Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Geräusche im Hintergrund und verlangsamtes Laden von Websites (https://www.trojaner-board.de/148157-geraeusche-hintergrund-verlangsamtes-laden-websites.html)

s00 18.01.2014 17:23
Geräusche im Hintergrund und verlangsamtes Laden von Websites
 
Sehr geehrte Damen und Herren,

ich habe seit einiger Zeit das Problem, dass Websites im Internet nur sehr langsam laden. Vor einigen Tagen arbeitete ich gerade mit Word, als ich merkwürdige Geräusche im Hintergrund hörte. Manchmal war da ein Stöhnen und manchmal unverständliche Stimmen. Ich vergewisserte mich, das mein Browser nicht geöffnet war, doch kurz darauf hörten die Geräusche auf.
Doch beim abendlichen Filmgucken ertönten auf einmal Geräusche aus den Boxen, die nicht in den Film passten. Wieder war es das Stöhnen und die Stimmen. Ich las am nächsten Tag im Internet in diesem Forum ein Thema, was ungefähr auf meine Situation passte: http://www.trojaner-board.de/122810-...he-pornos.html
Ich lud mir Malwarebytes Anti_Malware herunter und es wurden 7 Infizierte Objekte gefunden:

Code:
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
****** :: ****** [Administrator]

Schutz: Aktiviert

31.12.2013 12:06:15
MBAM-log-2013-12-31 (12-13-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293992
Laufzeit: 6 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE (Security.Hijack) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE (Security.Hijack) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0G2Y1R2X0G1M2S1M0G1S1H -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe|Debugger (Security.Hijack) -> Daten: "C:\Program Files

(x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe|Debugger (Security.Hijack) -> Daten: "C:\Program Files

(x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Weitere Schritte habe ich noch nicht unternommen, da ich ersteinmal hier um Rat fragen wollte. Ich hoffe Sie können mir helfen, Vielen Dank

aharonov 18.01.2014 17:47
Hallo,

mach bitte einen FRST-Scan:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


s00 18.01.2014 18:13
Hier sind die Logs:

FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03
Ran by ***** (administrator) on ***** on 18-01-2014 18:08:31
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\Rent\Update.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
() C:\Windows\Rent\Rent.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Users\*****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Users\*****\Downloads\jre-7u51-windows-x64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-18] (AVAST Software)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\*****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-16] (Microsoft Corporation)
MountPoints2: F - F:\pushinst.exe
MountPoints2: {0f542d03-ecb9-11e1-80cb-00262dc53125} - F:\pushinst.exe
HKU\Default\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\UpdatusUser\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\cmview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nusb3utl.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\power2go.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerrecover.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\switchboard.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\user.js
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "share_proxy_settings", true
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VLC-Player\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: anonymoX - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\Extensions\client@anonymox.net.xpi [2013-09-27]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-29]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-05]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-14]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14]
CHR Extension: (avast! Online Security) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-15]
CHR Extension: (Outlook.com Notifier) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2013-05-12]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-24]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-18] (AVAST Software)
S4 Hamachi2Svc; C:\Program Files (x86)\Hamachi\hamachi-2.exe [2210640 2013-11-29] (LogMeIn Inc.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-16] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-26] ()
R2 Rent Update; C:/Windows/Rent/Update.exe [1192960 2013-01-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
R2 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [144712 2010-04-14] (H+H Software GmbH)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-18] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-18] ()
S3 HH10Help.sys; C:\Windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [909408 2009-08-13] (DiBcom SA)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-30] (Wondershare)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 uxddrv; \??\F:\uxddrv64.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
R5 vdrv1000; C:\Windows\System32\Drivers\vdrv1000.sys [223256 2010-03-25] (H+H Software GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-18 18:08 - 2014-01-18 18:08 - 00023619 _____ C:\Users\*****\Desktop\FRST.txt
2014-01-18 18:07 - 2014-01-18 18:07 - 00000000 ____D C:\FRST
2014-01-18 18:06 - 2014-01-18 18:06 - 02076160 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-01-18 18:01 - 2014-01-18 18:03 - 30796712 _____ (Oracle Corporation) C:\Users\*****\Downloads\jre-7u51-windows-x64.exe
2014-01-18 17:52 - 2014-01-18 17:52 - 597783381 _____ C:\Users\*****\Downloads\iPod4,1_6.0_10A403_Restore.ipsw.part
2014-01-18 17:52 - 2014-01-18 17:52 - 00000000 _____ C:\Users\*****\Downloads\iPod4,1_6.0_10A403_Restore.ipsw
2014-01-18 16:57 - 2014-01-18 16:58 - 00000000 ____D C:\Users\*****\Downloads\vris
2014-01-18 16:46 - 2014-01-18 16:46 - 05008288 _____ C:\Users\*****\Downloads\p0sixspwn-v1.0.7-win.zip
2014-01-18 16:27 - 2014-01-18 16:27 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-18 13:10 - 2014-01-18 13:10 - 00000000 ____D C:\Users\*****\AppData\Local\{E7D273AB-12B6-4F89-954E-E5FC9200CB18}
2014-01-18 13:06 - 2014-01-18 17:31 - 00065102 _____ C:\Windows\PFRO.log
2014-01-18 13:06 - 2014-01-18 17:31 - 00000112 _____ C:\Windows\setupact.log
2014-01-18 13:06 - 2014-01-18 13:06 - 00000000 _____ C:\Windows\setuperr.log
2014-01-16 06:18 - 2014-01-16 06:19 - 00000000 ____D C:\Users\*****\.freemind
2014-01-13 17:42 - 2014-01-13 17:42 - 00000386 _____ C:\Users\*****\Desktop\NIKON D5100 (F) 2,54 GB.lnk
2014-01-13 17:42 - 2014-01-13 17:42 - 00000386 _____ C:\Users\*****\Desktop\NIKON D5100 (F) 2,54 GB.lnk
2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2014-01-12 12:21 - 2014-01-12 12:21 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-12 12:13 - 2014-01-12 12:27 - 00000000 ____D C:\Users\*****\AppData\Local\Canon Easy-PhotoPrint EX
2014-01-11 17:03 - 2014-01-11 17:03 - 35746132 _____ C:\Users\*****\Desktop\DSC_0053.tif
2014-01-06 23:35 - 2014-01-06 23:35 - 05210332 _____ C:\Users\*****\Desktop\p0sixspwn-v1.0.7.exe
2014-01-06 11:17 - 2014-01-06 12:29 - 00017808 _____ C:\Users\*****\Desktop\Gold.Brun. Szenenplan.odt
2014-01-04 14:03 - 2014-01-04 14:03 - 00000000 ____D C:\Users\*****\AppData\Local\{EC3B4D16-0E9A-4E9B-B90A-B624FA024E4B}
2013-12-31 12:13 - 2013-12-31 12:14 - 00000000 ____D C:\Users\*****\Documents\Logs_Trojaner
2013-12-31 12:02 - 2013-12-31 12:02 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-31 12:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-22 19:02 - 2013-12-22 19:02 - 00000000 ____D C:\Users\*****\Documents\Fax
2013-12-21 12:54 - 2013-12-21 12:54 - 00000000 ____D C:\Users\*****\AppData\Roaming\SketchUp
2013-12-21 12:44 - 2013-12-21 12:44 - 00003120 _____ C:\Windows\SysWOW64\ALLFSAF13a.ocx
2013-12-20 07:19 - 2013-12-20 07:19 - 00000000 ____D C:\Users\*****\AppData\Roaming\IObit

==================== One Month Modified Files and Folders =======

2014-01-18 18:08 - 2014-01-18 18:08 - 00023619 _____ C:\Users\*****\Desktop\FRST.txt
2014-01-18 18:08 - 2013-01-04 11:27 - 01538220 _____ C:\Windows\WindowsUpdate.log
2014-01-18 18:07 - 2014-01-18 18:07 - 00000000 ____D C:\FRST
2014-01-18 18:07 - 2012-05-02 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2014-01-18 18:07 - 2012-04-27 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-18 18:06 - 2014-01-18 18:06 - 02076160 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-01-18 18:06 - 2012-06-15 12:09 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2014-01-18 18:04 - 2012-05-05 12:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-18 18:04 - 2012-05-05 12:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-18 18:03 - 2014-01-18 18:01 - 30796712 _____ (Oracle Corporation) C:\Users\*****\Downloads\jre-7u51-windows-x64.exe
2014-01-18 18:03 - 2013-05-19 10:12 - 00005116 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for *****-***** *****
2014-01-18 18:03 - 2012-05-05 12:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-18 18:03 - 2012-05-05 12:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-18 17:55 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 17:55 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 17:52 - 2014-01-18 17:52 - 597783381 _____ C:\Users\*****\Downloads\iPod4,1_6.0_10A403_Restore.ipsw.part
2014-01-18 17:52 - 2014-01-18 17:52 - 00000000 _____ C:\Users\*****\Downloads\iPod4,1_6.0_10A403_Restore.ipsw
2014-01-18 17:46 - 2012-11-24 16:16 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-18 17:34 - 2013-05-26 18:28 - 00000000 ___RD C:\Users\*****\SkyDrive
2014-01-18 17:31 - 2014-01-18 13:06 - 00065102 _____ C:\Windows\PFRO.log
2014-01-18 17:31 - 2014-01-18 13:06 - 00000112 _____ C:\Windows\setupact.log
2014-01-18 17:31 - 2011-02-17 13:05 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-18 17:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 16:58 - 2014-01-18 16:57 - 00000000 ____D C:\Users\*****\Downloads\vris
2014-01-18 16:46 - 2014-01-18 16:46 - 05008288 _____ C:\Users\*****\Downloads\p0sixspwn-v1.0.7-win.zip
2014-01-18 16:27 - 2014-01-18 16:27 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-18 16:27 - 2013-12-02 14:44 - 00001970 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-18 16:27 - 2013-02-28 17:55 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-18 16:27 - 2012-10-05 10:51 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-18 16:27 - 2012-10-05 10:50 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-18 16:27 - 2012-10-05 10:50 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-18 16:27 - 2012-10-05 10:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-18 16:27 - 2012-10-05 10:50 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-18 16:27 - 2012-04-26 16:36 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-18 14:41 - 2013-12-13 20:36 - 00000000 ____D C:\Users\*****\Documents\CyberLink
2014-01-18 13:10 - 2014-01-18 13:10 - 00000000 ____D C:\Users\*****\AppData\Local\{E7D273AB-12B6-4F89-954E-E5FC9200CB18}
2014-01-18 13:08 - 2013-12-16 19:07 - 00000000 ____D C:\ProgramData\ProductData
2014-01-18 13:06 - 2014-01-18 13:06 - 00000000 _____ C:\Windows\setuperr.log
2014-01-16 06:26 - 2012-12-17 18:22 - 00177664 ___SH C:\Users\*****\Thumbs.db
2014-01-16 06:25 - 2012-06-08 15:16 - 00000000 ____D C:\Users\*****
2014-01-16 06:19 - 2014-01-16 06:18 - 00000000 ____D C:\Users\*****\.freemind
2014-01-16 06:19 - 2013-11-17 13:29 - 00000000 ____D C:\Users\*****\Documents\ihelper
2014-01-16 06:19 - 2013-11-17 13:29 - 00000000 ____D C:\Program Files (x86)\IPAdownload
2014-01-15 11:35 - 2013-05-20 12:57 - 00133592 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-14 06:44 - 2011-02-03 02:28 - 00710296 _____ C:\Windows\system32\perfh007.dat
2014-01-14 06:44 - 2011-02-03 02:28 - 00154700 _____ C:\Windows\system32\perfc007.dat
2014-01-14 06:44 - 2009-07-14 06:13 - 01650084 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 06:19 - 2013-09-09 13:15 - 05133456 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-13 17:42 - 2014-01-13 17:42 - 00000386 _____ C:\Users\*****\Desktop\NIKON D5100 (F) 2,54 GB.lnk
2014-01-13 17:42 - 2014-01-13 17:42 - 00000386 _____ C:\Users\*****\Desktop\NIKON D5100 (F) 2,54 GB.lnk
2014-01-12 12:45 - 2013-09-29 09:02 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 12:27 - 2014-01-12 12:13 - 00000000 ____D C:\Users\*****\AppData\Local\Canon Easy-PhotoPrint EX
2014-01-12 12:27 - 2013-09-07 11:38 - 00133592 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 12:26 - 2012-05-30 21:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2014-01-12 12:24 - 2013-12-17 08:09 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2014-01-12 12:22 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-12 12:21 - 2014-01-12 12:21 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-12 12:15 - 2009-07-14 08:45 - 00000000 ____D C:\Windows\ShellNew
2014-01-12 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-12 12:14 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2014-01-12 12:13 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-12 11:42 - 2013-11-24 13:34 - 00003420 _____ C:\Windows\System32\Tasks\KMS Activation
2014-01-11 17:03 - 2014-01-11 17:03 - 35746132 _____ C:\Users\*****\Desktop\DSC_0053.tif
2014-01-09 18:12 - 2012-08-17 18:06 - 00000000 ____D C:\Users\*****\AppData\Roaming\.minecraft
2014-01-07 08:23 - 2013-07-28 13:04 - 00000000 ____D C:\Users\*****\Desktop\SDKarte
2014-01-06 23:35 - 2014-01-06 23:35 - 05210332 _____ C:\Users\*****\Desktop\p0sixspwn-v1.0.7.exe
2014-01-06 12:29 - 2014-01-06 11:17 - 00017808 _____ C:\Users\*****\Desktop\Gold.Brun. Szenenplan.odt
2014-01-05 12:50 - 2013-11-04 08:49 - 00019901 _____ C:\Users\*****\Desktop\VorschlagGoldeneBrunnen Besetzung.odt
2014-01-05 12:20 - 2013-11-29 18:45 - 00000000 ____D C:\Users\*****\AppData\Local\LogMeIn Hamachi
2014-01-05 12:20 - 2013-01-19 13:31 - 00000000 ____D C:\Users\*****\AppData\Roaming\Free Download Manager
2014-01-04 14:03 - 2014-01-04 14:03 - 00000000 ____D C:\Users\*****\AppData\Local\{EC3B4D16-0E9A-4E9B-B90A-B624FA024E4B}
2014-01-03 17:05 - 2012-04-26 13:14 - 01624364 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-31 12:14 - 2013-12-31 12:13 - 00000000 ____D C:\Users\*****\Documents\Logs_Trojaner
2013-12-31 12:02 - 2013-12-31 12:02 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-29 16:30 - 2012-04-27 13:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-29 16:12 - 2012-09-19 22:29 - 00000132 _____ C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-12-28 17:38 - 2013-12-16 19:08 - 00000000 ____D C:\ProgramData\IObit
2013-12-28 16:28 - 2013-01-31 14:16 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-28 15:57 - 2013-08-13 19:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-28 15:54 - 2013-04-13 22:58 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-12-28 15:54 - 2012-12-19 14:25 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-28 15:53 - 2011-02-03 18:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-24 12:42 - 2012-04-16 11:08 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-24 12:42 - 2012-04-16 11:08 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-24 12:42 - 2011-02-17 13:07 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-24 12:42 - 2011-02-17 13:07 - 00000000 ____D C:\Windows\system32\NV
2013-12-24 12:37 - 2012-04-16 11:08 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-24 12:37 - 2012-04-16 11:08 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-22 19:02 - 2013-12-22 19:02 - 00000000 ____D C:\Users\*****\Documents\Fax
2013-12-21 12:54 - 2013-12-21 12:54 - 00000000 ____D C:\Users\*****\AppData\Roaming\SketchUp
2013-12-21 12:44 - 2013-12-21 12:44 - 00003120 _____ C:\Windows\SysWOW64\ALLFSAF13a.ocx
2013-12-20 07:19 - 2013-12-20 07:19 - 00000000 ____D C:\Users\*****\AppData\Roaming\IObit

Files to move or delete:
====================
C:\Users\Public\Minecraft.exe


Some content of TEMP:
====================
C:\Users\Marie\AppData\Local\Temp\COMAP.EXE


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-10 16:10

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2014 03
Ran by ****** at 2014-01-18 18:10:16
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

1PW Passwortverwaltung (x32 Version: 7.05 - Heiko Schröder)
Ace of Spades (x32 Version: 0.75.013 - Ben Aksoy)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AmbionWizard (Version: 1.0.0 - American Megatrends Inc.)
AMI VR-pulse OS Switcher (Version: 1.1 - American Megatrends Inc.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (x32 Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (x32 Version: 3.4.1 - ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Audible Download Manager (x32 Version: 6.6.0.15 - Audible, Inc.)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version:  - )
Canon IJ Network Scan Utility (x32 Version:  - )
Canon IJ Network Tool (x32 Version:  - )
Canon MG5200 series MP Drivers (Version:  - )
Canon MP Navigator EX 4.0 (x32 Version:  - )
Canon My Printer (x32 Version:  - )
Canon Solution Menu EX (x32 Version:  - )
CCleaner (Version: 4.06 - Piriform)
CD-LabelPrint (x32 Version:  - )
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Crysis(R) (x32 Version: 1.21.0000 - Electronic Arts)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (x32 Version: 8.0.3224a - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3224a - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.2225 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2225 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerRecover (x32 Version: 5.5.3726 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.3726 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.1.3428 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3428 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version:  - Microsoft)
Fraps (remove only) (x32 Version:  - )
Free Download Manager 3.9.2 (x32 Version:  - FreeDownloadManager.ORG)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra 4.4 (x32 Version: 4.3.31.0 - International GeoGebra Institute)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.1.1580 - Google)
Google Talk Plugin (x32 Version: 2.9.10.7526 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iBackupBot for iTunes 3.6.2 (x32 Version: 3.6.2 - VOWSoft, Ltd.)
Idoswin Pro 5.66 (x32 Version: 5.66 - Ingo Eckel)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2279 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation)
IObit Uninstaller (x32 Version: Unknown - IObit)
iPhone-Konfigurationsprogramm (x32 Version: 3.6.2.300 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (x32 Version:  - )
Launch Manager (x32 Version: 1.5.1.3 - Wistron Corp.)
LibreOffice 3.6 (x32 Version: 3.6.4.3 - The Document Foundation)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Maxima 5.31.1 (x32 Version: 5.31.1 - The Maxima Development Team)
Medion Home Cinema (x32 Version: 8.0.2213 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2213 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Robocopy GUI (x32 Version: 1.0.0 - Microsoft)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.0.1 - Mozilla)
Mozilla Thunderbird 24.0.1 (x86 de) (x32 Version: 24.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Musikalische Gehörbildung am PC 3.1 (x32 Version: 3.1 - Franzis Verlag)
NVIDIA 3D Vision Treiber 311.00 (Version: 311.00 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.00 (Version: 311.00 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1100 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.00 (Version: 311.00 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenAL (x32 Version:  - )
Origin (x32 Version: 9.1.11.2678 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6237 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Skype Web Plugin (x32 Version: 2.3.12417.17599 - Skype Technologies S.A.)
Skype™ 6.0 (x32 Version: 6.0.126 - Skype Technologies S.A.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 14.0.19.0 - Synaptics Incorporated)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2850060) 64-Bit Edition (Version:  - Microsoft)
Virtual CD v10 (x32 Version: 10.10.6 - H+H Software GmbH)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
WIDCOMM Bluetooth Software (Version: 6.2.1.800 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (05/27/2009 6.1.7100.0) (Version: 05/27/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (x32 Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
X10 Hardware(TM) (x32 Version:  - )
XMedia Recode Version 3.1.6.4 (x32 Version: 3.1.6.4 - XMedia Recode)

==================== Restore Points  =========================

12-01-2014 11:11:16 PROPLUSR
16-01-2014 05:22:17 SketchUp 2013 wurde entfernt
18-01-2014 15:25:43 avast! antivirus system restore point
18-01-2014 17:07:30 Installed Java 7 Update 51 (64-bit)

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-03-23 13:22 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0AAC1AB0-834E-4184-BF4C-7C3DDF88C00E} - System32\Tasks\{E5CCD462-7B63-4CE9-9B52-ADAC6396EBB0} => C:\Users\******\Desktop\GEF\GEF.EXE
Task: {1357991F-423A-477A-9E91-2E25CDC7488F} - System32\Tasks\{3FCD05D0-621A-427F-8B1A-A013D0024F06} => C:\Users\******\CrPrDl\redsn0w_win_0.9.15b3\redsn0w.exe
Task: {3832C3D7-D413-4B5F-B760-5D2C32206D2B} - System32\Tasks\{794ECEDC-8F71-40E2-B0E0-32A95E33AD03} => C:\Users\******\Desktop\GEF\GEF.EXE
Task: {384631E1-5D8C-4565-9A5F-89ABFFC0345C} - System32\Tasks\Google Updater and Installer => C:\Users\******\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {41CFAA2B-46EC-4E69-AD43-540E82D127B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: {42DB6B51-116E-4C6C-A49D-437464CB9E46} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {53F61228-8541-4EA8-A5D4-1F132F8B6D93} - System32\Tasks\{8339B3E0-6DB9-4918-8D84-884A03868060} => C:\Users\******\Desktop\AngryBirdsInstaller_2-3-0.exe
Task: {5FCA0301-A5BF-46A6-81C5-2FADAE6C1FC7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-18] (AVAST Software)
Task: {6049E10A-1A35-4D00-BF3B-5401238774B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-18] (Adobe Systems Incorporated)
Task: {657DB69E-AD02-47FA-80BF-85BECB01CAE6} - System32\Tasks\{0A4D5C1C-CADF-4B73-AEE9-C8DDC9DE112C} => C:\Users\******\Desktop\AngryBirdsInstaller_2-3-0.exe
Task: {65D40E62-5816-4BA8-94B9-1508FE9C8C2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {688E4A84-06E7-47AC-820C-7D6039066828} - System32\Tasks\{1261BBC4-4756-4279-AC70-11A2A8218957} => C:\Users\******\Desktop\GEF\GEF.EXE
Task: {7202A9B8-250F-474F-83FC-B86BE624CC12} - System32\Tasks\{977FD4EA-40D2-4143-8B8F-6361AF452E96} => C:\Users\******\Desktop\GEF\GEF.EXE
Task: {7B3BAF9A-8199-4E72-8FE9-B06D5F61A62C} - System32\Tasks\{604BC914-97B2-4524-82A3-3B355A56C149} => C:\Users\******\WindowsUSB\PWCreator 32Bit\pwcreator.exe
Task: {8424CC2F-5D77-45ED-8DB2-1D81D7896713} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: {87901FD8-8BFD-4B92-B2FD-F6983B657B16} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8A82D7EF-89CE-48FC-94BA-F9532B86F092} - System32\Tasks\{90051200-63CC-46A1-89E1-12C7056650AC} => C:\Users\******\WindowsUSB\PWCreator 32Bit\pwcreator.exe
Task: {9ADDA72F-8F00-4480-B59D-5A7CF9DF270F} - System32\Tasks\AdobeAAMUpdater-1.0-******-****** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {A6D12C10-578A-40E8-BA35-02498B583296} - System32\Tasks\{D3E634F9-F790-4ABE-9A39-1873E493AAA0} => C:\Users\******\Desktop\AngryBirdsInstaller_2-3-0.exe
Task: {A78F9364-9A21-4CD1-A620-6E9E341C8A7B} - System32\Tasks\{565F0714-EA28-471D-B72F-B49AB41CD1E8} => C:\Users\******\Desktop\AngryBirdsInstaller_2-3-0.exe
Task: {B3554731-C34B-43ED-96D5-EABFA1E6FCD6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {CC15ABCB-DCDD-4385-98AD-669678CDB95D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D2A3BC11-DA52-491A-9C3F-BD1D7D52ADF2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ******-****** ****** => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
Task: {EA901BF6-FDA7-4620-8B52-B577C76EA597} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {ED02BDB8-063D-43A1-B07B-FDC369D43769} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {EE2C2791-E5C2-4F0C-95BE-6AC0A2C87D1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {FD46F5A5-F7A6-4C72-AD78-11ED5346B605} - System32\Tasks\KMS Activation => D:\KMSpico\RandomFile.exe
Task: {FE8BFA91-48CA-43A3-9256-B822AAEBF3A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-18 16:24 - 2014-01-18 10:01 - 02155008 _____ () C:\Program Files\AVAST Software\Avast\defs\14011800\algo.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-24 12:03 - 2013-11-24 12:03 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-16 07:25 - 2013-08-16 07:25 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2011-02-03 21:40 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-04-27 13:34 - 2013-12-29 16:30 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-20 20:19 - 2013-11-20 20:19 - 00283648 _____ () C:\ProgramData\Free Download Manager\Firefox\Extensions\1.6.0\components\vmsfdmff22.dll
2013-01-19 13:31 - 2013-01-11 03:17 - 00105984 _____ () C:\Program Files (x86)\Download Manager\fdmumsp.dll
2011-02-17 13:04 - 2010-12-24 08:26 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-18 17:43 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-18 17:43 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 17:10 - 2013-12-12 23:04 - 00716800 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-11-24 16:24 - 2014-01-07 22:00 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-11-24 16:24 - 2013-12-12 23:04 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-11-24 16:24 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-11-24 16:24 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-11-24 16:24 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2014 06:07:32 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2777610092-3106998167-849228635-1009.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
  OnIdentify-Ereignis
  Generatordaten werden gesammelt

Kontext:
  Ausführungskontext: Shadow Copy Optimization Writer
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {0da916e1-553e-4151-b59e-1f99d40b1cb0}

Error: (01/18/2014 05:49:04 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15

Error: (01/18/2014 05:41:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: p0sixspwn-v1.0.7.exe, Version: 0.0.0.0, Zeitstempel: 0x52cb8429
Name des fehlerhaften Moduls: iTunesMobileDevice.dll, Version: 710.0.0.4, Zeitstempel: 0x52036730
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055eec
ID des fehlerhaften Prozesses: 0x130c
Startzeit der fehlerhaften Anwendung: 0xp0sixspwn-v1.0.7.exe0
Pfad der fehlerhaften Anwendung: p0sixspwn-v1.0.7.exe1
Pfad des fehlerhaften Moduls: p0sixspwn-v1.0.7.exe2
Berichtskennung: p0sixspwn-v1.0.7.exe3

Error: (01/18/2014 05:40:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: p0sixspwn-v1.0.7.exe, Version: 0.0.0.0, Zeitstempel: 0x52cb8429
Name des fehlerhaften Moduls: iTunesMobileDevice.dll, Version: 710.0.0.4, Zeitstempel: 0x52036730
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055eec
ID des fehlerhaften Prozesses: 0x7fc
Startzeit der fehlerhaften Anwendung: 0xp0sixspwn-v1.0.7.exe0
Pfad der fehlerhaften Anwendung: p0sixspwn-v1.0.7.exe1
Pfad des fehlerhaften Moduls: p0sixspwn-v1.0.7.exe2
Berichtskennung: p0sixspwn-v1.0.7.exe3

Error: (01/18/2014 04:45:31 PM) (Source: MsiInstaller) (User: ******)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011006}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/18/2014 04:25:43 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2777610092-3106998167-849228635-1009.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
  OnIdentify-Ereignis
  Generatordaten werden gesammelt

Kontext:
  Ausführungskontext: Shadow Copy Optimization Writer
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {2a864e56-4959-4625-9c50-f5d30b2c329e}

Error: (01/16/2014 06:22:28 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Service KMSELDI since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/16/2014 06:22:17 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2777610092-3106998167-849228635-1009.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
  OnIdentify-Ereignis
  Generatordaten werden gesammelt

Kontext:
  Ausführungskontext: Shadow Copy Optimization Writer
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {156a959c-adf9-487d-8e28-d325ac98ad24}

Error: (01/16/2014 06:14:56 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -2147023838

Error: (01/14/2014 06:19:52 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 1.0.0.0, Zeitstempel: 0x512a6257
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1677
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x854
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3


System errors:
=============
Error: (01/18/2014 05:44:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/18/2014 05:44:12 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/18/2014 05:36:56 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (01/18/2014 05:34:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/18/2014 05:34:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/18/2014 05:33:25 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (01/18/2014 05:33:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (01/18/2014 04:23:09 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (01/18/2014 04:22:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (01/18/2014 04:22:03 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422


Microsoft Office Sessions:
=========================
Error: (01/18/2014 06:07:32 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2777610092-3106998167-849228635-1009.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
  OnIdentify-Ereignis
  Generatordaten werden gesammelt

Kontext:
  Ausführungskontext: Shadow Copy Optimization Writer
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {0da916e1-553e-4151-b59e-1f99d40b1cb0}

Error: (01/18/2014 05:49:04 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15

Error: (01/18/2014 05:41:38 PM) (Source: Application Error)(User: )
Description: p0sixspwn-v1.0.7.exe0.0.0.052cb8429iTunesMobileDevice.dll710.0.0.452036730c000000500055eec130c01cf146c0ba49a4cC:\Users\******\Desktop\p0sixspwn-v1.0.7.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll660414fd-805f-11e3-b121-00262dc53125

Error: (01/18/2014 05:40:30 PM) (Source: Application Error)(User: )
Description: p0sixspwn-v1.0.7.exe0.0.0.052cb8429iTunesMobileDevice.dll710.0.0.452036730c000000500055eec7fc01cf146bb16af8b0C:\Users\******\Desktop\p0sixspwn-v1.0.7.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll3d560045-805f-11e3-b121-00262dc53125

Error: (01/18/2014 04:45:31 PM) (Source: MsiInstaller)(User: ******)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)

Error: (01/18/2014 04:25:43 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2777610092-3106998167-849228635-1009.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
  OnIdentify-Ereignis
  Generatordaten werden gesammelt

Kontext:
  Ausführungskontext: Shadow Copy Optimization Writer
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {2a864e56-4959-4625-9c50-f5d30b2c329e}

Error: (01/16/2014 06:22:28 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Service KMSELDI since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/16/2014 06:22:17 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2777610092-3106998167-849228635-1009.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
  OnIdentify-Ereignis
  Generatordaten werden gesammelt

Kontext:
  Ausführungskontext: Shadow Copy Optimization Writer
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {156a959c-adf9-487d-8e28-d325ac98ad24}

Error: (01/16/2014 06:14:56 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -2147023838

Error: (01/14/2014 06:19:52 AM) (Source: Application Error)(User: )
Description: Service_KMS.exe1.0.0.0512a6257KERNELBASE.dll6.1.7601.1822951fb1677e0434352000000000000940d85401cf10e82288ea99D:\KMSpico\Service_KMS.exeC:\Windows\system32\KERNELBASE.dll7ea9eb98-7cdb-11e3-a122-00262dc53125


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 3893.41 MB
Available physical RAM: 1425.72 MB
Total Pagefile: 7785.01 MB
Available Pagefile: 4775.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:665.36 GB) (Free:418.46 GB) NTFS
Drive d: (Daten) (Fixed) (Total:4.88 GB) (Free:4.83 GB) NTFS
Drive y: (Recover) (Fixed) (Total:25.29 GB) (Free:2.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 073285AA)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=665 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=32 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

aharonov 18.01.2014 19:57
Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

s00 21.01.2014 21:32
Da ich zur Zeit leider kein Internet in meinem Haus habe, hoffe ich, es ist in Ordnung wenn ich die Log-Files erst in 1-2 Wochen poste.
Ich habe noch eine Frage: Warum muss ich meine Computer erst von Adware säubern? Eigentlich achte ich auch darauf mir dementsprechende Software nicht zu installieren...

aharonov 21.01.2014 21:35
Ok, alles klar, danke für die Mitteilung.

s00 30.01.2014 16:38
So das Internet ist jetzt da.

Eine kurze Frage noch: Kann sich der Schädling auch auf angeschlossene USB-Medien übertragen?


Hier sind die Log-Dateien:

Code:
# AdwCleaner v3.018 - Bericht erstellt am 30/01/2014 um 16:29:14
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ****** - KAMAFE
# Gestartet von : C:\Users\******\Downloads\vris\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\******\AppData\Roaming\software4u
Datei Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\a6mxd3er.default\user.js
Datei Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_angry-birds_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_angry-birds_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft-skinedit_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft-skinedit_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\a6mxd3er.default\prefs.js ]


[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\prefs.js ]


[ Datei : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\fdizvpik.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2674 octets] - [30/01/2014 16:14:49]
AdwCleaner[S0].txt - [2400 octets] - [30/01/2014 16:29:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2460 octets] ##########
FRST.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by ****** (administrator) on KAMAFE on 30-01-2014 16:37:21
Running from C:\Users\******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\Rent\Update.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
() C:\Windows\Rent\Rent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(LogMeIn Inc.) C:\Program Files (x86)\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) C:\Program Files (x86)\Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Users\******\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-18] (AVAST Software)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe [3813200 2014-01-23] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\******\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-16] (Microsoft Corporation)
MountPoints2: F - F:\pushinst.exe
MountPoints2: {0f542d03-ecb9-11e1-80cb-00262dc53125} - F:\pushinst.exe
HKU\Default\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\UpdatusUser\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\cmview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nusb3utl.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\power2go.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerrecover.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\switchboard.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "share_proxy_settings", true
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VLC-Player\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: anonymoX - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\Extensions\client@anonymox.net.xpi [2013-09-27]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-29]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-05]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14]
CHR Extension: (Google Drive) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-14]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]
CHR Extension: (Google-Suche) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14]
CHR Extension: (avast! Online Security) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-15]
CHR Extension: (Outlook.com Notifier) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2013-05-12]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Google Mail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-24]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-18] (AVAST Software)
R2 Hamachi2Svc; C:\Program Files (x86)\Hamachi\hamachi-2.exe [2221904 2014-01-23] (LogMeIn Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-30] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-26] ()
R2 Rent Update; C:/Windows/Rent/Update.exe [1192960 2013-01-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
R2 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [144712 2010-04-14] (H+H Software GmbH)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-18] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-18] ()
S3 HH10Help.sys; C:\Windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [909408 2009-08-13] (DiBcom SA)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-30] (Wondershare)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 uxddrv; \??\F:\uxddrv64.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
R5 vdrv1000; C:\Windows\System32\Drivers\vdrv1000.sys [223256 2010-03-25] (H+H Software GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-30 16:37 - 2014-01-30 16:37 - 00000000 ____D C:\Users\******\Desktop\FRST-OlderVersion
2014-01-30 16:32 - 2014-01-30 16:32 - 00000000 ____D C:\Users\******\AppData\Roaming\ProductData
2014-01-30 16:12 - 2014-01-30 16:29 - 00000000 ____D C:\AdwCleaner
2014-01-30 16:03 - 2014-01-30 16:03 - 00001256 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-01-30 16:03 - 2014-01-30 16:03 - 00001232 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-01-30 15:56 - 2014-01-30 16:32 - 00000000 ____D C:\Users\******\AppData\Local\LogMeIn Hamachi
2014-01-30 15:56 - 2014-01-30 15:56 - 00000000 ____D C:\Program Files (x86)\Hamachi
2014-01-30 15:50 - 2014-01-30 15:53 - 148904784 _____ (Apple Inc.) C:\Users\******\Downloads\iTunes64Setup.exe
2014-01-30 15:49 - 2014-01-30 15:49 - 06373376 _____ C:\Users\******\Downloads\hamachi09.msi
2014-01-30 15:35 - 2012-11-24 17:15 - 00000931 _____ C:\Users\******\Desktop\Steam.lnk
2014-01-27 15:08 - 2014-01-27 15:08 - 00000000 ____D C:\Users\******\Documents\Bluetooth Exchange Folder
2014-01-24 19:28 - 2014-01-24 19:28 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-01-24 19:27 - 2014-01-24 19:27 - 00000000 ____D C:\Users\******\Documents\Bluetooth Exchange Folder
2014-01-24 19:27 - 2014-01-24 19:27 - 00000000 ____D C:\Users\******\AppData\Local\Broadcom
2014-01-18 19:13 - 2014-01-18 19:12 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 19:13 - 2014-01-18 19:12 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 19:13 - 2014-01-18 19:12 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 19:13 - 2014-01-18 19:12 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 18:19 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 18:19 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 18:19 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-18 18:10 - 2014-01-18 18:12 - 00040508 _____ C:\Users\******\Desktop\Addition.txt
2014-01-18 18:08 - 2014-01-30 16:37 - 00022864 _____ C:\Users\******\Desktop\FRST.txt
2014-01-18 18:07 - 2014-01-30 16:37 - 00000000 ____D C:\FRST
2014-01-18 18:06 - 2014-01-30 16:37 - 02079744 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-01-18 16:57 - 2014-01-30 16:12 - 00000000 ____D C:\Users\******\Downloads\vris
2014-01-18 16:27 - 2014-01-18 16:27 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-18 13:10 - 2014-01-18 13:10 - 00000000 ____D C:\Users\******\AppData\Local\{E7D273AB-12B6-4F89-954E-E5FC9200CB18}
2014-01-18 13:06 - 2014-01-30 16:31 - 00068076 _____ C:\Windows\PFRO.log
2014-01-18 13:06 - 2014-01-30 16:31 - 00000504 _____ C:\Windows\setupact.log
2014-01-18 13:06 - 2014-01-18 13:06 - 00000000 _____ C:\Windows\setuperr.log
2014-01-16 06:18 - 2014-01-16 06:19 - 00000000 ____D C:\Users\******\.freemind
2014-01-13 17:42 - 2014-01-13 17:42 - 00000386 _____ C:\Users\******\Desktop\NIKON D5100 (F) 2,54 GB.lnk
2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2014-01-12 12:21 - 2014-01-12 12:21 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-12 12:13 - 2014-01-12 12:27 - 00000000 ____D C:\Users\******\AppData\Local\Canon Easy-PhotoPrint EX
2014-01-11 17:03 - 2014-01-11 17:03 - 35746132 _____ C:\Users\******\Desktop\DSC_0053.tif
2014-01-06 11:17 - 2014-01-06 12:29 - 00017808 _____ C:\Users\******\Desktop\Gold.Brun. Szenenplan.odt
2014-01-04 14:03 - 2014-01-04 14:03 - 00000000 ____D C:\Users\******\AppData\Local\{EC3B4D16-0E9A-4E9B-B90A-B624FA024E4B}
2013-12-31 12:13 - 2013-12-31 12:14 - 00000000 ____D C:\Users\******\Documents\Logs_Trojaner
2013-12-31 12:02 - 2013-12-31 12:02 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-31 12:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2014-01-30 16:37 - 2014-01-30 16:37 - 00000000 ____D C:\Users\******\Desktop\FRST-OlderVersion
2014-01-30 16:37 - 2014-01-18 18:08 - 00022864 _____ C:\Users\******\Desktop\FRST.txt
2014-01-30 16:37 - 2014-01-18 18:07 - 00000000 ____D C:\FRST
2014-01-30 16:37 - 2014-01-18 18:06 - 02079744 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-01-30 16:34 - 2012-11-24 16:16 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-30 16:33 - 2013-05-19 10:12 - 00005118 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KAMAFE-****** KaMaFe
2014-01-30 16:32 - 2014-01-30 16:32 - 00000000 ____D C:\Users\******\AppData\Roaming\ProductData
2014-01-30 16:32 - 2014-01-30 15:56 - 00000000 ____D C:\Users\******\AppData\Local\LogMeIn Hamachi
2014-01-30 16:32 - 2013-12-16 19:08 - 00000000 ____D C:\ProgramData\IObit
2014-01-30 16:32 - 2013-05-26 18:28 - 00000000 ___RD C:\Users\******\SkyDrive
2014-01-30 16:31 - 2014-01-18 13:06 - 00068076 _____ C:\Windows\PFRO.log
2014-01-30 16:31 - 2014-01-18 13:06 - 00000504 _____ C:\Windows\setupact.log
2014-01-30 16:31 - 2011-02-17 13:05 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-30 16:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 16:30 - 2013-01-04 11:27 - 02088519 _____ C:\Windows\WindowsUpdate.log
2014-01-30 16:29 - 2014-01-30 16:12 - 00000000 ____D C:\AdwCleaner
2014-01-30 16:19 - 2012-05-05 12:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 16:12 - 2014-01-18 16:57 - 00000000 ____D C:\Users\******\Downloads\vris
2014-01-30 16:10 - 2013-12-08 12:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-30 16:03 - 2014-01-30 16:03 - 00001256 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-01-30 16:03 - 2014-01-30 16:03 - 00001232 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-01-30 15:56 - 2014-01-30 15:56 - 00000000 ____D C:\Program Files (x86)\Hamachi
2014-01-30 15:53 - 2014-01-30 15:50 - 148904784 _____ (Apple Inc.) C:\Users\******\Downloads\iTunes64Setup.exe
2014-01-30 15:49 - 2014-01-30 15:49 - 06373376 _____ C:\Users\******\Downloads\hamachi09.msi
2014-01-30 15:47 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 15:47 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 15:40 - 2013-12-16 19:07 - 00000000 ____D C:\ProgramData\ProductData
2014-01-30 15:40 - 2012-10-05 10:50 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-30 15:39 - 2011-02-17 13:07 - 00000000 ____D C:\Windows\SysWOW64\NV
2014-01-30 15:39 - 2011-02-17 13:07 - 00000000 ____D C:\Windows\system32\NV
2014-01-30 15:31 - 2012-06-27 22:06 - 00000000 ____D C:\Users\******\AppData\Local\LogMeIn Hamachi
2014-01-30 15:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-30 15:08 - 2011-02-03 02:28 - 00710296 _____ C:\Windows\system32\perfh007.dat
2014-01-30 15:08 - 2011-02-03 02:28 - 00154700 _____ C:\Windows\system32\perfc007.dat
2014-01-30 15:08 - 2009-07-14 06:13 - 01650084 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-30 07:30 - 2013-05-18 14:58 - 00000000 ____D C:\Users\******\AppData\Local\Microsoft Help
2014-01-27 15:08 - 2014-01-27 15:08 - 00000000 ____D C:\Users\******\Documents\Bluetooth Exchange Folder
2014-01-24 19:28 - 2014-01-24 19:28 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-01-24 19:27 - 2014-01-24 19:27 - 00000000 ____D C:\Users\******\Documents\Bluetooth Exchange Folder
2014-01-24 19:27 - 2014-01-24 19:27 - 00000000 ____D C:\Users\******\AppData\Local\Broadcom
2014-01-18 21:18 - 2013-04-13 22:58 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-18 21:18 - 2012-12-19 14:25 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-18 21:16 - 2012-12-19 14:25 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-18 19:55 - 2013-01-29 11:32 - 00000000 ____D C:\Users\******\iPodsoftware
2014-01-18 19:12 - 2014-01-18 19:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 19:12 - 2014-01-18 19:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 19:12 - 2014-01-18 19:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 19:12 - 2014-01-18 19:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 18:45 - 2013-01-19 19:57 - 00000000 ____D C:\Users\******\AppData\Roaming\redsn0w
2014-01-18 18:37 - 2013-09-09 13:15 - 05133456 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-18 18:29 - 2012-05-30 21:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-18 18:29 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2014-01-18 18:24 - 2013-08-13 19:29 - 00000000 ____D C:\Windows\system32\MRT
2014-01-18 18:24 - 2011-02-03 18:14 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-18 18:12 - 2014-01-18 18:10 - 00040508 _____ C:\Users\******\Desktop\Addition.txt
2014-01-18 18:07 - 2012-05-02 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2014-01-18 18:07 - 2012-04-27 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-18 18:06 - 2012-06-15 12:09 - 00000000 ____D C:\Users\******\AppData\Local\Adobe
2014-01-18 18:04 - 2012-05-05 12:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-18 18:03 - 2012-05-05 12:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-18 18:03 - 2012-05-05 12:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-18 16:27 - 2014-01-18 16:27 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-18 16:27 - 2013-12-02 14:44 - 00001970 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-18 16:27 - 2013-02-28 17:55 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-18 16:27 - 2012-10-05 10:51 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-18 16:27 - 2012-10-05 10:50 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-18 16:27 - 2012-10-05 10:50 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-18 16:27 - 2012-10-05 10:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-18 16:27 - 2012-04-26 16:36 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-18 14:41 - 2013-12-13 20:36 - 00000000 ____D C:\Users\******\Documents\CyberLink
2014-01-18 13:10 - 2014-01-18 13:10 - 00000000 ____D C:\Users\******\AppData\Local\{E7D273AB-12B6-4F89-954E-E5FC9200CB18}
2014-01-18 13:06 - 2014-01-18 13:06 - 00000000 _____ C:\Windows\setuperr.log
2014-01-16 09:59 - 2011-02-03 18:13 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 06:26 - 2012-12-17 18:22 - 00177664 ___SH C:\Users\******\Thumbs.db
2014-01-16 06:25 - 2012-06-08 15:16 - 00000000 ____D C:\Users\******
2014-01-16 06:19 - 2014-01-16 06:18 - 00000000 ____D C:\Users\******\.freemind
2014-01-16 06:19 - 2013-11-17 13:29 - 00000000 ____D C:\Users\******\Documents\ihelper
2014-01-16 06:19 - 2013-11-17 13:29 - 00000000 ____D C:\Program Files (x86)\IPAdownload
2014-01-15 11:35 - 2013-05-20 12:57 - 00133592 _____ C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 17:42 - 2014-01-13 17:42 - 00000386 _____ C:\Users\******\Desktop\NIKON D5100 (F) 2,54 GB.lnk
2014-01-12 12:45 - 2013-09-29 09:02 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 12:27 - 2014-01-12 12:13 - 00000000 ____D C:\Users\******\AppData\Local\Canon Easy-PhotoPrint EX
2014-01-12 12:27 - 2013-09-07 11:38 - 00133592 _____ C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2014-01-12 12:24 - 2013-12-17 08:09 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2014-01-12 12:22 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-12 12:21 - 2014-01-12 12:21 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-12 12:15 - 2009-07-14 08:45 - 00000000 ____D C:\Windows\ShellNew
2014-01-12 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-12 12:13 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-12 11:42 - 2013-11-24 13:34 - 00003420 _____ C:\Windows\System32\Tasks\KMS Activation
2014-01-11 17:03 - 2014-01-11 17:03 - 35746132 _____ C:\Users\******\Desktop\DSC_0053.tif
2014-01-09 18:12 - 2012-08-17 18:06 - 00000000 ____D C:\Users\******\AppData\Roaming\.minecraft
2014-01-07 08:23 - 2013-07-28 13:04 - 00000000 ____D C:\Users\******\Desktop\SDKarte
2014-01-06 12:29 - 2014-01-06 11:17 - 00017808 _____ C:\Users\******\Desktop\Gold.Brun. Szenenplan.odt
2014-01-05 12:50 - 2013-11-04 08:49 - 00019901 _____ C:\Users\******\Desktop\VorschlagGoldeneBrunnen Besetzung.odt
2014-01-05 12:20 - 2013-01-19 13:31 - 00000000 ____D C:\Users\******\AppData\Roaming\Free Download Manager
2014-01-04 14:03 - 2014-01-04 14:03 - 00000000 ____D C:\Users\******\AppData\Local\{EC3B4D16-0E9A-4E9B-B90A-B624FA024E4B}
2014-01-03 17:05 - 2012-04-26 13:14 - 01624364 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-31 12:14 - 2013-12-31 12:13 - 00000000 ____D C:\Users\******\Documents\Logs_Trojaner
2013-12-31 12:02 - 2013-12-31 12:02 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 12:02 - 2013-12-31 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

Files to move or delete:
====================
C:\Users\Public\Minecraft.exe


Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\Quarantine.exe
C:\Users\Marie\AppData\Local\Temp\COMAP.EXE


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-20 16:20

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Addition.txt wurde leider nicht erstellt...

Ich bitte dringend um Hilfe, denn sobald ich mit dem Internet verbunden bin, fangen die Geräusche nach kurzer Zeit wieder an!

aharonov 30.01.2014 23:51
Ist nach diesem Fix Ruhe?


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
() C:\Windows\Rent\Rent.exe
() C:\Windows\Rent\Update.exe
R2 Rent Update; C:/Windows/Rent/Update.exe [1192960 2013-01-29] ()
C:/Windows/Rent

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


s00 31.01.2014 11:45
Hier ist der Fixlog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by Ferian at 2014-01-31 11:42:59 Run:1
Running from C:\Users\Ferian\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Windows\Rent\Rent.exe
() C:\Windows\Rent\Update.exe
R2 Rent Update; C:/Windows/Rent/Update.exe [1192960 2013-01-29] ()
C:/Windows/Rent

*****************

[2988] C:\Windows\Rent\Rent.exe => Process closed successfully.
[2160] C:\Windows\Rent\Update.exe => Process closed successfully.
Rent Update => Service deleted successfully.

==== End of Fixlog ====
"Ist nach diesem Fix Ruhe?" meinen sie damit, dass es keine weiteren geräusche geben sollte? Soll ich mich melden falls es jetzt wieder Probleme gibt?

PS: Der Ordner C:\Windows\Rent und sein Inhalt ist noch vorhanden. Soll das so sein?

Edit: Ich habe herausgefunden, warum keine "Addition.txt"-Datei erstellt wurde. Der Hacken an der entsprechenden Stelle ist nicht gesetzt, ich habe allerdings keine Hacken entfernt. Soll ich den Scan noch einmal mit dem gesetzten Hacken wiederholen?

aharonov 31.01.2014 13:56
Also lassen wir noch den Ordner verschwinden.

Zitat:
"Ist nach diesem Fix Ruhe?" meinen sie damit, dass es keine weiteren geräusche geben sollte? Soll ich mich melden falls es jetzt wieder Probleme gibt?
Ja ich meine, ob das ursprüngliche Problem immer noch besteht, also die Geräusche im Hintergrund.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Windows\Rent

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


s00 31.01.2014 14:22
Ich bin nun seit einiger Zeit an dem Computer und bisher hatte ich keine Probleme.
Vielen Dank dafür!

Aber kann es denn sein, dass der Schädling sich noch irgendwo anders ausgebreitet hat oder Schaden angerichtet hat? Ist er auf USB-Geräte übertragen worden die ich angeschlossen habe?

Hier ist die Fixlog.txt:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by ****** at 2014-01-31 14:21:30 Run:2
Running from C:\Users\******\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\Rent
*****************

C:\Windows\Rent => Moved successfully.

==== End of Fixlog ====
"Moved successfully" heißt doch, dass der Ordner noch vorhanden ist. Also ist der Schädling (wenn er es denn ist) noch auf dem PC? Wo?

aharonov 31.01.2014 15:24
Nein das passt.
Noch eine Kontrolle:


Schritt 1


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

s00 02.02.2014 11:56
Ich habe bis jetzt leider nochnicht alle USB-Geräte zusammen.
Es gabe jedoch gestern wieder einen Vorfall: Es wurde ununterbrochen der Skypeklingelton abgespielt. Immer nur der Anfang des Klingeltons, dann brach er ab, doch ging es sofor wieder von vorn los. Es wurde aber keine Meldung geizeigt, dass ich angerufen werde und es lief auch kein Syke-Prozess.

aharonov 02.02.2014 14:24
Es ist nicht so wichtig, dass die USB-Geräte mitgescannt werden. Das ist nur ein Extra, falls du diese auch grad mitprüfen lassen willst.
Mach mal diese beiden Schritte, dann schauen wir weiter.

s00 04.02.2014 13:37
So
Ich hab es jetzt geschafft auch die USB-Geräte zu scannen.

log.txt von ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5ab5f51b9c47eb4cb361f346ff8ce216
# engine=16928
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-04 08:55:52
# local_time=2014-02-04 09:55:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1406 1448935 0 0
# compatibility_mode=5893 16776573 100 94 331914 143134002 0 0
# scanned=204
# found=1
# cleaned=0
# scan_time=29
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5ab5f51b9c47eb4cb361f346ff8ce216
# engine=16928
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-04 08:59:51
# local_time=2014-02-04 09:59:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 5245 1449174 0 0
# compatibility_mode=5893 16776573 100 94 335753 143134241 0 0
# scanned=303
# found=1
# cleaned=0
# scan_time=69
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by ****** (administrator) on KAMAFE on 04-02-2014 13:33:55
Running from C:\Users\******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(LogMeIn Inc.) C:\Program Files (x86)\Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\Hamachi\LMIGuardianSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(LogMeIn, Inc.) C:\Program Files (x86)\Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Users\******\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12

-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-18] (AVAST Software)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe [3813200 2014-01-23] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2777610092-3106998167-849228635-1008\...\MountPoints2: {0f542d03-ecb9-11e1-80cb-00262dc53125} - F:\pushinst.exe
HKU\S-1-5-21-2777610092-3106998167-849228635-1010\...\Run: [SkyDrive] - C:\Users\******\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136

2013-08-16] (Microsoft Corporation)
HKU\S-1-5-21-2777610092-3106998167-849228635-1010\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14]

(Microsoft Corporation)
HKU\S-1-5-21-2777610092-3106998167-849228635-1010\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\system32\StikyNot.exe [427520 2009-07-14]

(Microsoft Corporation)
HKU\S-1-5-21-2777610092-3106998167-849228635-1010\...\MountPoints2: F - F:\pushinst.exe
HKU\S-1-5-21-2777610092-3106998167-849228635-1010\...\MountPoints2: {0f542d03-ecb9-11e1-80cb-00262dc53125} - F:\pushinst.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)
IFEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\cmview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\nusb3utl.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\power2go.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerrecover.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft

Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft

Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

(Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Download Manager\iefdm2.dll

(FreeDownloadManager.ORG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office

\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST

Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "share_proxy_settings", true
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VLC-Player\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe

Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe

Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: anonymoX - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\Extensions

\client@anonymox.net.xpi [2013-09-27]
FF Extension: MEGA - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\Extensions\firefox@mega.co.nz.xpi

[2014-01-31]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\481evz4w.default-1358104444770\Extensions\{d10d0bf8-f5b5-

c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-29]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt

\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt

\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt

\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-05]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04

-14]
CHR Extension: (Google Drive) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-

04-14]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]
CHR Extension: (Google-Suche) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-

04-14]
CHR Extension: (avast! Online Security) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions

\gomekmidlodglbbmalcneegieacbdmki [2013-12-15]
CHR Extension: (Outlook.com Notifier) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk

[2013-05-12]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-

09-15]
CHR Extension: (Google Mail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04

-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

[2013-11-24]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-18] (AVAST Software)
R2 Hamachi2Svc; C:\Program Files (x86)\Hamachi\hamachi-2.exe [2221904 2014-01-23] (LogMeIn Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-30] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-26] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
R2 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [144712 2010-04-14] (H+H Software GmbH)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-04] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-18] ()
S3 HH10Help.sys; C:\Windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [909408 2009-08-13] (DiBcom SA)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-30] (Wondershare)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 uxddrv; \??\F:\uxddrv64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
R5 vdrv1000; C:\Windows\System32\Drivers\vdrv1000.sys [223256 2010-03-25] (H+H Software GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 13:33 - 2014-02-04 13:33 - 00023268 _____ () C:\Users\******\Desktop\FRST.txt
2014-02-04 13:33 - 2014-02-04 13:33 - 00000000 ____D () C:\Users\******\Desktop\FRST-OlderVersion
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-02 15:08 - 2014-02-02 15:08 - 00000000 ____D () C:\Users\******\AppData\Roaming\ProductData
2014-02-02 12:36 - 2014-02-02 12:36 - 00000000 ____D () C:\Program Files (x86)\SkypeWebPlugin
2014-02-02 12:25 - 2014-02-02 12:26 - 00000000 ____D () C:\Users\******\AppData\Local\{16761D9E-BC4D-4D42-AC5F-98309040B767}
2014-02-01 17:12 - 2014-02-01 17:12 - 00000000 ____D () C:\Users\******\AppData\Roaming\openvr
2014-02-01 15:07 - 2014-02-01 15:08 - 02347384 _____ (ESET) C:\Users\******\Downloads\esetsmartinstaller_enu.exe
2014-01-31 15:17 - 2014-01-31 15:17 - 00002888 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-01-31 15:17 - 2014-01-31 15:17 - 00001232 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-01-31 13:39 - 2014-01-31 13:39 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-31 13:36 - 2014-01-31 13:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-31 13:36 - 2014-01-31 13:38 - 00000000 ____D () C:\Program Files\iTunes
2014-01-31 13:36 - 2014-01-31 13:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Program Files\iPod
2014-01-31 12:03 - 2014-01-31 12:03 - 00000000 ____D () C:\Users\******\Documents\Facharbeit
2014-01-30 16:32 - 2014-01-30 16:32 - 00000000 ____D () C:\Users\******\AppData\Roaming\ProductData
2014-01-30 16:12 - 2014-01-30 16:29 - 00000000 ____D () C:\AdwCleaner
2014-01-30 16:03 - 2014-01-31 15:17 - 00001256 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-01-30 15:56 - 2014-02-04 10:00 - 00000000 ____D () C:\Users\******\AppData\Local\LogMeIn Hamachi
2014-01-30 15:56 - 2014-01-30 15:56 - 00000000 ____D () C:\Program Files (x86)\Hamachi
2014-01-30 15:49 - 2014-01-30 15:49 - 06373376 _____ () C:\Users\******\Downloads\hamachi09.msi
2014-01-30 15:35 - 2012-11-24 17:15 - 00000931 _____ () C:\Users\******\Desktop\Steam.lnk
2014-01-27 15:08 - 2014-01-27 15:08 - 00000000 ____D () C:\Users\******\Documents\Bluetooth Exchange Folder
2014-01-24 19:28 - 2014-01-24 19:28 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-01-24 19:27 - 2014-01-24 19:27 - 00000000 ____D () C:\Users\******\Documents\Bluetooth Exchange Folder
2014-01-24 19:27 - 2014-01-24 19:27 - 00000000 ____D () C:\Users\******\AppData\Local\Broadcom
2014-01-18 19:13 - 2014-01-18 19:12 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 19:13 - 2014-01-18 19:12 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 19:13 - 2014-01-18 19:12 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 19:13 - 2014-01-18 19:12 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 18:19 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 18:19 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 18:19 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 18:19 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-18 18:07 - 2014-02-04 13:33 - 00000000 ____D () C:\FRST
2014-01-18 18:06 - 2014-02-04 13:33 - 02080256 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-01-18 16:57 - 2014-02-04 13:33 - 00000000 ____D () C:\Users\******\Downloads\vris
2014-01-18 16:27 - 2014-02-04 09:32 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-18 13:10 - 2014-01-18 13:10 - 00000000 ____D () C:\Users\******\AppData\Local\{E7D273AB-12B6-4F89-954E-E5FC9200CB18}
2014-01-16 06:18 - 2014-01-16 06:19 - 00000000 ____D () C:\Users\******\.freemind
2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-01-12 12:21 - 2014-01-12 12:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-01-12 12:13 - 2014-01-12 12:27 - 00000000 ____D () C:\Users\******\AppData\Local\Canon Easy-PhotoPrint EX
2014-01-06 11:17 - 2014-01-06 12:29 - 00017808 _____ () C:\Users\******\Desktop\Gold.Brun. Szenenplan.odt

==================== One Month Modified Files and Folders =======

2014-02-04 13:34 - 2014-02-04 13:33 - 00023268 _____ () C:\Users\******\Desktop\FRST.txt
2014-02-04 13:33 - 2014-02-04 13:33 - 00000000 ____D () C:\Users\******\Desktop\FRST-OlderVersion
2014-02-04 13:33 - 2014-01-18 18:07 - 00000000 ____D () C:\FRST
2014-02-04 13:33 - 2014-01-18 18:06 - 02080256 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-02-04 13:33 - 2014-01-18 16:57 - 00000000 ____D () C:\Users\******\Downloads\vris
2014-02-04 13:18 - 2012-05-05 12:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 11:10 - 2013-05-19 10:12 - 00005116 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KAMAFE-****** KaMaFe
2014-02-04 10:00 - 2014-01-30 15:56 - 00000000 ____D () C:\Users\******\AppData\Local\LogMeIn Hamachi
2014-02-04 10:00 - 2013-01-19 13:31 - 00000000 ____D () C:\Users\******\AppData\Roaming\Free Download Manager
2014-02-04 10:00 - 2012-11-24 16:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-04 09:51 - 2011-02-03 02:28 - 00710296 _____ () C:\Windows\system32\perfh007.dat
2014-02-04 09:51 - 2011-02-03 02:28 - 00154700 _____ () C:\Windows\system32\perfc007.dat
2014-02-04 09:51 - 2009-07-14 06:13 - 01650084 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 09:47 - 2013-01-04 11:27 - 01158509 ____N () C:\Windows\WindowsUpdate.log
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-04 09:32 - 2014-01-18 16:27 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-04 09:32 - 2013-12-02 14:44 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-04 09:32 - 2012-10-05 10:51 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-04 09:32 - 2012-10-05 10:50 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-04 09:32 - 2012-10-05 10:50 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-04 09:32 - 2012-10-05 10:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-04 09:32 - 2012-10-05 10:50 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-04 09:32 - 2012-04-26 16:36 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-02 20:10 - 2013-05-26 18:28 - 00000000 ___RD () C:\Users\******\SkyDrive
2014-02-02 15:16 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-

601632D005A0
2014-02-02 15:16 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-

601632D005A0
2014-02-02 15:08 - 2014-02-02 15:08 - 00000000 ____D () C:\Users\******\AppData\Roaming\ProductData
2014-02-02 15:08 - 2012-06-27 22:06 - 00000000 ____D () C:\Users\******\AppData\Local\LogMeIn Hamachi
2014-02-02 15:06 - 2011-02-17 13:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-02 15:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 12:36 - 2014-02-02 12:36 - 00000000 ____D () C:\Program Files (x86)\SkypeWebPlugin
2014-02-02 12:26 - 2014-02-02 12:25 - 00000000 ____D () C:\Users\******\AppData\Local\{16761D9E-BC4D-4D42-AC5F-98309040B767}
2014-02-02 12:25 - 2013-06-13 10:53 - 00000000 ____D () C:\Users\******\AppData\Roaming\Audacity
2014-02-01 17:12 - 2014-02-01 17:12 - 00000000 ____D () C:\Users\******\AppData\Roaming\openvr
2014-02-01 15:08 - 2014-02-01 15:07 - 02347384 _____ (ESET) C:\Users\******\Downloads\esetsmartinstaller_enu.exe
2014-02-01 12:23 - 2013-04-13 22:58 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-01 12:23 - 2012-12-19 14:25 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-01 12:21 - 2012-12-19 14:25 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-31 15:17 - 2014-01-31 15:17 - 00002888 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-01-31 15:17 - 2014-01-31 15:17 - 00001232 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-01-31 15:17 - 2014-01-30 16:03 - 00001256 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-01-31 14:43 - 2012-08-17 18:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\.minecraft
2014-01-31 13:39 - 2014-01-31 13:39 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-31 13:38 - 2014-01-31 13:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-31 13:38 - 2014-01-31 13:36 - 00000000 ____D () C:\Program Files\iTunes
2014-01-31 13:38 - 2014-01-31 13:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Program Files\iPod
2014-01-31 13:32 - 2012-04-28 20:28 - 00000000 ____D () C:\ProgramData\Apple
2014-01-31 12:03 - 2014-01-31 12:03 - 00000000 ____D () C:\Users\******\Documents\Facharbeit
2014-01-30 16:32 - 2014-01-30 16:32 - 00000000 ____D () C:\Users\******\AppData\Roaming\ProductData
2014-01-30 16:32 - 2013-12-16 19:08 - 00000000 ____D () C:\ProgramData\IObit
2014-01-30 16:29 - 2014-01-30 16:12 - 00000000 ____D () C:\AdwCleaner
2014-01-30 15:56 - 2014-01-30 15:56 - 00000000 ____D () C:\Program Files (x86)\Hamachi
2014-01-30 15:49 - 2014-01-30 15:49 - 06373376 _____ () C:\Users\******\Downloads\hamachi09.msi
2014-01-30 15:40 - 2013-12-16 19:07 - 00000000 ____D () C:\ProgramData\ProductData
2014-01-30 15:39 - 2011-02-17 13:07 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-30 15:39 - 2011-02-17 13:07 - 00000000 ____D () C:\Windows\system32\NV
2014-01-30 15:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-30 07:30 - 2013-05-18 14:58 - 00000000 ____D () C:\Users\******\AppData\Local\Microsoft Help
2014-01-27 15:08 - 2014-01-27 15:08 - 00000000 ____D () C:\Users\******\Documents\Bluetooth Exchange Folder
2014-01-24 19:28 - 2014-01-24 19:28 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-01-24 19:27 - 2014-01-24 19:27 - 00000000 ____D () C:\Users\******\Documents\Bluetooth Exchange Folder
2014-01-24 19:27 - 2014-01-24 19:27 - 00000000 ____D () C:\Users\******\AppData\Local\Broadcom
2014-01-18 19:55 - 2013-01-29 11:32 - 00000000 ____D () C:\Users\******\iPodsoftware
2014-01-18 19:12 - 2014-01-18 19:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 19:12 - 2014-01-18 19:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 19:12 - 2014-01-18 19:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 19:12 - 2014-01-18 19:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-18 18:45 - 2013-01-19 19:57 - 00000000 ____D () C:\Users\******\AppData\Roaming\redsn0w
2014-01-18 18:37 - 2013-09-09 13:15 - 05133456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 18:29 - 2013-08-13 19:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 18:29 - 2012-05-30 21:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-18 18:29 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-01-18 18:24 - 2011-02-03 18:14 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-18 18:07 - 2012-05-02 19:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-01-18 18:07 - 2012-04-27 13:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-18 18:06 - 2012-06-15 12:09 - 00000000 ____D () C:\Users\******\AppData\Local\Adobe
2014-01-18 18:04 - 2012-05-05 12:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-18 18:03 - 2012-05-05 12:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-18 18:03 - 2012-05-05 12:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-18 16:27 - 2013-02-28 17:55 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-18 14:41 - 2013-12-13 20:36 - 00000000 ____D () C:\Users\******\Documents\CyberLink
2014-01-18 13:10 - 2014-01-18 13:10 - 00000000 ____D () C:\Users\******\AppData\Local\{E7D273AB-12B6-4F89-954E-E5FC9200CB18}
2014-01-16 09:59 - 2011-02-03 18:13 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 06:26 - 2012-12-17 18:22 - 00177664 ___SH () C:\Users\******\Thumbs.db
2014-01-16 06:25 - 2012-06-08 15:16 - 00000000 ____D () C:\Users\******
2014-01-16 06:19 - 2014-01-16 06:18 - 00000000 ____D () C:\Users\******\.freemind
2014-01-16 06:19 - 2013-11-17 13:29 - 00000000 ____D () C:\Users\******\Documents\ihelper
2014-01-16 06:19 - 2013-11-17 13:29 - 00000000 ____D () C:\Program Files (x86)\IPAdownload
2014-01-15 11:35 - 2013-05-20 12:57 - 00133592 _____ () C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 12:45 - 2013-09-29 09:02 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 12:27 - 2014-01-12 12:13 - 00000000 ____D () C:\Users\******\AppData\Local\Canon Easy-PhotoPrint EX
2014-01-12 12:27 - 2013-09-07 11:38 - 00133592 _____ () C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-01-12 12:24 - 2013-12-17 08:09 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-01-12 12:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-12 12:21 - 2014-01-12 12:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-01-12 12:15 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew
2014-01-12 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-01-12 12:13 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-12 11:42 - 2013-11-24 13:34 - 00003420 _____ () C:\Windows\System32\Tasks\KMS Activation
2014-01-07 08:23 - 2013-07-28 13:04 - 00000000 ____D () C:\Users\******\Desktop\SDKarte
2014-01-06 12:29 - 2014-01-06 11:17 - 00017808 _____ () C:\Users\******\Desktop\Gold.Brun. Szenenplan.odt
2014-01-05 12:50 - 2013-11-04 08:49 - 00019901 _____ () C:\Users\******\Desktop\VorschlagGoldeneBrunnen Besetzung.odt

Files to move or delete:
====================
C:\Users\Public\Minecraft.exe


Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\COMAP.EXE


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-20 16:20

==================== End Of Log ============================
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:28 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55