkdsk eingegeben.
Der Neustart erfolgte dann zwar ohne Fehlermeldung, aber die Monitorauflösung war immer noch fehlerhaft.

Hab dann beim Hersteller meines Notebook einen neuen Vga/Nvidia-Treiber geladen und jetzt ist wieder alles paletti. :lach:

Somit dürfte wohl alles in Ordnung sein jetzt.
Die setup.exe hat sich bisher noch nicht wieder gemeldet und wird es auch hoffentlich nie wieder tun.

Ich sag ein herzliches Dankeschön! Vielen Dank für deine Zeit und deine Hilfe! :dankeschoen:

schrauber 29.12.2013 12:37
Fertig :)

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun :)


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

fundiko 30.12.2013 18:16
Danke für die vielen nützlichen Tips.
Secunia gefällt mir sehr gut, schneller und einfacher geht updaten nicht.
Avast hat mir schon immer ständig etwas von veralteten Progs erzählt, ich hab die Meldungen aber nur genervt weggeklickt ...

Mir ist noch eingefallen, daß sich kurz vor dieser ominösen setup.exe ein Scanner auf meinem Laptop installiert hatte. Der Name war irgendwas mit Speed, glaube ich.
Ganz unverhofft hat da plötzlich dieses prog meinen Laptop gescannt und dann eine Liste von Dateien vorgeschlagen, welche ich nun löschen könne.

Das war mir aber zu suspekt. Hab das Prog gleich geschlossen und deinstalliert. Dachte, daß es auf eine ähnliche Art wie manche Toolbars auf meinen Laptop gekommen wäre.

Wahrscheinlich waren meine veralteten Progs das offene Tor dafür.
Zukünftig werde ich auf jeden Fall achtsamer sein.

Automatische Windows-Updates hatte ich bereits eingestellt.
Nocsript und Adblock Plus hab ich auch schon längere Zeit.

Deine Tips werde ich unter meinen Lesezeichen speichern. :daumenhoc
Hab alle Scan-Progs gelöscht nach deiner Anleitung. Somit wäre alles erledigt.
Herzlichen Dank nochmal!

schrauber 31.12.2013 14:59
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19